[jfdk]

I really like the author's analogy to a "communal sausage." Working at a company where our main backend is built on Rails / Ruby, security can always be a bit scary (though has gotten much better in recent history).

I'm fairly security ignorant, so maybe someone can enlighten me here, but why is the statement "traditional security tools aren’t effective" true? What kind of tools are we talking about? How would blackbox testing be different if the underlying software is changed?

I can definitely see how lower-level parts of the infrastructure would need to be tested differently, but I don't know what changes at the webapp-level.