Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
17k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
280
Coding Challenge Advent of Code 2019
ma2gedev
0
130
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.2k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
480
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
170
Other Decks in Programming
See All in Programming
ReadMoreTextView
fornewid
1
440
Perlで痩せる
yuukis
1
690
iOSアプリ開発で 関数型プログラミングを実現する The Composable Architectureの紹介
yimajo
2
210
Development of an App for Intuitive AI Learning - Blockly Summit 2025
teba_eleven
0
120
C++20 射影変換
faithandbrave
0
480
エラーって何種類あるの?
kajitack
5
150
Java on Azure で LangGraph!
kohei3110
0
140
複数アプリケーションを育てていくための共通化戦略
irof
10
3.9k
KotlinConf 2025 現地参加の土産話
n_takehata
0
100
TypeScript LSP の今までとこれから
quramy
1
500
從零到一:搭建你的第一個 Observability 平台
blueswen
1
940
機械学習って何? 5分で解説頑張ってみる
kuroneko2828
0
210
Featured
See All Featured
BBQ
matthewcrist
89
9.7k
Testing 201, or: Great Expectations
jmmastey
42
7.5k
Fireside Chat
paigeccino
37
3.5k
StorybookのUI Testing Handbookを読んだ
zakiyama
30
5.8k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
181
53k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
Designing Experiences People Love
moore
142
24k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
The Pragmatic Product Professional
lauravandoore
35
6.7k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
fornewid
yuukis
yimajo
teba_eleven
faithandbrave
kajitack
kohei3110
irof
n_takehata
quramy
blueswen
kuroneko2828
matthewcrist
jmmastey
paigeccino
zakiyama
bluesmoon
sugarenia
garrettdimon
soudai
stephaniewalter
moore
wjessup
lauravandoore
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
