Framework and Application-Specific Vulnerabilities                          Chapter 9

            After we submit it, we see the page hang for a bit, and then eventually.
































            Our testing paid off. Although in this case we knew we'd find something if we dug deep
            enough, tools like WPScan can provide valuable, application-specific context and leads for
            further investigation, without adding a heavy new tool or difficult-to-integrate testing
            system.



            Ruby on Rails ` Rubysec Tools and Tricks

            There are several options for analyzing Ruby and Ruby-on-Rails applications, some of
            which are specific to Rails and others that can be applied more generally to similar
            applications (such as apps that are also RESTful, MVC, CRUD-oriented, primarily server-
            side, and so on).













                                                    [ 157 ]