Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
18k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
310
Coding Challenge Advent of Code 2019
ma2gedev
0
140
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
500
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
180
Other Decks in Programming
See All in Programming
10年もののAPIサーバーにおけるCI/CDの改善の奮闘
mbook
0
800
Goで実践するドメイン駆動開発 AIと歩み始めた新規プロダクト開発の現在地
imkaoru
4
800
Web フロントエンドエンジニアに開かれる AI Agent プロダクト開発 - Vercel AI SDK を観察して AI Agent と仲良くなろう! #FEC余熱NIGHT
izumin5210
3
500
組込みだけじゃない!TinyGo で始める無料クラウド開発入門
otakakot
0
210
ポスターセッション: 「まっすぐ行って、右!」って言ってラズパイカーを動かしたい 〜生成AI × Raspberry Pi Pico × Gradioの試作メモ〜
komofr
0
1.2k
複雑化したリポジトリをなんとかした話 pipenvからuvによるモノレポ構成への移行
satoshi256kbyte
1
1k
Serena MCPのすすめ
wadakatu
4
960
CSC509 Lecture 05
javiergs
PRO
0
300
(Extension DC 2025) Actor境界を越える技術
teamhimeh
1
250
GitHub Actions × AWS OIDC連携の仕組みと経緯を理解する
ota1022
0
250
技術的負債の正体を知って向き合う / Facing Technical Debt
irof
0
150
CSC305 Lecture 04
javiergs
PRO
0
260
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.7k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
620
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.7k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Code Review Best Practice
trishagee
72
19k
Scaling GitHub
holman
463
140k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.1k
How STYLIGHT went responsive
nonsquared
100
5.8k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.6k
Balancing Empowerment & Direction
lara
4
680
Designing for Performance
lara
610
69k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
mbook
imkaoru
izumin5210
otakakot
komofr
satoshi256kbyte
wadakatu
javiergs
teamhimeh
ota1022
irof
eileencodes
bluesmoon
reverentgeek
garrettdimon
trishagee
holman
tammyeverts
nonsquared
jnunemaker
lara
maggiecrowley
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
