Justin Collins
2011-Dec-08 20:14 UTC
[ANN] Brakeman 1.0 Released: Static analysis security scanning for Rails apps
Brakeman 1.0 has been released! http://brakemanscanner.org # What is is Brakeman provides vulnerability checks for Rails applications by scanning the source code. No deployment or application stack required. Brakeman searches for: * Cross Site Scripting * SQL Injection * Command Injection * Mass Assignment * Cross-Site Request Forgery * Unprotected Redirects * Default Routes * Insufficient Format Validation * Dynamic Render Paths * Dangerous Evaluation * File Access * Unsafe Session Settings * Version-specific Rails vulnerabilities * ...and more! # How to use it gem install brakeman brakeman your_app_path # Changes since 0.9.2 * Better handling of assignments inside ifs * Check more expressions for SQL injection * Use latest ruby_parser for better 1.9 syntax support * Better behavior for Brakeman as a library * Brakeman can now be used as a library * Faster call search * Add option to return error code if warnings are found (tw-ngreen) * Allow truncated messages to be expanded in HTML * Keep expanded context in view in HTML output * Fix summary when using warning thresholds * Better support for Rails 3 routes * Reduce SQL injection duplicate warnings * Lower confidence on mass assignment with no user input * Ignore mass assignment using all literal arguments -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.