Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
17k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
250
Coding Challenge Advent of Code 2019
ma2gedev
0
120
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.2k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
450
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.5k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.1k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
160
Other Decks in Programming
See All in Programming
ソフトウェアエンジニアの成長
masuda220
PRO
12
2.1k
もう少しテストを書きたいんじゃ〜 #phpstudy
o0h
PRO
19
4.2k
ナレッジイネイブリングにAIを活用してみる ゆるSRE勉強会 #9
nealle
0
160
GoとPHPのインターフェイスの違い
shimabox
2
210
お前もAI鬼にならないか?👹Bolt & Cursor & Supabase & Vercelで人間をやめるぞ、ジョジョー!👺
taishiyade
7
4.2k
Learning Kotlin with detekt
inouehi
1
180
Djangoにおける複数ユーザー種別認証の設計アプローチ@DjangoCongress JP 2025
delhi09
PRO
4
500
PHPのバージョンアップ時にも役立ったAST
matsuo_atsushi
0
230
たのしいSocketのしくみ / Socket Under a Microscope
coe401_
8
1.4k
仕様変更に耐えるための"今の"DRY原則を考える
mkmk884
9
3.2k
ML.NETで始める機械学習
ymd65536
0
240
Rails 1.0 のコードで学ぶ find_by* と method_missing の仕組み / Learn how find_by_* and method_missing work in Rails 1.0 code
maimux2x
1
260
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.6k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Fantastic passwords and where to find them - at NoRuKo
philnash
51
3k
Unsuck your backbone
ammeep
669
57k
Producing Creativity
orderedlist
PRO
344
40k
Fontdeck: Realign not Redesign
paulrobertlloyd
83
5.4k
The Invisible Side of Design
smashingmag
299
50k
4 Signs Your Business is Dying
shpigford
183
22k
Into the Great Unknown - MozCon
thekraken
35
1.6k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.5k
Agile that works and the tools we love
rasmusluckow
328
21k
Mobile First: as difficult as doing things right
swwweet
223
9.5k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
masuda220
o0h
nealle
shimabox
taishiyade
inouehi
delhi09
matsuo_atsushi
coe401_
mkmk884
ymd65536
maimux2x
bluesmoon
kevinliebholz
philnash
ammeep
orderedlist
paulrobertlloyd
smashingmag
shpigford
thekraken
danielanewman
rasmusluckow
swwweet
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
