Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for Takayuki Matsubara Takayuki Matsubara
May 16, 2014
Programming
1
18k

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Avatar for Takayuki Matsubara

Takayuki Matsubara

May 16, 2014
Tweet

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
Avatar for Takayuki Matsubara ma2gedev
0
320
Coding Challenge Advent of Code 2019
Avatar for Takayuki Matsubara ma2gedev
0
150
Developer Experience in GraphQL Schema-first Development
Avatar for Takayuki Matsubara ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
Avatar for Takayuki Matsubara ma2gedev
0
520
OSSの歩き方 / Walking with OSS
Avatar for Takayuki Matsubara ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
Avatar for Takayuki Matsubara ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
Avatar for Takayuki Matsubara ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
Avatar for Takayuki Matsubara ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
Avatar for Takayuki Matsubara ma2gedev
1
190

Other Decks in Programming

See All in Programming
CSC307 Lecture 06
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
690
Apache Iceberg V3 and migration to V3
Avatar for Tomohiro Tanaka tomtanaka
0
160
それ、本当に安全? ファイルアップロードで見落としがちなセキュリティリスクと対策
Avatar for ikechi penpeen
7
3.9k
なるべく楽してバックエンドに型をつけたい!(楽とは言ってない)
Avatar for HIBIKI CUBE hibiki_cube
0
140
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
Avatar for Yoichiro Kubo heimusu
7
2.8k
AI によるインシデント初動調査の自動化を行う AI インシデントコマンダーを作った話
Avatar for azukiazusa azukiazusa1
1
740
高速開発のためのコード整理術
Avatar for sutetotanuki sutetotanuki
1
400
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
Avatar for Hiroshi Morishige himorishige
11
7.4k
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
Avatar for Kenta Suzuki kekekenta
0
220
Lambda のコードストレージ容量に気をつけましょう
Avatar for tatsuki-yamada tattwan718
0
140
OCaml 5でモダンな並列プログラミングを Enjoyしよう!
Avatar for Haochen Kotoi-Xie haochenx
0
140
AIエージェント、”どう作るか”で差は出るか? / AI Agents: Does the "How" Make a Difference?
Avatar for r-kagaya rkaga
4
2k

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
275
41k
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
130
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7k
Code Reviewing Like a Champion
Avatar for maltzj maltzj
527
40k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
196
71k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
Avatar for Katarina Dahlin katarinadahlin
PRO
0
3.4k
SEO in 2025: How to Prepare for the Future of Search
Avatar for Michael King ipullrank
3
3.3k
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
0
210
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
What Being in a Rock Band Can Teach Us About Real World SEO
Avatar for Ade Holder 427marketing
0
170
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end