Previous Research

• Fixing Mass Assignment in Rails

• OAuth by Sakurity & Security Cheatsheet

• Hacking Github with Webkit

• Ruby regexp pitfalls

• RJS is a vulnerability in multiple Rails apps

• How I hacked Github again

• Routing bug: "match" in rails

• How we hacked Facebook with OAuth2 and Chrome bugs

• Cookie "Bomb"

• Content Security Policy, for evil

• Evolution of Open Redirect Vulnerability

• Brute-Forcing Scripts in Google Chrome

• Paperclip vulnerability leading to XSS or RCE