Ruby Security Field Guide
Recent Ruby vulnerability classes, their root causes, and how to defend against them.
Type
Guide
Domain
Application Security
Maintainer
Trail of Bits
Format
Open course / field guide
Overview
The Ruby Security Field Guide is hands-on training material covering vulnerabilities in Ruby and Rails applications: recent vulnerability classes, their root causes, and exercises in both exploit development and defensive programming. Vulnerabilities in Ruby applications have been found with the potential to affect vast swathes of the internet, yet few developers are aware of the risks; this guide closes that gap with practical, exploit-driven lessons.
What's inside · 5
-
YAML
Deserialization risks and the gadget chains that exploit them.
-
Parslet
Parsing pitfalls and how they become vulnerabilities.
-
Mutant
Using mutation testing to harden code under test.
-
Ronin
Applying the Ronin toolkit to Ruby security work.
-
Resources
Further reading, slides, and references for going deeper.
Who it's for
Ruby and Rails developers who want to understand the security risks in their applications and write more defensive code.
More guides & handbooks
- MCP Security Guide Securing the Model Context Protocol: the mcp-context-protector wrapper, disclosed attack classes, and community defenses. AI/ML Security
- Testing Handbook Handbook Guides for configuring and automating static and dynamic analysis tools. Application Security
- ZKDocs Handbook Interactive documentation on zero-knowledge proof systems. Cryptography
- Building Secure Smart Contracts Handbook Best practices for developing secure smart contracts. Blockchain
- CTF Field Guide Guide Field guide to winning at Capture The Flag competitions. Education
