This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Los Angeles/2011 Meetings/May 25"
Sarah Baso (talk | contribs) (Created page with "=== Topic: Automated Detection of Security Flaws in Ruby on Rails Code === Ruby on Rails is a popular web framework which is rapidly being adopted by companies. While Ruby is a ...") |
Sarah Baso (talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | + | == Topic: Automated Detection of Security Flaws in Ruby on Rails Code == | |
| − | |||
| − | |||
'''[[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Justin's Brakeman Presentation]]''' | '''[[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Justin's Brakeman Presentation]]''' | ||
| − | + | == Speaker: Justin Collins == | |
Justin is a Security Engineer at AT&T Interactive and a PhD candidate in computer Science at UCLA. He wrote and published Brakeman, security code analyzer for Ruby on Rails code, which is available on GitHub. | Justin is a Security Engineer at AT&T Interactive and a PhD candidate in computer Science at UCLA. He wrote and published Brakeman, security code analyzer for Ruby on Rails code, which is available on GitHub. | ||
| + | |||
| + | |||
| + | == Abstract: Automated Detection of Security Flaws in Ruby on Rails Code == | ||
| + | |||
| + | Ruby on Rails is a popular web framework which is rapidly being adopted by companies. While Ruby is a very dynamic language, Rails’ adherence to the concept of “convention over configuration” has made it possible to create a capable, open source static analysis tool called “Brakeman” for finding security vulnerabilities at the source code level. Hudson – recently renamed Jenkins – is a continuous integration system which can be configured to run and monitor a wide variety of jobs. This talk will focus on the advantages of using static analysis for discovering security issues, and demonstrate how easy it is automatically monitor vulnerabilities in Ruby on Rails applications during all stages of development using Brakeman and Jenkins. | ||
Revision as of 15:06, 31 May 2011
Topic: Automated Detection of Security Flaws in Ruby on Rails Code
Justin's Brakeman Presentation
Speaker: Justin Collins
Justin is a Security Engineer at AT&T Interactive and a PhD candidate in computer Science at UCLA. He wrote and published Brakeman, security code analyzer for Ruby on Rails code, which is available on GitHub.
Abstract: Automated Detection of Security Flaws in Ruby on Rails Code
Ruby on Rails is a popular web framework which is rapidly being adopted by companies. While Ruby is a very dynamic language, Rails’ adherence to the concept of “convention over configuration” has made it possible to create a capable, open source static analysis tool called “Brakeman” for finding security vulnerabilities at the source code level. Hudson – recently renamed Jenkins – is a continuous integration system which can be configured to run and monitor a wide variety of jobs. This talk will focus on the advantages of using static analysis for discovering security issues, and demonstrate how easy it is automatically monitor vulnerabilities in Ruby on Rails applications during all stages of development using Brakeman and Jenkins.
