Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Takayuki Matsubara
May 16, 2014
Programming
1
17k

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Takayuki Matsubara

May 16, 2014
Tweet

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
240
Coding Challenge Advent of Code 2019
ma2gedev
0
120
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.2k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
450
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.5k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.1k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
160

Other Decks in Programming

See All in Programming
「個人開発マネタイズ大全」が教えてくれたこと
bani24884
1
240
新宿駅構内を三人称視点で探索してみる
satoshi7190
2
120
Bedrock Agentsレスポンス解析によるAgentのOps
licux
3
930
DRFを少しずつ オニオンアーキテクチャに寄せていく DjangoCongress JP 2025
nealle
2
280
Visual StudioのGitHub Copilotでいろいろやってみる
tomokusaba
1
210
苦しいTiDBへの移行を乗り越えて快適な運用を目指す
leveragestech
0
1.1k
Django NinjaによるAPI開発の効率化とリプレースの実践
kashewnuts
1
280
機能が複雑化しても 頼りになる FactoryBotの話
tamikof
1
210
ナレッジイネイブリングにAIを活用してみる ゆるSRE勉強会 #9
nealle
0
160
負債になりにくいCSSをデザイナとつくるには?
fsubal
10
2.6k
Boos Performance and Developer Productivity with Jakarta EE 11
ivargrimstad
0
420
ソフトウェアエンジニアの成長
masuda220
PRO
12
2.1k

Featured

See All Featured
Become a Pro
speakerdeck
PRO
26
5.2k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Practical Orchestrator
shlominoach
186
10k
Gamification - CAS2011
davidbonilla
80
5.2k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
How to Think Like a Performance Engineer
csswizardry
22
1.4k
The World Runs on Bad Software
bkeepers
PRO
67
11k
Designing Experiences People Love
moore
140
23k
Code Review Best Practice
trishagee
67
18k

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end