[ANN] Brakeman, a vulnerability scanner for RoR apps

Hi all,

I would like to introduce you to brakeman, a static analysis tool which
searches for security vulnerabilities in Ruby on Rails applications.

Although this is the first public release, brakeman can already help you
find:

-SQL injection
-Command injection
-Unrestricted mass assignment
-Unsafe redirects
-Cross site scripting vulnerabilities
-Evaluation of user input
-Insufficient validation regexes
-Unsafe file access

…and more! All without requiring a web server, database, or even
completely working code.

== Installation ==

gem install brakeman

Source: GitHub - presidentbeef/brakeman: A static analysis security vulnerability scanner for Ruby on Rails applications

== Basic Use ==

To generate an HTML report with default options:

brakeman -o report.html /path/to/rails/app

Brakeman has quite a few options, so be sure to use

brakeman -h

to see what is available and also take a gander at the README.

== Problems/Suggestions ==

I’m very interested in any Rails applications which brakeman has trouble
scanning so that I can make it as useful as possible. If brakeman does
not work for you or there are any problems please file an issue so I can
make improvements.

Brakeman is only expected to work with Rails > 2.0 and < 3.0.

Suggestions are very welcome.

-Justin