Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
17k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
240
Coding Challenge Advent of Code 2019
ma2gedev
0
120
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.2k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
450
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.5k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.1k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
160
Other Decks in Programming
See All in Programming
AIプログラミング雑キャッチアップ
yuheinakasaka
17
4.2k
Formの複雑さに立ち向かう
bmthd
1
930
未経験でSRE、はじめました! 組織を支える役割と軌跡
curekoshimizu
1
140
dbt Pythonモデルで実現するSnowflake活用術
trsnium
0
260
プログラミング言語学習のススメ / why-do-i-learn-programming-language
yashi8484
0
160
color-scheme: light dark; を完全に理解する
uhyo
7
490
CDKを使ったPagerDuty連携インフラのテンプレート化
shibuya_shogo
0
100
『GO』アプリ データ基盤のログ収集システムコスト削減
mot_techtalk
0
150
もう少しテストを書きたいんじゃ〜 #phpstudy
o0h
PRO
17
3.9k
一休.com のログイン体験を支える技術 〜Web Components x Vue.js 活用事例と最適化について〜
atsumim
0
930
Honoとフロントエンドの 型安全性について
yodaka
7
1.4k
ナレッジイネイブリングにAIを活用してみる ゆるSRE勉強会 #9
nealle
0
150
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
Writing Fast Ruby
sferik
628
61k
The Cost Of JavaScript in 2023
addyosmani
47
7.4k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
366
25k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.7k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
990
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
570
Side Projects
sachag
452
42k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
yuheinakasaka
bmthd
curekoshimizu
trsnium
yashi8484
uhyo
shibuya_shogo
mot_techtalk
o0h
atsumim
yodaka
nealle
eileencodes
sferik
addyosmani
dougneiner
sonatard
cassininazir
kastner
honnibal
jponch
destraynor
irinanazarova
sachag
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
