Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
17k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
240
Coding Challenge Advent of Code 2019
ma2gedev
0
120
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.2k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
450
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.5k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.1k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
160
Other Decks in Programming
See All in Programming
「個人開発マネタイズ大全」が教えてくれたこと
bani24884
1
240
新宿駅構内を三人称視点で探索してみる
satoshi7190
2
120
Bedrock Agentsレスポンス解析によるAgentのOps
licux
3
930
DRFを少しずつ オニオンアーキテクチャに寄せていく DjangoCongress JP 2025
nealle
2
280
Visual StudioのGitHub Copilotでいろいろやってみる
tomokusaba
1
210
苦しいTiDBへの移行を乗り越えて快適な運用を目指す
leveragestech
0
1.1k
Django NinjaによるAPI開発の効率化とリプレースの実践
kashewnuts
1
280
機能が複雑化しても 頼りになる FactoryBotの話
tamikof
1
210
ナレッジイネイブリングにAIを活用してみる ゆるSRE勉強会 #9
nealle
0
160
負債になりにくいCSSをデザイナとつくるには?
fsubal
10
2.6k
Boos Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
420
ソフトウェアエンジニアの成長
masuda220
PRO
12
2.1k
Featured
See All Featured
Become a Pro
speakerdeck
PRO
26
5.2k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Practical Orchestrator
shlominoach
186
10k
Gamification - CAS2011
davidbonilla
80
5.2k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
How to Think Like a Performance Engineer
csswizardry
22
1.4k
The World Runs on Bad Software
bkeepers
PRO
67
11k
Designing Experiences People Love
moore
140
23k
Code Review Best Practice
trishagee
67
18k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end