Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Find security issues in your Rails applications
Search
Takayuki Matsubara
May 16, 2014
Programming
18k
1
Share
Find security issues in your Rails applications
Introduce Brakeman - Rails security scanner
#m3dev M3 Tech Talk #24
Takayuki Matsubara
May 16, 2014
More Decks by Takayuki Matsubara
See All by Takayuki Matsubara
Rails Web Development with AWS Lambda
ma2gedev
0
340
Coding Challenge Advent of Code 2019
ma2gedev
0
160
Developer Experience in GraphQL Schema-first Development
ma2gedev
0
2.4k
Dependency Inversion Principle in Keyboard Firmware
ma2gedev
0
540
OSSの歩き方 / Walking with OSS
ma2gedev
10
2.6k
GraphQL 開発で必要になったこと / What we needed for GraphQL development
ma2gedev
0
1.3k
キーボードをカスタムしてプログラミング環境を良くした話 / Improved programming environment with customizing keybords
ma2gedev
0
1.4k
Translating "Erlang in Anger" with Erlang & Elixir community members
ma2gedev
0
2.9k
Dive into Elixir v1.6 Code Formatter
ma2gedev
1
200
Other Decks in Programming
See All in Programming
AWSコミュニティ活動は顧客のクラウド推進に効くのか / Do AWS community activities help customers adopt the cloud?
seike460
PRO
0
150
HTML-Aware ERB: The Path to Reactive Rendering @ RubyKaigi 2026, Hakodate, Japan
marcoroth
0
290
Running Swift without an OS
kishikawakatsumi
0
850
2026_04_15_量子計算をパズルとして解く
hideakitakechi
0
110
VueエンジニアがReactを触って感じた_設計の違い
koukimiura
0
180
アーキテクチャモダナイゼーションとは何か
nwiizo
19
5.5k
Spec-driven Development: How AI Changes Everything (And Nothing)
simas
PRO
0
260
Swift Concurrency Type System
inamiy
1
550
JAWS-UG横浜 #100 祝・第100回スペシャル AWS は VPC レスの時代へ
maroon1st
0
180
ハーネスエンジニアリングにどう向き合うか 〜ルールファイルを超えて開発プロセスを設計する〜 / How to approach harness engineering
rkaga
24
14k
検索設計から 推論設計への重心移動と Recall-First Retrieval
po3rin
4
1.2k
[RubyKaigi 2026] Require Hooks
palkan
1
230
Featured
See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Documentation Writing (for coders)
carmenintech
77
5.3k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.3k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
520
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.9k
Why Our Code Smells
bkeepers
PRO
340
58k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
inesmontani
PRO
3
2.2k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
110
Faster Mobile Websites
deanohume
310
31k
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
210
Transcript
Find security issues in your Rails applications
self-introduction » ma2ge @twitter » ma2gedev @github
Find security issues in your Rails applications
!"#
None
Brakeman
⭐1.6k
None
How to use $ gem i brakeman $ brakeman -o
output.html
Let's try !
class FeaturesController < ApplicationController def vulnerable eval params[:code] end end
None
Let's try next case !
class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end
end # in view <%= eval @unsafe_value %>
None
None
Brakeman Plugin https://wiki.jenkins-ci.org/ display/JENKINS/Brakeman +Plugin
None
!"
Resources » http://brakemanscanner.org/ » https://github.com/presidentbeef/brakeman » http://brakemanscanner.org/docs/jenkins/
end
ma2gedev
seike460
marcoroth
kishikawakatsumi
hideakitakechi
koukimiura
nwiizo
simas
inamiy
maroon1st
rkaga
po3rin
palkan
jeffersonlam
carmenintech
irinanazarova
baasie
garrettdimon
bkeepers
aleyda
inesmontani
rmw
marketingsoph
deanohume
nikkihalliwell
![class FeaturesController < ApplicationController def vulnerable eval params[:code] end end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_10.jpg){kind=link}
![class FeaturesController < ApplicationController def vulnerable @unsafe_value = params[:code] end](https://files.speakerdeck.com/presentations/4d87d190bee40131ae3866fdbbb32492/slide_13.jpg){kind=link}
