Information leaks Is the target application a Rails application? Default setup for static es: /javascripts/application.js /stylesheets/application.css /images/foo.png Pretty URLs /project/show/12 /message/create /folder/delete/43 /users/83 9 Slide 10: Information leaks Is the target application a Rails application? Rails provides default templates for 404 and 500 status pages Different Rails versions use different default pages 422.html only present in applications generated with Rai...

http://www.slideshare.net/jweiss/ruby-on-rails-security-218035/

http://b.hatena.ne.jp/entry/http://www.slideshare.net/jweiss/ruby-on-rails-security-218035/