Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
1
18k
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
Tweet
Share
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
320
Coding Challenge Advent of Code 2019
ma2gedev
0
150
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.3k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
510
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.2k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
180
Other Decks in Programming
See All in Programming
從冷知識到漏洞,你不懂的 Web,駭客懂 - Huli @ WebConf Taiwan 2025
aszx87410
2
2.6k
俺流レスポンシブコーディング 2025
tak_dcxi
14
8.7k
AIコーディングエージェント(Gemini)
kondai24
0
220
ViewファーストなRailsアプリ開発のたのしさ
sugiwe
0
470
ID管理機能開発の裏側 高速にSaaS連携を実現したチームのAI活用編
atzzcokek
0
230
30分でDoctrineの仕組みと使い方を完全にマスターする / phpconkagawa 2025 Doctrine
ttskch
4
870
宅宅自以為的浪漫:跟 AI 一起為自己辦的研討會寫一個售票系統
eddie
0
500
ハイパーメディア駆動アプリケーションとIslandアーキテクチャ: htmxによるWebアプリケーション開発と動的UIの局所的適用
nowaki28
0
420
手が足りない!兼業データエンジニアに必要だったアーキテクチャと立ち回り
zinkosuke
0
690
【CA.ai #3】ワークフローから見直すAIエージェント — 必要な場面と“選ばない”判断
satoaoaka
0
240
251126 TestState APIってなんだっけ?Step Functionsテストどう変わる?
east_takumi
0
320
FluorTracer / RayTracingCamp11
kugimasa
0
230
Featured
See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
GitHub's CSS Performance
jonrohan
1032
470k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.3k
Facilitating Awesome Meetings
lara
57
6.7k
Code Reviewing Like a Champion
maltzj
527
40k
The World Runs on Bad Software
bkeepers
PRO
72
12k
A designer walks into a library…
pauljervisheath
210
24k
Navigating Team Friction
lara
191
16k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Raft: Consensus for Rubyists
vanstee
141
7.2k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.2k
A better future with KSS
kneath
240
18k
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
aszx87410
.jpg){kind=avatar}
tak_dcxi
kondai24
sugiwe
atzzcokek
ttskch
eddie
nowaki28
zinkosuke
satoaoaka
east_takumi
kugimasa
kastner
jonrohan
tammyeverts
lara
maltzj
bkeepers
pauljervisheath
panda_program
vanstee
kneath
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
