SlideShare a Scribd company logo

Ruby and Security

Download as PPTX, PDF
Carl Sampson, CSSLP
Carl Sampson, CSSLP

This document discusses why Ruby is a good programming language for security projects. It provides examples of security tools and frameworks built with Ruby, including Metasploit, BeEF, Arachni, Brakeman, WPScan, and RailsGoat. Ruby offers features like an easy-to-read syntax, package management with RubyGems, powerful object-oriented capabilities, platform independence, and support for domains like network protocols that make it well-suited for security applications.

1 of 32
Download to read offline
Ruby and Security It’s not just for Python…
About Me • Carl Sampson • Twitter: @chs • Web: www.chs.us • Product Security Engineer at Salesforce • Former developer turned appsec guy • OWASP Indy chapter leader • Ruby enthusiast
Why Ruby? • One of the easiest languages to read and parse by anyone regardless of style – an_object.empty? – 3.times { puts “Hello, World” } – list_numbers.each {|num| print num} – [1, 2, 3].length
Why Ruby? • Package management system that makes it easy to share and modify tools – Standard format for distributing Ruby programs and libraries – RubyGems (http://rubygems.org)
Why Ruby? • Powerful introspection and object-oriented capabilities – Find out information about classes – Dynamically create classes/methods – Objectspace
Why Ruby? • Platform-independent support for multithreading – Leverages native features of the OS
Why Ruby? • Can be compiled and run natively on most platforms • Doesn’t require libraries such as cygwin to build on windows • Easy to embed within another application – API for calling from within C
Why Ruby? • Robust standard library included – 20, 964 functions and classes – Well-documented • Dash • Omniref (https://www.omniref.com/) • Ruby-doc (http://www.ruby-doc.org/) • Ri
Why Ruby? • Easy to extend existing classes to meet new needs (open classes) – Ruby classes are never closed
Why Ruby?
Why Ruby? • Easy to hook native libraries – FFI (interface with c-style libraries) – DL (bridge to dlopen) • Easy to extend using C
Why Ruby? • Lends itself to Domain Specific Language (DSL) creation – Programming language designed specifically to express solutions to problems in a specific domain – Sinatra – DSL for defining how to handle HTTP requests – Chef – DSL for automating server management tasks – Rspec – DSL for testing – ActiveRecord migrations
Why Ruby? • IRB – REPL for programming in ruby – Allows execution of Ruby commands with immediate response, allowing experimenting in real time – Blocks, mixins and monkey patching
Why Ruby? • Binary string processing and pattern matching
Why Ruby? • First-class regular expressions – Borrowed from Perl – Built-in without needing to include extra modules
Why Ruby? • Network protocol and file format parsing are well supported in Ruby – Most network protocols built in – Most everything else available as a gem
Why Ruby? • Cryptography, specifically comprehensive OpenSSL bindings – Exposes a huge portion of the API
Projects Using Ruby? • Metasploit – Ported from Perl in 2006 • Why? – Platform independent support for threading – Native interpreter for Windows – Enjoyed by the people that contribute to the framework
Projects Using Ruby? • Metasm – Assembler – Disassembler – Compiler – Part of the Metasploit project – https://github.com/jjyg/metasm
Projects Using Ruby • Ronin – Platform for vulnerability research and exploit development – Subprojects for database access, web scraping /spidering, assembly programming and shellcoding generation, exploit and payload crafting, bruteforcers, SQL injection, etc. – https://github.com/ronin-ruby/
Projects Using Ruby • Ruckus – DOM-inspired ruby fuzzer – Great for network protocols – Declare structures like you’re writing C • Define network protocol headers – Built in mutators for fuzzing
Projects Using Ruby • BeEF – Browser Exploitation Framework Project – Pen testing tool that focuses on the browser – http://beefproject.com/
Projects Using Ruby • Gauntlt – BE MEAN TO YOUR CODE AND LIKE IT – DSL (based on Cucumber) for interfacing with popular testing tools – http://gauntlt.org/
Projects Using Ruby • PEDump – Supports MZ & PE formats – Can dump every part of the executable – https://github.com/zed-0xff/pedump
Projects Using Ruby • Ruby BlackBag (rbkb) – Based on Matasano BlackBag – Misc Pen-testing/reversing tools – https://github.com/emonti/rbkb
Projects Using Ruby • Ragweed – Scriptable Win32/Linux/OSX debugger – https://github.com/tduehr/ragweed
Projects Using Ruby • PacketFu – Mid-level packet manipulation library – https://github.com/todb/packetfu
Projects Using Ruby • Arachni – Web application security scanner framework – Multiple deployment options (CLI, Web, Distributed) – Extensive security checks – Automated, distributed, high-performance JavaScript/DOM security debugger – http://www.arachni-scanner.com/
Projects Using Ruby • Brakeman – Open-source vulnerability scanner specifically designed for RoR applications – Developed and maintained by Twitter – http://brakemanscanner.org/
Projects Using Ruby • WPScan – Black box WordPress vulnerability scanner – http://wpscan.org/
Projects Using Ruby • RailsGoat – Vulnerable version of the RoR framework – OWASP project – https://github.com/OWASP/railsgoat
References • https://www.blackhat.com/presentations/bh-usa- 09/TRACY/BHUSA09-Tracy-RubyPentesters-PAPER.pdf • http://matasano.com/research/ruby_for_pentesters/Ruby- For-Pentesters.pdf • http://rubysecurity.info/

