[ANN] Brakeman 1.0 Released: Static analysis security scanning for Rails apps

Brakeman 1.0 has been released!

http://brakemanscanner.org

What is is

Brakeman provides vulnerability checks for Rails applications by
scanning the source code. No deployment or application stack required.

Brakeman searches for:

  • Cross Site Scripting
  • SQL Injection
  • Command Injection
  • Mass Assignment
  • Cross-Site Request Forgery
  • Unprotected Redirects
  • Default Routes
  • Insufficient Format Validation
  • Dynamic Render Paths
  • Dangerous Evaluation
  • File Access
  • Unsafe Session Settings
  • Version-specific Rails vulnerabilities
  • …and more!

How to use it

gem install brakeman

brakeman your_app_path

Changes since 0.9.2

  • Better handling of assignments inside ifs
  • Check more expressions for SQL injection
  • Use latest ruby_parser for better 1.9 syntax support
  • Better behavior for Brakeman as a library
  • Brakeman can now be used as a library
  • Faster call search
  • Add option to return error code if warnings are found (tw-ngreen)
  • Allow truncated messages to be expanded in HTML
  • Keep expanded context in view in HTML output
  • Fix summary when using warning thresholds
  • Better support for Rails 3 routes
  • Reduce SQL injection duplicate warnings
  • Lower confidence on mass assignment with no user input
  • Ignore mass assignment using all literal arguments

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs