Provided by: SecurityTube.net
Ruby is a powerful programming language, it includes way to write dynamic code at run time, this is called meta-programming. Meta-programming, everyone's favorite Rubyism to hate. It can lead to less code, more abstraction and tears of pain and sorrow. During the review of lots of rails and ruby applications the presenter have seen how meta-programming has lead to some really interesting but terrible security flaws.