Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Takayuki Matsubara
May 16, 2014
Programming
1
17k

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Takayuki Matsubara

May 16, 2014
Tweet

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
230
Coding Challenge Advent of Code 2019
ma2gedev
0
120
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.1k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
440
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.5k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.1k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
160

Other Decks in Programming

See All in Programming
KubeCon NA 2024の全DB関連セッションを紹介
nnaka2992
0
110
テストコード書いてみませんか?
onopon
2
290
今年一番支援させていただいたのは認証系サービスでした
satoshi256kbyte
1
280
return文におけるstd::moveについて
onihusube
1
1.4k
情報漏洩させないための設計
kubotak
5
1.2k
Effective Signals in Angular 19+: Rules and Helpers
manfredsteyer
PRO
0
340
fs2-io を試してたらバグを見つけて直した話
chencmd
0
280
HTML/CSS超絶浅い説明
yuki0329
0
160
命名をリントする
chiroruxx
1
570
Внедряем бюджетирование, или Как сделать хорошо?
lamodatech
0
860
MCP with Cloudflare Workers
yusukebe
2
270
責務を分離するための例外設計 - PHPカンファレンス 2024
kajitack
9
2.3k

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
A designer walks into a library…
pauljervisheath
205
24k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.8k
Git: the NoSQL Database
bkeepers
PRO
427
64k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
490
Side Projects
sachag
452
42k
The World Runs on Bad Software
bkeepers
PRO
66
11k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
940
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
850
Speed Design
sergeychernyshev
25
720

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end