SlideShare a Scribd company logo

Ruby and Security

Download as PPTX, PDF
Carl Sampson, CSSLP
Carl Sampson, CSSLP

A discussion of ruby and security

Software
1 of 32
Ruby and Security It’s not just for Python…
About Me • Carl Sampson • Twitter: @chs • Web: www.chs.us • Product Security Engineer at Salesforce • Former developer turned appsec guy • OWASP Indy chapter leader • Ruby enthusiast
Why Ruby? • One of the easiest languages to read and parse by anyone regardless of style – an_object.empty? – 3.times { puts “Hello, World” } – list_numbers.each {|num| print num} – [1, 2, 3].length
Why Ruby? • Package management system that makes it easy to share and modify tools – Standard format for distributing Ruby programs and libraries – RubyGems (http://rubygems.org)
Why Ruby? • Powerful introspection and object-oriented capabilities – Find out information about classes – Dynamically create classes/methods – Objectspace
Why Ruby? • Platform-independent support for multithreading – Leverages native features of the OS
Why Ruby? • Can be compiled and run natively on most platforms • Doesn’t require libraries such as cygwin to build on windows • Easy to embed within another application – API for calling from within C
Why Ruby? • Robust standard library included – 20, 964 functions and classes – Well-documented • Dash • Omniref (https://www.omniref.com/) • Ruby-doc (http://www.ruby-doc.org/) • Ri
Why Ruby? • Easy to extend existing classes to meet new needs (open classes) – Ruby classes are never closed
Why Ruby?
Why Ruby? • Easy to hook native libraries – FFI (interface with c-style libraries) – DL (bridge to dlopen) • Easy to extend using C
Why Ruby? • Lends itself to Domain Specific Language (DSL) creation – Programming language designed specifically to express solutions to problems in a specific domain – Sinatra – DSL for defining how to handle HTTP requests – Chef – DSL for automating server management tasks – Rspec – DSL for testing – ActiveRecord migrations
Why Ruby? • IRB – REPL for programming in ruby – Allows execution of Ruby commands with immediate response, allowing experimenting in real time – Blocks, mixins and monkey patching
Why Ruby? • Binary string processing and pattern matching
Why Ruby? • First-class regular expressions – Borrowed from Perl – Built-in without needing to include extra modules
Why Ruby? • Network protocol and file format parsing are well supported in Ruby – Most network protocols built in – Most everything else available as a gem
Why Ruby? • Cryptography, specifically comprehensive OpenSSL bindings – Exposes a huge portion of the API
Projects Using Ruby? • Metasploit – Ported from Perl in 2006 • Why? – Platform independent support for threading – Native interpreter for Windows – Enjoyed by the people that contribute to the framework
Projects Using Ruby? • Metasm – Assembler – Disassembler – Compiler – Part of the Metasploit project – https://github.com/jjyg/metasm
Projects Using Ruby • Ronin – Platform for vulnerability research and exploit development – Subprojects for database access, web scraping /spidering, assembly programming and shellcoding generation, exploit and payload crafting, bruteforcers, SQL injection, etc. – https://github.com/ronin-ruby/
Projects Using Ruby • Ruckus – DOM-inspired ruby fuzzer – Great for network protocols – Declare structures like you’re writing C • Define network protocol headers – Built in mutators for fuzzing
Projects Using Ruby • BeEF – Browser Exploitation Framework Project – Pen testing tool that focuses on the browser – http://beefproject.com/
Projects Using Ruby • Gauntlt – BE MEAN TO YOUR CODE AND LIKE IT – DSL (based on Cucumber) for interfacing with popular testing tools – http://gauntlt.org/
Projects Using Ruby • PEDump – Supports MZ & PE formats – Can dump every part of the executable – https://github.com/zed-0xff/pedump
Projects Using Ruby • Ruby BlackBag (rbkb) – Based on Matasano BlackBag – Misc Pen-testing/reversing tools – https://github.com/emonti/rbkb
Projects Using Ruby • Ragweed – Scriptable Win32/Linux/OSX debugger – https://github.com/tduehr/ragweed
Projects Using Ruby • PacketFu – Mid-level packet manipulation library – https://github.com/todb/packetfu
Projects Using Ruby • Arachni – Web application security scanner framework – Multiple deployment options (CLI, Web, Distributed) – Extensive security checks – Automated, distributed, high-performance JavaScript/DOM security debugger – http://www.arachni-scanner.com/
Projects Using Ruby • Brakeman – Open-source vulnerability scanner specifically designed for RoR applications – Developed and maintained by Twitter – http://brakemanscanner.org/
Projects Using Ruby • WPScan – Black box WordPress vulnerability scanner – http://wpscan.org/
Projects Using Ruby • RailsGoat – Vulnerable version of the RoR framework – OWASP project – https://github.com/OWASP/railsgoat
References • https://www.blackhat.com/presentations/bh-usa- 09/TRACY/BHUSA09-Tracy-RubyPentesters-PAPER.pdf • http://matasano.com/research/ruby_for_pentesters/Ruby- For-Pentesters.pdf • http://rubysecurity.info/

