Hi all, I would like to introduce you to brakeman, a static analysis tool which searches for security vulnerabilities in Ruby on Rails applications. Although this is the first public release, brakeman can already help you find: -SQL injection -Command injection -Unrestricted mass assignment -Unsafe redirects -Cross site scripting vulnerabilities -Evaluation of user input -Insufficient validation regexes -Unsafe file access ...and more! All without requiring a web server, database, or even completely working code. == Installation = gem install brakeman Source: http://github.com/presidentbeef/brakeman == Basic Use = To generate an HTML report with default options: brakeman -o report.html /path/to/rails/app Brakeman has quite a few options, so be sure to use brakeman -h to see what is available and also take a gander at the README. == Problems/Suggestions = I''m very interested in any Rails applications which brakeman has trouble scanning so that I can make it as useful as possible. If brakeman does not work for you or there are any problems please file an issue so I can make improvements. Brakeman is only expected to work with Rails > 2.0 and < 3.0. Suggestions are very welcome. -Justin -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.