Metaprogramming in Ruby and doing it wrong.

DerbyCon 6.0 - Recharge

Presented by: Ken Toler
Date: Friday September 23, 2016
Time: 17:30 - 17:55
Location: Pimlico
Track: Stable Talks

Ruby is a powerful programming language, it includes way to write dynamic code at run time, this is called meta-programming. Meta-programming, everyones favorite Rubyism to hate. It can lead to less code, more abstraction and tears of pain and sorrow. During the review of lots of Rails and Ruby applications we’ve see how meta-programming has lead to some really interesting but terrible security flaws. In this talk, we’ll do a deep dive into examples of how meta-programming can bite you in a big way.

Ken Toler

Ken is currently an AppSec engineer at OnDeck, but has been around the security consulting block once or twice. He specializes in Ruby, Java, .NET, and Javascript and has a passion for security and general tech. When he's not digging into code or breaking things he can probably be found at a local karaoke bar.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats