Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Takayuki Matsubara Takayuki Matsubara
May 16, 2014
Programming
18k
1

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Avatar for Takayuki Matsubara

Takayuki Matsubara

May 16, 2014

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
Avatar for Takayuki Matsubara ma2gedev
0
340
Coding Challenge Advent of Code 2019
Avatar for Takayuki Matsubara ma2gedev
0
170
Developer Experience in GraphQL Schema-first Development
Avatar for Takayuki Matsubara ma2gedev
0
2.4k
Dependency Inversion Principle in Keyboard Firmware
Avatar for Takayuki Matsubara ma2gedev
0
560
OSSの歩き方 / Walking with OSS
Avatar for Takayuki Matsubara ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
Avatar for Takayuki Matsubara ma2gedev
0
1.3k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
Avatar for Takayuki Matsubara ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
Avatar for Takayuki Matsubara ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
Avatar for Takayuki Matsubara ma2gedev
1
200

Other Decks in Programming

See All in Programming
Claspは野良GASの夢をみるか
Avatar for てらうちたかし takter00
0
160
正しくソフトウェアを作る、前提を疑うための認知の視点 / doubt-premise
Avatar for MinoDriven minodriven
17
5.8k
AI 時代のソフトウェア設計の学び方
Avatar for 増田 亨 masuda220
PRO
29
12k
JavaDoc 再入門
Avatar for nagise nagise
0
270
AIとRubyの静的型付け
Avatar for ukin0k0 ukin0k0
0
530
柔軟なPDFレイアウトエディタを支える型システム設計 — Discriminated UnionとConditional Typeの実践
Avatar for minako-ph minako__ph
4
1.4k
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
Avatar for Yuku Kotani yukukotani
3
2.6k
「エンジニアインターン、どうやって取った?」準備のリアルを語るLT会 Progate BAR
Avatar for akio akiomatic
0
120
開発体験を左右するライブラリの API 設計 - GraphQL スキーマ構築ライブラリから考える #tskaigi
Avatar for izumin5210 izumin5210
2
1.6k
AI駆動開発勉強会 広島支部 第一回勉強会 AI駆動開発概要とワークショップ
Avatar for smz hyt hayatoshimiu
0
440
脅威をエンジニアリングの糧にして――現場編 / Turning Threats into Engineering Fuel — Field Edition
Avatar for nrs nrslib
0
250
エージェンティックRAGにAWSで入門しよう!
Avatar for Har1101 har1101
5
540

Featured

See All Featured
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
96
14k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
41
2.5k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
6
1.1k
No one is an island. Learnings from fostering a developers community.
Avatar for Antonio thoeni
21
3.7k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
3.3k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
247
13k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
Avatar for Aleyda Solis aleyda
2
11k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
59
6.6k
Public Speaking Without Barfing On Your Shoes - THAT 2023
Avatar for David Neal reverentgeek
1
410
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
15k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
600

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end