Rory McCune’s profile

Security Geek, Penetration Testing and director at ScotSTS Ltd.

Latest Comments

1

Interesting post. One thing to note though is that Mass Assignment isn't uniquely a Rails problem, other MVC frameworks can have it as well..

http://digitalbush.com/2012/03/05/mass-assignment-aspnet-mvc/

would be one example.

Also I was surprised that github had this kind of problem. Mass assigment should be a well known security issue in the rails community, there have been presentations mentioning it as an issue going back to 2007

http://www.slideshare.net/jweiss/ru...security-218035

Posted in Hacking Rails (and GitHub).

Wed, 07 Mar 2012 at 16:59:50 GMT


About

  • Twitter: @raesene
  • Location: Scotland
  • Joined: March 2012
  • Comments: 1