

How Mephisto (popular Ruby blog software) did their security audit - tptacek
http://mephistoblog.com/2008/12/21/mephisto-security-advisory

======
tptacek
I don't much care that they found stuff (I don't use Mephisto), but I thought
it was an interesting case study.

