Security Surprises in your Favourite Framework

Only two days after my talk at Ruby and Rails Melbourne I gave another talk, in tandium with Mike Haworth, at Auckland OWASP day conference. The talk is based on the premise that we rely on our web development frameworks provide security by default and we find it suprising when we have security holes that our framework didn’t prevent for us.

Much to myself and Mike’s amusement, the day after the conference, Egor Homakov found a few vulnerabilities in ruby’s OpenURI combining a few of the things that we talked about in this very talk.

We didn’t add heaps references within the talk slides so if you have any questions I’d be glad to answer them.

Written on March 3, 2015