Pentesting RoR

["Mister Dookie" <misterdookie () gmail com>]

So a client is setting up a webapp written in Ruby on Rails with a
MySQL backend.

I do not have much experience with Ruby exploits or SQL injection against Ruby.

Can some list members give me some insight or point me in the right
direction? I know the new Metasploit is written using Ruby. Does that
make it a better pentest platform (just one of the tools) for me?
Thanks! Regards, John

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------