Coding for Hackers

Languages › Ruby

Ruby

Roadmap

The language of Metasploit — and elegant web bugs.

Learning Path Available — Lessons Currently Being Developed

Overview

Ruby powers Rails applications and, famously, Metasploit. Its security story includes mass assignment, unsafe deserialization, and template injection, and its anchor semantics have produced real CVEs. Learning Ruby means reading Rails source and extending the most established exploitation framework there is.

Why learn Ruby

  • Metasploit is Ruby — extending it requires reading it.
  • Rails apps are common and have their own bug classes.
  • Mass assignment and deserialization are Ruby/Rails specialties.

Security applications

  • Rails application source review
  • Mass assignment vulnerabilities
  • Unsafe deserialization
  • Writing Metasploit modules
  • Template injection in Ruby

Planned curriculum

  1. Ruby syntax and idioms
  2. Reading Rails application source
  3. Mass assignment bugs
  4. Deserialization in Ruby
  5. Anchor-semantics validation bypasses
  6. Template injection
  7. Writing a Metasploit module
  8. Static analysis of Ruby
This path is on the roadmap. The four live courses (Python, JavaScript, Bash, Regex) will teach you most of what carries over.

Related languages

Python Live PHP Roadmap JavaScript Live