EPISODE · Aug 5, 2015 · 59 MIN
219 RR Brakeman and Rails Security with Justin Collins
from Ruby Rogues · host Charles M Wood
02:40 - Justin Collins IntroductionTwitter GitHub BlogBrakeman@brakemanSurveyMonkeyBrakeman Pro@brakemanpro03:40 - Brakeman & Static Analysis 04:02 - Common Security Vulnerabilities (and Definitions)Cross-site ScriptingSQL Injection rails-sqli.orgMass AssignmentOpen Redirects08:57 - The Inspiration for Brakeman09:47 - Getting Brakeman Working (Process)10:41 - Learning About SecurityThe Rails Cheat SheetsThe Open Web Application Security Project (OWASP)The OWASP Top Ten 13:01 - Security and The Rails Core TeamJustin Collins: The World of Ruby on Rails Security @ RailsConf 2015 15:19 - Should Brakeman be integrated into Rails?16:29 - Running Brakeman On Your CI Machineguard-brakeman17:43 - Are there specific types of vulnerabilities that are hard to find with static analysis?19:18 - Rails Engines20:56 - When building an app, is security something you should focus on from the get-go?Where should you get started?The OWASP Top Ten25:32 - Code Schools Teaching Security26:17 - Translating Lessons Learned Into Brakeman27:24 - Handling Security and Data BreachesCharlie Miller32:28 - Crowdsourcing Security (Security in Open Source)Terri Oda: Bringing Security to Your Open Source Project 34:54 - The Technical Side of Brakeman and Static Analysis ToolsIdentifying a Dangerous Value37:34 - Data Tracing, Limited Data Flow Analysis 40:52 - Future Brakeman Features43:29 - Supporting and Contributing to Brakeman48:23 - PhDsPicks "Why didn't you [just]..." and "Did you consider..." Parley Thread (Avdi) Object Thinking (Developer Reference) by David West (Avdi) Web Design - The First 100 Years (Avdi) Brighton Ruby Conference (Avdi) Email (Avdi) The Twitter Mute Button (Avdi) git - the simple guide (Saron) I Love My Campus (Saron) LoneStarRuby (Saron) React Rally (Jessica) Livecoding.tv (Jessica) Remembering the Apollo 11 Moon Landing With the Woman Who Made It Happen (Coraline) Showgoers (Coraline) AngularJS Kurs (Chuck) Hire Thom Parkin! (Chuck) RethinkDB (Justin) Dealers of Lightning: Xerox PARC and the Dawn of the Computer Age by Michael A. Hiltzik (Justin) The Search for General Tso (Justin)Special Guest: Justin Collins. Advertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacyBecome a supporter of this podcast: https://www.spreaker.com/podcast/ruby-rogues--6102073/support.
What this episode covers
02:40 - Justin Collins IntroductionTwitter GitHub BlogBrakeman@brakemanSurveyMonkeyBrakeman Pro@brakemanpro03:40 - Brakeman & Static Analysis 04:02 - Common Security Vulnerabilities (and Definitions)Cross-site ScriptingSQL Injection rails-sqli.orgMass AssignmentOpen Redirects08:57 - The Inspiration for Brakeman09:47 - Getting Brakeman Working (Process)10:41 - Learning About SecurityThe Rails Cheat SheetsThe Open Web Application Security Project (OWASP)The OWASP Top Ten 13:01 - Security and The Rails Core TeamJustin Collins: The World of Ruby on Rails Security @ RailsConf 2015 15:19 - Should Brakeman be integrated into Rails?16:29 - Running Brakeman On Your CI Machineguard-brakeman17:43 - Are there specific types of vulnerabilities that are hard to find with static analysis?19:18 - Rails Engines20:56 - When building an app, is security something you should focus on from the get-go?Where should you get started?The OWASP Top Ten25:32 - Code Schools Teaching Security26:17 - Translating Lessons Learned Into Brakeman27:24 - Handling Security and Data BreachesCharlie Miller32:28 - Crowdsourcing Security (Security in Open Source)Terri Oda: Bringing Security to Your Open Source Project 34:54 - The Technical Side of Brakeman and Static Analysis ToolsIdentifying a Dangerous Value37:34 - Data Tracing,...
NOW PLAYING
219 RR Brakeman and Rails Security with Justin Collins
No transcript for this episode yet
Similar Episodes
May 12, 2026 ·56m
May 10, 2026 ·52m
May 7, 2026 ·96m
May 5, 2026 ·58m
May 3, 2026 ·29m
Apr 26, 2026 ·66m