Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
18k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
320
Coding Challenge Advent of Code 2019
ma2gedev
0
150
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
510
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
180
Other Decks in Programming
See All in Programming
しっかり学ぶ java.lang.*
nagise
1
460
GraalVM Native Image トラブルシューティング機能の最新状況(2025年版)
ntt_dsol_java
0
170
ソフトウェア設計の課題・原則・実践技法
masuda220
PRO
24
19k
開発15年のAIネイティブでない 巨大サービスのAI最適化
rapicro
0
110
Web エンジニアが JavaScript で AI Agent を作る / JSConf JP 2025 sponsor session
izumin5210
4
2.1k
モダンJSフレームワークのビルドプロセス 〜なぜReactは503行、Svelteは12行なのか〜
fuuki12
0
140
All(?) About Point Sets
hole
0
230
2025 컴포즈 마법사
jisungbin
0
160
複数人でのCLI/Infrastructure as Codeの暮らしを良くする
shmokmt
4
1.5k
CSC305 Lecture 17
javiergs
PRO
0
200
Full-Cycle Reactivity in Angular: SignalStore mit Signal Forms und Resources
manfredsteyer
PRO
0
150
無秩序からの脱却 / Emergence from chaos
nrslib
2
10k
Featured
See All Featured
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.8k
The Language of Interfaces
destraynor
162
25k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
249
1.3M
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
The Cult of Friendly URLs
andyhume
79
6.7k
Fireside Chat
paigeccino
41
3.7k
Faster Mobile Websites
deanohume
310
31k
A designer walks into a library…
pauljervisheath
210
24k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.6k
Why Our Code Smells
bkeepers
PRO
340
57k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
nagise
ntt_dsol_java
masuda220
rapicro
izumin5210
fuuki12
hole
.png){kind=avatar}
jisungbin
shmokmt
javiergs
manfredsteyer
nrslib
eileencodes
destraynor
samanthasiow
sugarenia
keavy
andyhume
paigeccino
deanohume
pauljervisheath
yeseniaperezcruz
marktimemedia
bkeepers
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
