November DCRUG: Rails Attack and Defense + Discovering True Database-Versioning

Our meetings are open to all experience levels, from total novices to expert Rubyists.

Current agenda:

"Railsgoat - Rails attack and defense" by Ken Johnson and Michael McCabe

While working to secure rails applications in a truly Agile development environment, it became clear that the Rails and Ruby ecosystem needed attention from the security community in the form of free and open training, and the events that have transpired this year have only reinforced that belief. RailsGoat is an attempt to bring attention to both the problems that most frequently occur in Rails, solutions for remediation, and common attack scenarios. To accomplish this, we've built a vulnerable Rails application that aligns with the OWASP Top 10 and can be used as a training tool for Rails-based development shops.

"Discovering true database-versioning" by Hassan Shahid

Ditch ActiveRecord migrations for true database versioning and management. We'll first discuss the pain points of the ActiveRecord migrations system, and then we'll explore Sqitch, a database version-management system that is simple to use but massively powerful. You will leave understanding at which point true database versioning becomes important in your software's lifecycle, the advantages of database-versioning, and a solid introduction to a tool that does database-versioning really well.

We now meet monthly at Logik's new headquaters, now located at 1400 I (Eye) Street NW, Suite 800 Washington, DC 20005. The closest Metro stop is McPherson Square. If you're downstairs and need someone to let you into the building or the elevator, please give me a call at 202-374-7303 or tweet me at @naffis.

We always need presenters, so if you have a topic or project on which you'd like to do a 30-minute presentation on anything Ruby-related, Rails-related or possibly of interest to Ruby developers, please contact our organizers info@dcrug.org and we'll schedule you to speak. If you have presented before, you are welcome to give a presentation on a new topic. This is a great chance for some of you guys and gals lingering in the back of the room to share some of the cool things you are working on. Don't be shy -- you're among fellow geeks. :)

As always, we'll have an ample supply of free pizza and soda for all attendees, so don't worry about eating dinner beforehand.

And we'll be heading to a nearby bar after the meeting, to unwind and socialize with fellow techies.