Recommended

Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1Code for Startup MVP (Ruby on Rails) Session 1
Code for Startup MVP (Ruby on Rails) Session 1
Henry S
 
Go: What's Different ?
Go: What's Different ?Go: What's Different ?
Go: What's Different ?
Tarun Vashisth
 
Ruby in office time reboot
Ruby in office time rebootRuby in office time reboot
Ruby in office time reboot
Kentaro Goto
 
Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6Rubykaigi 2017-nishimotz-v6
Rubykaigi 2017-nishimotz-v6
Takuya Nishimoto
 
Why ruby
Why rubyWhy ruby
Why ruby
Bill Chea
 
What's the "right" PHP Framework?
What's the "right" PHP Framework?What's the "right" PHP Framework?
What's the "right" PHP Framework?
Barry Jones
 
Day 8 - jRuby
Day 8 - jRubyDay 8 - jRuby
Day 8 - jRuby
Barry Jones
 
T4T Training day - NodeJS
T4T Training day - NodeJST4T Training day - NodeJS
T4T Training day - NodeJS
Tim Sommer
 
Ruby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles Nutter
Steven Chau
 
easyM2R
easyM2ReasyM2R
easyM2R
Carsten Klee
 
Repeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with Elixir
Barry Jones
 
TSSJS 2011 - JRuby
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRuby
Charles Nutter
 
Scala vs ruby
Scala vs rubyScala vs ruby
Scala vs ruby
Kamil Lelonek
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
Ontico
 
Making CLI app in ruby
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in ruby
Huy Do
 
Ruby formatters
Ruby formattersRuby formatters
Ruby formatters
Visuality
 
Day 1 - Intro to Ruby
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to Ruby
Barry Jones
 
Ruby on Rails : First Mile
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First Mile
Gourab Mitra
 
Crystal
CrystalCrystal
Crystal
Kamil Lelonek
 
Ruby on rails
Ruby on railsRuby on rails
Ruby on rails
Batzorigt Rentsen
 
Introduction To Rails
Introduction To RailsIntroduction To Rails
Introduction To Rails
Eric Gruber
 
Programming languages used in Firefox OS
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OS
Prathamesh Chavan
 
Enterprise messaging
Enterprise messagingEnterprise messaging
Enterprise messaging
ColdFusionConference
 
CBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusion
Ortus Solutions, Corp
 
Ruby Beyond Rails
Ruby Beyond RailsRuby Beyond Rails
Ruby Beyond Rails
Gaveen Prabhasara
 
10 Things you should know about Ruby
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Ruby
sikachu
 
Rfselenium2 redhat
Rfselenium2 redhatRfselenium2 redhat
Rfselenium2 redhat
Joonas Jauhiainen
 
Ruby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET Perspective
Buddy Lindsey
 
EKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfEKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdf
Arnaud Bouchez
 