Recommended

Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1Henry S
 
Go: What's Different ?
Go: What's Different ?Go: What's Different ?
Go: What's Different ?Tarun Vashisth
 
Ruby in office time reboot
Ruby in office time rebootRuby in office time reboot
Ruby in office time rebootKentaro Goto
 
Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6Takuya Nishimoto
 
Why ruby
Why rubyWhy ruby
Why rubyBill Chea
 
What's the "right" PHP Framework?
What's the "right" PHP Framework?What's the "right" PHP Framework?
What's the "right" PHP Framework?Barry Jones
 
Day 8 - jRuby
Day 8 - jRubyDay 8 - jRuby
Day 8 - jRubyBarry Jones
 
T4T Training day - NodeJS
T4T Training day - NodeJST4T Training day - NodeJS
T4T Training day - NodeJSTim Sommer
 

Recommended

Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1Henry S
 
Go: What's Different ?
Go: What's Different ?Go: What's Different ?
Go: What's Different ?Tarun Vashisth
 
Ruby in office time reboot
Ruby in office time rebootRuby in office time reboot
Ruby in office time rebootKentaro Goto
 
Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6Takuya Nishimoto
 
Why ruby
Why rubyWhy ruby
Why rubyBill Chea
 
What's the "right" PHP Framework?
What's the "right" PHP Framework?What's the "right" PHP Framework?
What's the "right" PHP Framework?Barry Jones
 
Day 8 - jRuby
Day 8 - jRubyDay 8 - jRuby
Day 8 - jRubyBarry Jones
 
T4T Training day - NodeJS
T4T Training day - NodeJST4T Training day - NodeJS
T4T Training day - NodeJSTim Sommer
 
Ruby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterSteven Chau
 
easyM2R
easyM2ReasyM2R
easyM2RCarsten Klee
 
Repeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirBarry Jones
 
TSSJS 2011 - JRuby
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRubyCharles Nutter
 
Scala vs ruby
Scala vs rubyScala vs ruby
Scala vs rubyKamil Lelonek
 
Joe Damato
Joe DamatoJoe Damato
Joe DamatoOntico
 
Making CLI app in ruby
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in rubyHuy Do
 
Ruby formatters
Ruby formattersRuby formatters
Ruby formattersVisuality
 
Day 1 - Intro to Ruby
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to RubyBarry Jones
 
Ruby on Rails : First Mile
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First MileGourab Mitra
 
Crystal
CrystalCrystal
CrystalKamil Lelonek
 
Ruby on rails
Ruby on railsRuby on rails
Ruby on railsBatzorigt Rentsen
 
Introduction To Rails
Introduction To RailsIntroduction To Rails
Introduction To RailsEric Gruber
 
Programming languages used in Firefox OS
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OSPrathamesh Chavan
 
Enterprise messaging
Enterprise messagingEnterprise messaging
Enterprise messagingColdFusionConference
 
CBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionOrtus Solutions, Corp
 
Ruby Beyond Rails
Ruby Beyond RailsRuby Beyond Rails
Ruby Beyond RailsGaveen Prabhasara
 
10 Things you should know about Ruby
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Rubysikachu
 
Rfselenium2 redhat
Rfselenium2 redhatRfselenium2 redhat
Rfselenium2 redhatJoonas Jauhiainen
 
Ruby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveBuddy Lindsey
 
EKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfEKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfArnaud Bouchez
 
Evalution about programming language part 1
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1Synapseindiappsdevelopment
 

More Related Content

What's hot

Ruby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterSteven Chau
 
Repeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirBarry Jones
 
Joe Damato
Joe DamatoJoe Damato
Joe DamatoOntico
 
Making CLI app in ruby
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in rubyHuy Do
 
Ruby formatters
Ruby formattersRuby formatters
Ruby formattersVisuality
 
Day 1 - Intro to Ruby
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to RubyBarry Jones
 
Ruby on Rails : First Mile
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First MileGourab Mitra
 
Introduction To Rails
Introduction To RailsIntroduction To Rails
Introduction To RailsEric Gruber
 
Programming languages used in Firefox OS
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OSPrathamesh Chavan
 
CBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionOrtus Solutions, Corp
 
10 Things you should know about Ruby
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Rubysikachu
 
Ruby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveBuddy Lindsey
 

What's hot (20)

Ruby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles Nutter
 
easyM2R
easyM2ReasyM2R
easyM2R
 
Repeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with Elixir
 
TSSJS 2011 - JRuby
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRuby
 
Scala vs ruby
Scala vs rubyScala vs ruby
Scala vs ruby
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
 
Making CLI app in ruby
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in ruby
 
Ruby formatters
Ruby formattersRuby formatters
Ruby formatters
 
Day 1 - Intro to Ruby
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to Ruby
 
Ruby on Rails : First Mile
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First Mile
 
Crystal
CrystalCrystal
Crystal
 
Ruby on rails
Ruby on railsRuby on rails
Ruby on rails
 
Introduction To Rails
Introduction To RailsIntroduction To Rails
Introduction To Rails
 
Programming languages used in Firefox OS
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OS
 
Enterprise messaging
Enterprise messagingEnterprise messaging
Enterprise messaging
 
CBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusion
 
Ruby Beyond Rails
Ruby Beyond RailsRuby Beyond Rails
Ruby Beyond Rails
 
10 Things you should know about Ruby
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Ruby
 
Rfselenium2 redhat
Rfselenium2 redhatRfselenium2 redhat
Rfselenium2 redhat
 
Ruby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET Perspective
 

Similar to Ruby and Security

EKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfEKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfArnaud Bouchez
 
Exploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQLExploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQLBarry Jones
 
Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01sagaroceanic11
 
An introduction to the ruby ecosystem
An introduction to the ruby ecosystemAn introduction to the ruby ecosystem
An introduction to the ruby ecosystemGeison Goes
 
Rails - getting started
Rails - getting startedRails - getting started
Rails - getting startedTrue North
 
Building A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo ArrudaBuilding A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo ArrudaRedis Labs
 
faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)Paulo Arruda
 
Ruby On Rails
Ruby On RailsRuby On Rails
Ruby On Railsiradarji
 
Meetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech PeopleMeetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech PeopleIT Arena
 
An introduction to Rails 3
An introduction to Rails 3An introduction to Rails 3
An introduction to Rails 3Blazing Cloud
 
Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?C4Media
 
Ruby in prijatelji
Ruby in prijateljiRuby in prijatelji
Ruby in prijateljiOto Brglez
 
Markup languages and warp-speed documentation
Markup languages and warp-speed documentationMarkup languages and warp-speed documentation
Markup languages and warp-speed documentationLois Patterson
 
Lois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed DocumentationLois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed DocumentationJack Molisani
 

Similar to Ruby and Security (20)

EKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfEKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdf
 
Evalution about programming language part 1
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1
 
sl slides-unit-1.pptx
sl slides-unit-1.pptxsl slides-unit-1.pptx
sl slides-unit-1.pptx
 
Exploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQLExploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQL
 
Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01
 
Swt
SwtSwt
Swt
 
An introduction to the ruby ecosystem
An introduction to the ruby ecosystemAn introduction to the ruby ecosystem
An introduction to the ruby ecosystem
 
Rails - getting started
Rails - getting startedRails - getting started
Rails - getting started
 
Building A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo ArrudaBuilding A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo Arruda
 
faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)
 
Ruby On Rails
Ruby On RailsRuby On Rails
Ruby On Rails
 
Meetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech PeopleMeetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech People
 
An introduction to Rails 3
An introduction to Rails 3An introduction to Rails 3
An introduction to Rails 3
 
Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?
 
Be faster then rabbits
Be faster then rabbitsBe faster then rabbits
Be faster then rabbits
 
Ruby in prijatelji
Ruby in prijateljiRuby in prijatelji
Ruby in prijatelji
 
Markup languages and warp-speed documentation
Markup languages and warp-speed documentationMarkup languages and warp-speed documentation
Markup languages and warp-speed documentation
 
Lois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed DocumentationLois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed Documentation
 
