Pen testing ruby on rails applications

  • Enumeration Phase:

    • 422.html  if present the Rails version is >= 2.0
    • 500.html is in any rails. if this says apache then the version is pre 1.2

Rails >=1.2 the 500.html page returns this:


  •  fastCGI or mongrel on the back end so we check the banners returned from server
 
 



Tools is "brakeman":
http://www.opensourcetesting.org/security.php



https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet
https://groups.google.com/forum/#!forum/rubyonrails-security
http://www.slideshare.net/labs3/ruby-on-rails-penetration-testing
http://stackoverflow.com/questions/6765680/updated-free-tools-for-checking-security-vulnerabilities-for-rails-app
http://security.stackexchange.com/questions/83001/ruby-on-rails-pentesting-web-applications
https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/AnatomyOfRailsVuln-CVE-2014-0130.pdf
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
http://www.darkreading.com/vulnerabilities-and-threats/critical-ruby-on-rails-issue-threatens-240000-websites/d/d-id/1108096?
Explanation of CSRF and authenticity_token https://rorsecurity.info/portfolio/cross-site-request-forgery-and-rails

Important: http://rubysecurity.info/

https://www.blackhat.com/presentations/bh-usa-09/TRACY/BHUSA09-Tracy-RubyPentesters-PAPER.pdf

http://www.livehacking.com/tag/ruby-on-rails/

See vulnerable ruby on rails here http://itdrafts.blogspot.co.uk/2014/09/vulnerable-environment-for-improving.html