Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Takayuki Matsubara Takayuki Matsubara
May 16, 2014
Programming
1
18k

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Avatar for Takayuki Matsubara

Takayuki Matsubara

May 16, 2014
Tweet

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
Avatar for Takayuki Matsubara ma2gedev
0
320
Coding Challenge Advent of Code 2019
Avatar for Takayuki Matsubara ma2gedev
0
150
Developer Experience in GraphQL Schema-first Development
Avatar for Takayuki Matsubara ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
Avatar for Takayuki Matsubara ma2gedev
0
520
OSSの歩き方 / Walking with OSS
Avatar for Takayuki Matsubara ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
Avatar for Takayuki Matsubara ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
Avatar for Takayuki Matsubara ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
Avatar for Takayuki Matsubara ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
Avatar for Takayuki Matsubara ma2gedev
1
190

Other Decks in Programming

See All in Programming
KIKI_MBSD Cybersecurity Challenges 2025
Avatar for ikema ikema
0
1.3k
Grafana:建立系統全知視角的捷徑
Avatar for Blueswen blueswen
0
330
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
4
2k
責任感のあるCloudWatchアラームを設計しよう
Avatar for アキキー akihisaikeda
3
180
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
Avatar for Kenta Suzuki kekekenta
0
220
Automatic Grammar Agreementと Markdown Extended Attributes
について
Avatar for Kishikawa Katsumi kishikawakatsumi
0
200
AtCoder Conference 2025
Avatar for shindannin shindannin
0
1.1k
疑似コードによるプロンプト記述、どのくらい正確に実行される?
Avatar for kokuyouwind kokuyouwind
0
390
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
Avatar for MomokoShirakawa momok47
0
200
AgentCoreとHuman in the Loop
Avatar for Har1101 har1101
5
240
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
Avatar for tetutetu214 tetutetu214
2
120
MDN Web Docs に日本語翻訳でコントリビュート
Avatar for uutan1108 ohmori_yusuke
0
650

Featured

See All Featured
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
86
Git: the NoSQL Database
Avatar for Brandon Keepers bkeepers
PRO
432
66k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
Between Models and Reality
Avatar for mayunak mayunak
1
190
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
0
53
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.2k
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
230k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
270
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
74
11k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
231
22k
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
1
760
Writing Fast Ruby
Avatar for Erik Berlin sferik
630
62k

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end