Explore common authentication and authorization pitfalls in Rails applications through this 59-minute Black Hat conference talk. Discover how Rails' convention over configuration approach handles many security concerns, but leaves authentication and authorization largely to developers. Learn about patterns observed in major Rails applications, potential vulnerabilities to watch for, and gain insights into a new dynamic analysis tool designed to help penetration testers navigate Rails authentication and authorization solutions.