Why ruby and rails
Why ruby and railsWhy ruby and rails
Why ruby and rails
 
ruby pentest
ruby pentestruby pentest
ruby pentest
 

Recently uploaded

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

Ruby and Security

  • 1. Ruby and Security It’s not just for Python…
  • 2. About Me • Carl Sampson • Twitter: @chs • Web: www.chs.us • Product Security Engineer at Salesforce • Former developer turned appsec guy • OWASP Indy chapter leader • Ruby enthusiast
  • 3. Why Ruby? • One of the easiest languages to read and parse by anyone regardless of style – an_object.empty? – 3.times { puts “Hello, World” } – list_numbers.each {|num| print num} – [1, 2, 3].length
  • 4. Why Ruby? • Package management system that makes it easy to share and modify tools – Standard format for distributing Ruby programs and libraries – RubyGems (http://rubygems.org)
  • 5. Why Ruby? • Powerful introspection and object-oriented capabilities – Find out information about classes – Dynamically create classes/methods – Objectspace
  • 6. Why Ruby? • Platform-independent support for multithreading – Leverages native features of the OS
  • 7. Why Ruby? • Can be compiled and run natively on most platforms • Doesn’t require libraries such as cygwin to build on windows • Easy to embed within another application – API for calling from within C
  • 8. Why Ruby? • Robust standard library included – 20, 964 functions and classes – Well-documented • Dash • Omniref (https://www.omniref.com/) • Ruby-doc (http://www.ruby-doc.org/) • Ri
  • 9. Why Ruby? • Easy to extend existing classes to meet new needs (open classes) – Ruby classes are never closed
  • 11. Why Ruby? • Easy to hook native libraries – FFI (interface with c-style libraries) – DL (bridge to dlopen) • Easy to extend using C
  • 12. Why Ruby? • Lends itself to Domain Specific Language (DSL) creation – Programming language designed specifically to express solutions to problems in a specific domain – Sinatra – DSL for defining how to handle HTTP requests – Chef – DSL for automating server management tasks – Rspec – DSL for testing – ActiveRecord migrations
  • 13. Why Ruby? • IRB – REPL for programming in ruby – Allows execution of Ruby commands with immediate response, allowing experimenting in real time – Blocks, mixins and monkey patching
  • 14. Why Ruby? • Binary string processing and pattern matching
  • 15. Why Ruby? • First-class regular expressions – Borrowed from Perl – Built-in without needing to include extra modules
  • 16. Why Ruby? • Network protocol and file format parsing are well supported in Ruby – Most network protocols built in – Most everything else available as a gem
  • 17. Why Ruby? • Cryptography, specifically comprehensive OpenSSL bindings – Exposes a huge portion of the API
  • 18. Projects Using Ruby? • Metasploit – Ported from Perl in 2006 • Why? – Platform independent support for threading – Native interpreter for Windows – Enjoyed by the people that contribute to the framework
  • 19. Projects Using Ruby? • Metasm – Assembler – Disassembler – Compiler – Part of the Metasploit project – https://github.com/jjyg/metasm
  • 20. Projects Using Ruby • Ronin – Platform for vulnerability research and exploit development – Subprojects for database access, web scraping /spidering, assembly programming and shellcoding generation, exploit and payload crafting, bruteforcers, SQL injection, etc. – https://github.com/ronin-ruby/
  • 21. Projects Using Ruby • Ruckus – DOM-inspired ruby fuzzer – Great for network protocols – Declare structures like you’re writing C • Define network protocol headers – Built in mutators for fuzzing
  • 22. Projects Using Ruby • BeEF – Browser Exploitation Framework Project – Pen testing tool that focuses on the browser – http://beefproject.com/
  • 23. Projects Using Ruby • Gauntlt – BE MEAN TO YOUR CODE AND LIKE IT – DSL (based on Cucumber) for interfacing with popular testing tools – http://gauntlt.org/
  • 24. Projects Using Ruby • PEDump – Supports MZ & PE formats – Can dump every part of the executable – https://github.com/zed-0xff/pedump
  • 25. Projects Using Ruby • Ruby BlackBag (rbkb) – Based on Matasano BlackBag – Misc Pen-testing/reversing tools – https://github.com/emonti/rbkb
  • 26. Projects Using Ruby • Ragweed – Scriptable Win32/Linux/OSX debugger – https://github.com/tduehr/ragweed
  • 27. Projects Using Ruby • PacketFu – Mid-level packet manipulation library – https://github.com/todb/packetfu
  • 28. Projects Using Ruby • Arachni – Web application security scanner framework – Multiple deployment options (CLI, Web, Distributed) – Extensive security checks – Automated, distributed, high-performance JavaScript/DOM security debugger – http://www.arachni-scanner.com/
  • 29. Projects Using Ruby • Brakeman – Open-source vulnerability scanner specifically designed for RoR applications – Developed and maintained by Twitter – http://brakemanscanner.org/
  • 30. Projects Using Ruby • WPScan – Black box WordPress vulnerability scanner – http://wpscan.org/
  • 31. Projects Using Ruby • RailsGoat – Vulnerable version of the RoR framework – OWASP project – https://github.com/OWASP/railsgoat