Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
17k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
150
Coding Challenge Advent of Code 2019
ma2gedev
0
97
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
350
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.4k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
920
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.1k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.7k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
140
Other Decks in Programming
See All in Programming
Laravel標準バリデーションでできること
hmb_ok
2
360
WasmOS: Wasmを実行する自作Microkernel
riru
0
370
ONE WEDGE_Company_Information
1wedge
0
170
フロントエンドパフォーマンス 入門
shouta2
7
1.5k
上手な探索的テストとその上達方法について
matsu802
4
650
オブジェクト指向コードレビューの新しいアプローチ
akkie76
3
1.5k
incrementalモデルの理解を深める
ikkimiyazaki
2
640
Creating Retro-Style Photos Using Swift
ski
1
350
Cloud RunとCloud PubSubでサーバレスなデータ基盤2024 with Terraform / Cloud Run and PubSub with Terraform
shinyorke
7
1.9k
DocC Tutorial と TCA におけるテスト機能の紹介
kalupas226
1
330
品質が高いコードって何?Rev2.1
ickx
1
490
ここ1~2年くらいで 使えるようになった(主要ブラウザーの最新版 がすべて対応した ) ウェブの新機能について ランダムに喋る!
myzkyy
9
6.5k
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
689
190k
Scaling GitHub
holman
456
140k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.3k
Teambox: Starting and Learning
jrom
126
8.4k
The Invisible Customer
myddelton
114
12k
Stop Working from a Prison Cell
hatefulcrawdad
265
19k
Web development in the modern age
philhawksworth
201
10k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
240
1.2M
Web Components: a chance to create the future
zenorocha
304
41k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Bash Introduction
62gerente
604
210k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end