Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Find security issues in your Rails applications

Avatar for Takayuki Matsubara Takayuki Matsubara
May 16, 2014
Programming
1
18k

Find security issues in your Rails applications

Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24

Avatar for Takayuki Matsubara

Takayuki Matsubara

May 16, 2014
Tweet

More Decks by Takayuki Matsubara

See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
Avatar for Takayuki Matsubara ma2gedev
0
330
Coding Challenge Advent of Code 2019
Avatar for Takayuki Matsubara ma2gedev
0
160
Developer Experience in GraphQL Schema-first Development
Avatar for Takayuki Matsubara ma2gedev
0
2.4k
Dependency Inversion Principle in Keyboard Firmware
Avatar for Takayuki Matsubara ma2gedev
0
530
OSSの歩き方 / Walking with OSS
Avatar for Takayuki Matsubara ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
Avatar for Takayuki Matsubara ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
Avatar for Takayuki Matsubara ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
Avatar for Takayuki Matsubara ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
Avatar for Takayuki Matsubara ma2gedev
1
190

Other Decks in Programming

See All in Programming
「やめとこ」がなくなった — 1月にZennを始めて22本書いた AI共創開発のリアル
Avatar for atani atani14
0
370
Go 1.26でのsliceのメモリアロケーション最適化 / Go 1.26 リリースパーティ #go126party
Avatar for mazrean mazrean
1
380
ポーリング処理廃止によるイベント駆動アーキテクチャへの移行
Avatar for Seitaro Fujigaki seitarof
3
1k
守る「だけ」の優しいEMを抜けて、 事業とチームを両方見る視点を身につけた話
Avatar for Mitsui maroon8021
3
750
CSC307 Lecture 13
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
320
ベクトル検索のフィルタを用いた機械学習モデルとの統合 / python-meetup-fukuoka-06-vector-attr
Avatar for monochromegane monochromegane
2
390
最初からAWS CDKで技術検証してもいいんじゃない?
Avatar for アキキー | Akihisa Ikeda akihisaikeda
4
130
S3ストレージクラスの「見える」「ある」「使える」は全部違う ─ 体験から見た、仕様の深淵を覗く
Avatar for ya_ma23 ya_ma23
0
340
grapheme_strrev関数が採択されました(あと雑感)
Avatar for てきめん tekimen youkidearitai
PRO
1
210
Codexに役割を持たせる 他のAIエージェントと組み合わせる実務Tips
Avatar for o8n o8n
4
1.3k
「抽象に依存せよ」が分からなかった新卒1年目の私が Goのインターフェースと和解するまで
Avatar for Genki-Miyakawa kurogenki
0
110
AI主導でFastAPIのWebサービスを作るときに 人間が構造化すべき境界線
Avatar for Jun okazaki okajun35
0
700

Featured

See All Featured
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
7.1k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
8.1k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
How to make the Groovebox
Avatar for あそなす asonas
2
2k
Navigating the moral maze — ethical principles for Al-driven product design
Avatar for Skipper Chong Warson skipperchong
2
280
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.7k
SEO in 2025: How to Prepare for the Future of Search
Avatar for Michael King ipullrank
3
3.4k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
1
480
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.4k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
190
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
150

Transcript

  1. Find security issues in your Rails applications

  2. self-introduction » ma2ge @twitter » ma2gedev @github

  3. Find security issues in your Rails applications

  4. !"#

  5. None

  6. Brakeman

  7. ⭐1.6k

  8. None

  9. How to use $ gem i brakeman $ brakeman -o

    output.html

  10. Let's try !

  11. class FeaturesController < ApplicationController def vulnerable eval params[:code] end end

  12. None

  13. Let's try next case !

  14. class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end

    end # in view <%= eval @unsafe_value %>
  15. None
  16. None

  17. Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin

  18. None

  19. !"

  20. Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/

  21. end