Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Takayuki Matsubara
May 16, 2014
Programming
1
17k

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Takayuki Matsubara

May 16, 2014
Tweet

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
210
Coding Challenge Advent of Code 2019
ma2gedev
0
120
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.1k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
420
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.5k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.2k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.7k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
150

Other Decks in Programming

See All in Programming
ふかぼれ!CSSセレクターモジュール / Fukabore! CSS Selectors Module
petamoriken
0
150
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우
kakao
PRO
0
110
Remix on Hono on Cloudflare Workers
yusukebe
1
280
RubyLSPのマルチバイト文字対応
notfounds
0
120
C++でシェーダを書く
fadis
6
4.1k
Arm移行タイムアタック
qnighy
0
310
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
470
Laravel や Symfony で手っ取り早く
OpenAPI のドキュメントを作成する
azuki
1
110
型付き API リクエストを実現するいくつかの手法とその選択 / Typed API Request
euxn23
8
2.2k
エンジニアとして関わる要件と仕様(公開用)
murabayashi
0
280
CSC509 Lecture 09
javiergs
PRO
0
140

Featured

See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Designing for humans not robots
tammielis
250
25k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Docker and Python
trallard
40
3.1k
How STYLIGHT went responsive
nonsquared
95
5.2k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
860
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Teambox: Starting and Learning
jrom
133
8.8k
Building Adaptive Systems
keathley
38
2.3k

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end