Evalution about programming language part 1
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1
Synapseindiappsdevelopment
 

More Related Content

What's hot (20)

Ruby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles Nutter
Steven Chau
 
easyM2R
easyM2ReasyM2R
easyM2R
Carsten Klee
 
Repeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with Elixir
Barry Jones
 
TSSJS 2011 - JRuby
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRuby
Charles Nutter
 
Scala vs ruby
Scala vs rubyScala vs ruby
Scala vs ruby
Kamil Lelonek
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
Ontico
 
Making CLI app in ruby
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in ruby
Huy Do
 
Ruby formatters
Ruby formattersRuby formatters
Ruby formatters
Visuality
 
Day 1 - Intro to Ruby
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to Ruby
Barry Jones
 
Ruby on Rails : First Mile
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First Mile
Gourab Mitra
 
Crystal
CrystalCrystal
Crystal
Kamil Lelonek
 
Ruby on rails
Ruby on railsRuby on rails
Ruby on rails
Batzorigt Rentsen
 
Introduction To Rails
Introduction To RailsIntroduction To Rails
Introduction To Rails
Eric Gruber
 
Programming languages used in Firefox OS
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OS
Prathamesh Chavan
 
Enterprise messaging
Enterprise messagingEnterprise messaging
Enterprise messaging
ColdFusionConference
 
CBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusion
Ortus Solutions, Corp
 
Ruby Beyond Rails
Ruby Beyond RailsRuby Beyond Rails
Ruby Beyond Rails
Gaveen Prabhasara
 
10 Things you should know about Ruby
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Ruby
sikachu
 
Rfselenium2 redhat
Rfselenium2 redhatRfselenium2 redhat
Rfselenium2 redhat
Joonas Jauhiainen
 
Ruby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET Perspective
Buddy Lindsey
 
Ruby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles NutterRuby Midwest 2010 jRuby by Charles Nutter
Ruby Midwest 2010 jRuby by Charles Nutter
Steven Chau
 
easyM2R
easyM2ReasyM2R
easyM2R
Carsten Klee
 
Repeating History...On Purpose...with Elixir
Repeating History...On Purpose...with ElixirRepeating History...On Purpose...with Elixir
Repeating History...On Purpose...with Elixir
Barry Jones
 
TSSJS 2011 - JRuby
TSSJS 2011 - JRubyTSSJS 2011 - JRuby
TSSJS 2011 - JRuby
Charles Nutter
 
Scala vs ruby
Scala vs rubyScala vs ruby
Scala vs ruby
Kamil Lelonek
 
Joe Damato
Joe DamatoJoe Damato
Joe Damato
Ontico
 
Making CLI app in ruby
Making CLI app in rubyMaking CLI app in ruby
Making CLI app in ruby
Huy Do
 
Ruby formatters
Ruby formattersRuby formatters
Ruby formatters
Visuality
 
Day 1 - Intro to Ruby
Day 1 - Intro to RubyDay 1 - Intro to Ruby
Day 1 - Intro to Ruby
Barry Jones
 
Ruby on Rails : First Mile
Ruby on Rails : First MileRuby on Rails : First Mile
Ruby on Rails : First Mile
Gourab Mitra
 
Crystal
CrystalCrystal
Crystal
Kamil Lelonek
 
Ruby on rails
Ruby on railsRuby on rails
Ruby on rails
Batzorigt Rentsen
 
Introduction To Rails
Introduction To RailsIntroduction To Rails
Introduction To Rails
Eric Gruber
 
Programming languages used in Firefox OS
Programming languages used in Firefox OSProgramming languages used in Firefox OS
Programming languages used in Firefox OS
Prathamesh Chavan
 
Enterprise messaging
Enterprise messagingEnterprise messaging
Enterprise messaging
ColdFusionConference
 
CBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusionCBDW2014 - Down the RabbitMQ hole with ColdFusion
CBDW2014 - Down the RabbitMQ hole with ColdFusion
Ortus Solutions, Corp
 
Ruby Beyond Rails
Ruby Beyond RailsRuby Beyond Rails
Ruby Beyond Rails
Gaveen Prabhasara
 
