Ruby is a powerful programming language, it includes way to write dynamic code at run time, this is called meta-programming. Meta-programming, everyones favorite Rubyism to hate. It can lead to less code, more abstraction and tears of pain and sorrow. During the review of lots of Rails and Ruby applications we’ve see how meta-programming has lead to some really interesting but terrible security flaws. In this talk, we’ll do a deep dive into examples of how meta-programming can bite you in a big way.
Ken is currently an AppSec engineer at OnDeck, but has been around the security consulting block once or twice. He specializes in Ruby, Java, .NET, and Javascript and has a passion for security and general tech. When he's not digging into code or breaking things he can probably be found at a local karaoke bar.