Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
17k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
300
Coding Challenge Advent of Code 2019
ma2gedev
0
140
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
490
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.3k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.8k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
180
Other Decks in Programming
See All in Programming
250830 IaCの選定~AWS SAMのLambdaをECSに乗り換えたときの備忘録~
east_takumi
0
350
Kiroで始めるAI-DLC
kaonash
2
490
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
280
FindyにおけるTakumi活用と脆弱性管理のこれから
rvirus0817
0
270
Azure SRE Agentで運用は楽になるのか?
kkamegawa
0
900
マイコンでもRustのtestがしたい その2/KernelVM Tokyo 18
tnishinaga
2
2.4k
MCPでVibe Working。そして、結局はContext Eng(略)/ Working with Vibe on MCP And Context Eng
rkaga
3
270
AIレビュアーをスケールさせるには / Scaling AI Reviewers
technuma
2
230
Introducing ReActionView: A new ActionView-compatible ERB Engine @ Rails World 2025, Amsterdam
marcoroth
0
150
AIでLINEスタンプを作ってみた
eycjur
1
220
Langfuseと歩む生成AI活用推進
licux
3
320
テストカバレッジ100%を10年続けて得られた学びと品質
mottyzzz
2
370
Featured
See All Featured
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Git: the NoSQL Database
bkeepers
PRO
431
66k
Designing for humans not robots
tammielis
253
25k
The World Runs on Bad Software
bkeepers
PRO
70
11k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Visualization
eitanlees
147
16k
Art, The Web, and Tiny UX
lynnandtonic
302
21k
It's Worth the Effort
3n
187
28k
Embracing the Ebb and Flow
colly
87
4.8k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
How STYLIGHT went responsive
nonsquared
100
5.8k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
east_takumi
kaonash
ivargrimstad
rvirus0817
kkamegawa
tnishinaga
rkaga
technuma
marcoroth
eycjur
licux
mottyzzz
chriscoyier
bkeepers
tammielis
sugarenia
eitanlees
lynnandtonic
3n
colly
sstephenson
nonsquared
mongodb
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