10 Things you should know about Ruby
10 Things you should know about Ruby10 Things you should know about Ruby
10 Things you should know about Ruby
sikachu
 
Rfselenium2 redhat
Rfselenium2 redhatRfselenium2 redhat
Rfselenium2 redhat
Joonas Jauhiainen
 
Ruby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET PerspectiveRuby on Rails from an ASP.NET Perspective
Ruby on Rails from an ASP.NET Perspective
Buddy Lindsey
 

Similar to Ruby and Security (20)

EKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfEKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdf
Arnaud Bouchez
 
Evalution about programming language part 1
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1
Synapseindiappsdevelopment
 
sl slides-unit-1.pptx
sl slides-unit-1.pptxsl slides-unit-1.pptx
sl slides-unit-1.pptx
SRAVANTHISALLARAM1
 
Exploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQLExploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQL
Barry Jones
 
Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01
sagaroceanic11
 
Swt
SwtSwt
Swt
Ngoc Anh
 
An introduction to the ruby ecosystem
An introduction to the ruby ecosystemAn introduction to the ruby ecosystem
An introduction to the ruby ecosystem
Geison Goes
 
Rails - getting started
Rails - getting startedRails - getting started
Rails - getting started
True North
 
faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)
Paulo Arruda
 
Building A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo ArrudaBuilding A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo Arruda
Redis Labs
 
Ruby On Rails
Ruby On RailsRuby On Rails
Ruby On Rails
iradarji
 
Meetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech PeopleMeetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech People
IT Arena
 
An introduction to Rails 3
An introduction to Rails 3An introduction to Rails 3
An introduction to Rails 3
Blazing Cloud
 
Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?
C4Media
 
Be faster then rabbits
Be faster then rabbitsBe faster then rabbits
Be faster then rabbits
Vladislav Bauer
 
Ruby in prijatelji
Ruby in prijateljiRuby in prijatelji
Ruby in prijatelji
Oto Brglez
 
Markup languages and warp-speed documentation
Markup languages and warp-speed documentationMarkup languages and warp-speed documentation
Markup languages and warp-speed documentation
Lois Patterson
 
Lois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed DocumentationLois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed Documentation
Jack Molisani
 
Why ruby and rails
Why ruby and railsWhy ruby and rails
Why ruby and rails
Reuven Lerner
 
ruby pentest
ruby pentestruby pentest
ruby pentest
testgmailnormal
 
EKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdfEKON27-FrameworksExpressiveness.pdf
EKON27-FrameworksExpressiveness.pdf
Arnaud Bouchez
 
Evalution about programming language part 1
Evalution about programming language part 1Evalution about programming language part 1
Evalution about programming language part 1
Synapseindiappsdevelopment
 
sl slides-unit-1.pptx
sl slides-unit-1.pptxsl slides-unit-1.pptx
sl slides-unit-1.pptx
SRAVANTHISALLARAM1
 
Exploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQLExploring Ruby on Rails and PostgreSQL
Exploring Ruby on Rails and PostgreSQL
Barry Jones
 
Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01Rubyonrails 090715105949-phpapp01
Rubyonrails 090715105949-phpapp01
sagaroceanic11
 
Swt
SwtSwt
Swt
Ngoc Anh
 
An introduction to the ruby ecosystem
An introduction to the ruby ecosystemAn introduction to the ruby ecosystem
An introduction to the ruby ecosystem
Geison Goes
 
Rails - getting started
Rails - getting startedRails - getting started
Rails - getting started
True North
 
faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)faastRuby - Building a FaaS platform with Redis (RedisConf19)
faastRuby - Building a FaaS platform with Redis (RedisConf19)
Paulo Arruda
 
Building A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo ArrudaBuilding A FaaA Platform With Redis: Paulo Arruda
Building A FaaA Platform With Redis: Paulo Arruda
Redis Labs
 
Ruby On Rails
Ruby On RailsRuby On Rails
Ruby On Rails
iradarji
 
Meetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech PeopleMeetup. Technologies Intro for Non-Tech People
Meetup. Technologies Intro for Non-Tech People
IT Arena
 
