Pentesting RoR

["Mister Dookie" <misterdookie () gmail com>]

So a client is setting up a webapp written in Ruby on Rails with a
MySQL backend.

I do not have much experience with Ruby exploits or SQL injection against Ruby.

Can some list members give me some insight or point me in the right
direction? I know the new Metasploit is written using Ruby. Does that
make it a better pentest platform (just one of the tools) for me?
Thanks! Regards, John