In January 2013 vulnerabilities with the potential to affect vast swathes of the Internet, and attract attackers to lucrative targets online, were discovered in Ruby applications.
These vulnerabilities take advantage of features and common idioms such as serialization and deserialization of data in the YAML format. Nearly all large, tested and trusted open-source Ruby projects contain some of these vulnerabilities.
Few developers are aware of the risks.
Our RubySec Field Guide addresses recent Ruby vulnerabilities classes and their root causes. We demonstrate and share how to develop real-world exploits. We present patterns behind the vulnerabilities and show readers how to develop software engineering strategies to avoid these vulnerabilities in their projects.
Help make the Internet more secure. Sharpen your skills with this self-paced field guide today.