An introduction to Rails 3
An introduction to Rails 3An introduction to Rails 3
An introduction to Rails 3
Blazing Cloud
 
Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?Go - A Key Language in Enterprise Application Development?
Go - A Key Language in Enterprise Application Development?
C4Media
 
Be faster then rabbits
Be faster then rabbitsBe faster then rabbits
Be faster then rabbits
Vladislav Bauer
 
Ruby in prijatelji
Ruby in prijateljiRuby in prijatelji
Ruby in prijatelji
Oto Brglez
 
Markup languages and warp-speed documentation
Markup languages and warp-speed documentationMarkup languages and warp-speed documentation
Markup languages and warp-speed documentation
Lois Patterson
 
Lois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed DocumentationLois Patterson: Markup Languages and Warp-Speed Documentation
Lois Patterson: Markup Languages and Warp-Speed Documentation
Jack Molisani
 
Why ruby and rails
Why ruby and railsWhy ruby and rails
Why ruby and rails
Reuven Lerner
 
ruby pentest
ruby pentestruby pentest
ruby pentest
testgmailnormal
 

Recently uploaded (20)

Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
Societal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainabilitySocietal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainability
Jordi Cabot
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 
Download Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With LatestDownload Wondershare Filmora Crack [2025] With Latest
Download Wondershare Filmora Crack [2025] With Latest
tahirabibi60507
 
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025
kashifyounis067
 
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New VersionPixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version
saimabibi60507
 
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
What Do Contribution Guidelines Say About Software Testing? (MSR 2025)
Andre Hora
 
Automation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath CertificateAutomation Techniques in RPA - UiPath Certificate
Automation Techniques in RPA - UiPath Certificate
VICTOR MAESTRE RAMIREZ
 
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfMicrosoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdf
TechSoup
 
Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]Get & Download Wondershare Filmora Crack Latest [2025]
Get & Download Wondershare Filmora Crack Latest [2025]
saniaaftab72555
 
How to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud PerformanceHow to Optimize Your AWS Environment for Improved Cloud Performance
How to Optimize Your AWS Environment for Improved Cloud Performance
ThousandEyes
 
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Proactive Vulnerability Detection in Source Code Using Graph Neural Networks:...
Ranjan Baisak
 
EASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License CodeEASEUS Partition Master Crack + License Code
EASEUS Partition Master Crack + License Code
aneelaramzan63
 
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIScaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
danshalev
 
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Exceptional Behaviors: How Frequently Are They Tested? (AST 2025)
Andre Hora
 
Revolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptxRevolutionizing Residential Wi-Fi PPT.pptx
Revolutionizing Residential Wi-Fi PPT.pptx
nidhisingh691197
 
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentSecure Test Infrastructure: The Backbone of Trustworthy Software Development
Secure Test Infrastructure: The Backbone of Trustworthy Software Development
Shubham Joshi
 
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025
kashifyounis067
 
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDesigning AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Dinusha Kumarasiri
 
Societal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainabilitySocietal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainability
Jordi Cabot
 
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Eric D. Schabell
 
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeExpand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchange
Fexle Services Pvt. Ltd.
 
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...Explaining GitHub Actions Failures with Large Language Models Challenges, In...
Explaining GitHub Actions Failures with Large Language Models Challenges, In...
ssuserb14185
 

