Ruby is a powerful programming language, it includes way to write dynamic code at run time, this is called meta-programming. Meta-programming, everyones favorite Rubyism to hate. It can lead to less code, more abstraction and tears of pain and sorrow. During the review of lots of Rails and Ruby applications we’ve see how meta-programming has lead to some really interesting but terrible security flaws. In this talk, we’ll do a deep dive into examples of how meta-programming can bite you in a big way.