Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Takayuki Matsubara
May 16, 2014
Programming
1
18k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
320
Coding Challenge Advent of Code 2019
ma2gedev
0
150
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
520
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
190
Other Decks in Programming
See All in Programming
Grafana:建立系統全知視角的捷徑
blueswen
0
310
コントリビューターによるDenoのすゝめ / Deno Recommendations by a Contributor
petamoriken
0
200
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
ahuglajbclajep
5
930
Automatic Grammar Agreementと Markdown Extended Attributes について
kishikawakatsumi
0
140
Python札幌 LT資料
t3tra
7
1.1k
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
hekuchan
2
660
20260127_試行錯誤の結晶を1冊に。著者が解説 先輩データサイエンティストからの指南書 / author's_commentary_ds_instructions_guide
nash_efp
0
540
AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams
nrslib
2
1.7k
AIエージェントの設計で注意するべきポイント6選
har1101
7
3.3k
Spinner 軸ズレ現象を調べたらレンダリング深淵に飲まれた #レバテックMeetup
bengo4com
1
220
Honoを使ったリモートMCPサーバでAIツールとの連携を加速させる!
tosuri13
1
170
AIフル活用時代だからこそ学んでおきたい働き方の心得
shinoyu
0
110
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
How to Talk to Developers About Accessibility
jct
1
110
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
How Software Deployment tools have changed in the past 20 years
geshan
0
31k
Making Projects Easy
brettharned
120
6.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.8k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
2.9k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
What's in a price? How to price your products and services
michaelherold
247
13k
Context Engineering - Making Every Token Count
addyosmani
9
630
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
blueswen
petamoriken
ahuglajbclajep
kishikawakatsumi
t3tra
hekuchan
nash_efp
nrslib
har1101
bengo4com
tosuri13
shinoyu
maggiecrowley
jct
bluesmoon
afnizarnur
geshan
brettharned
samlambert
reverentgeek
inesmontani
rmw
michaelherold
addyosmani
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