Ruby and Security

  • 1. Ruby and Security It’s not just for Python…
  • 2. About Me • Carl Sampson • Twitter: @chs • Web: www.chs.us • Product Security Engineer at Salesforce • Former developer turned appsec guy • OWASP Indy chapter leader • Ruby enthusiast
  • 3. Why Ruby? • One of the easiest languages to read and parse by anyone regardless of style – an_object.empty? – 3.times { puts “Hello, World” } – list_numbers.each {|num| print num} – [1, 2, 3].length
  • 4. Why Ruby? • Package management system that makes it easy to share and modify tools – Standard format for distributing Ruby programs and libraries – RubyGems (http://rubygems.org)
  • 5. Why Ruby? • Powerful introspection and object-oriented capabilities – Find out information about classes – Dynamically create classes/methods – Objectspace
  • 6. Why Ruby? • Platform-independent support for multithreading – Leverages native features of the OS
  • 7. Why Ruby? • Can be compiled and run natively on most platforms • Doesn’t require libraries such as cygwin to build on windows • Easy to embed within another application – API for calling from within C
  • 8. Why Ruby? • Robust standard library included – 20, 964 functions and classes – Well-documented • Dash • Omniref (https://www.omniref.com/) • Ruby-doc (http://www.ruby-doc.org/) • Ri
  • 9. Why Ruby? • Easy to extend existing classes to meet new needs (open classes) – Ruby classes are never closed
  • 11. Why Ruby? • Easy to hook native libraries – FFI (interface with c-style libraries) – DL (bridge to dlopen) • Easy to extend using C
  • 12. Why Ruby? • Lends itself to Domain Specific Language (DSL) creation – Programming language designed specifically to express solutions to problems in a specific domain – Sinatra – DSL for defining how to handle HTTP requests – Chef – DSL for automating server management tasks – Rspec – DSL for testing – ActiveRecord migrations
  • 13. Why Ruby? • IRB – REPL for programming in ruby – Allows execution of Ruby commands with immediate response, allowing experimenting in real time – Blocks, mixins and monkey patching
  • 14. Why Ruby? • Binary string processing and pattern matching
  • 15. Why Ruby? • First-class regular expressions – Borrowed from Perl – Built-in without needing to include extra modules
  • 16. Why Ruby? • Network protocol and file format parsing are well supported in Ruby – Most network protocols built in – Most everything else available as a gem
  • 17. Why Ruby? • Cryptography, specifically comprehensive OpenSSL bindings – Exposes a huge portion of the API
  • 18. Projects Using Ruby? • Metasploit – Ported from Perl in 2006 • Why? – Platform independent support for threading – Native interpreter for Windows – Enjoyed by the people that contribute to the framework
  • 19. Projects Using Ruby? • Metasm – Assembler – Disassembler – Compiler – Part of the Metasploit project – https://github.com/jjyg/metasm
  • 20. Projects Using Ruby • Ronin – Platform for vulnerability research and exploit development – Subprojects for database access, web scraping /spidering, assembly programming and shellcoding generation, exploit and payload crafting, bruteforcers, SQL injection, etc. – https://github.com/ronin-ruby/
  • 21. Projects Using Ruby • Ruckus – DOM-inspired ruby fuzzer – Great for network protocols – Declare structures like you’re writing C • Define network protocol headers – Built in mutators for fuzzing
  • 22. Projects Using Ruby • BeEF – Browser Exploitation Framework Project – Pen testing tool that focuses on the browser – http://beefproject.com/
  • 23. Projects Using Ruby • Gauntlt – BE MEAN TO YOUR CODE AND LIKE IT – DSL (based on Cucumber) for interfacing with popular testing tools – http://gauntlt.org/
  • 24. Projects Using Ruby • PEDump – Supports MZ & PE formats – Can dump every part of the executable – https://github.com/zed-0xff/pedump
  • 25. Projects Using Ruby • Ruby BlackBag (rbkb) – Based on Matasano BlackBag – Misc Pen-testing/reversing tools – https://github.com/emonti/rbkb
  • 26. Projects Using Ruby • Ragweed – Scriptable Win32/Linux/OSX debugger – https://github.com/tduehr/ragweed
  • 27. Projects Using Ruby • PacketFu – Mid-level packet manipulation library – https://github.com/todb/packetfu
  • 28. Projects Using Ruby • Arachni – Web application security scanner framework – Multiple deployment options (CLI, Web, Distributed) – Extensive security checks – Automated, distributed, high-performance JavaScript/DOM security debugger – http://www.arachni-scanner.com/
  • 29. Projects Using Ruby • Brakeman – Open-source vulnerability scanner specifically designed for RoR applications – Developed and maintained by Twitter – http://brakemanscanner.org/
  • 30. Projects Using Ruby • WPScan – Black box WordPress vulnerability scanner – http://wpscan.org/
  • 31. Projects Using Ruby • RailsGoat – Vulnerable version of the RoR framework – OWASP project – https://github.com/OWASP/railsgoat