Episode 225: 219 RR Brakeman and Rails Security with Justin Collins

Ruby Rogues

• Episode: Episode 225: 219 RR Brakeman and Rails Security with Justin Collins
• Website: Ruby Rogues
• Feed URL: https://feeds.feedwrench.com/RubyRogues.rss
• Duration: 01:06:18
• Published: 2015-08-05 17:00

02:40 - Justin Collins Introduction

• Twitter
• GitHub
• Blog
• Brakeman
  • @brakeman
• SurveyMonkey
• Brakeman Pro
  • @brakemanpro

03:40 - Brakeman & Static Analysis

04:02 - Common Security Vulnerabilities (and Definitions)

• Cross-site Scripting
• SQL Injection    
  • rails-sqli.org
• Mass Assignment
• Open Redirects

08:57 - The Inspiration for Brakeman

09:47 - Getting Brakeman Working (Process)

10:41 - Learning About Security

• The Rails Cheat Sheets
• The Open Web Application Security Project (OWASP)
  • The OWASP Top Ten    

13:01 - Security and The Rails Core Team

• Justin Collins: The World of Ruby on Rails Security @ RailsConf 2015

15:19 - Should Brakeman be integrated into Rails?

16:29 - Running Brakeman On Your CI Machine

• guard-brakeman

17:43 - Are there specific types of vulnerabilities that are hard to find with static analysis?

19:18 - Rails Engines

20:56 - When building an app, is security something you should focus on from the get-go?

• Where should you get started?
  • The OWASP Top Ten

25:32 - Code Schools Teaching Security

26:17 - Translating Lessons Learned Into Brakeman

27:24 - Handling Security and Data Breaches

• Charlie Miller

32:28 - Crowdsourcing Security (Security in Open Source)

• Terri Oda: Bringing Security to Your Open Source Project

34:54 - The Technical Side of Brakeman and Static Analysis Tools

• Identifying a Dangerous Value

37:34 - Data Tracing, Limited Data Flow Analysis

40:52 - Future Brakeman Features

43:29 - Supporting and Contributing to Brakeman

48:23 - PhDs

Picks

"Why didn't you [just]..." and "Did you consider..." Parley Thread (Avdi)
Object Thinking (Developer Reference) by David West (Avdi)
Web Design - The First 100 Years (Avdi)
Brighton Ruby Conference (Avdi)
Email (Avdi)
The Twitter Mute Button (Avdi)
git - the simple guide (Saron)
I Love My Campus (Saron)
LoneStarRuby (Saron)
React Rally (Jessica)
Livecoding.tv (Jessica)
Remembering the Apollo 11 Moon Landing With the Woman Who Made It Happen (Coraline)
Showgoers (Coraline)
AngularJS Kurs (Chuck)
Hire Thom Parkin! (Chuck)
RethinkDB (Justin)

Dealers of Lightning: Xerox PARC and the Dawn of the Computer Age by Michael A. Hiltzik (Justin)
The Search for General Tso (Justin)

Special Guest: Justin Collins.