Los Angeles/2011 Meetings/May 25

Topic: Automated Detection of Security Flaws in Ruby on Rails Code
[[Media:Justin_Collins-OWASPLA-Brakeman.pdf| Justin's Brakeman Presentation]]

Speaker: Justin Collins
Justin is a Security Engineer at AT&T Interactive and a PhD candidate in computer Science at UCLA. He wrote and published Brakeman, security code analyzer for Ruby on Rails code, which is available on GitHub.

Abstract: Automated Detection of Security Flaws in Ruby on Rails Code
Ruby on Rails is a popular web framework which is rapidly being adopted by companies. While Ruby is a very dynamic language, Rails’ adherence to the concept of “convention over configuration” has made it possible to create a capable, open source static analysis tool called “Brakeman” for finding security vulnerabilities at the source code level. Hudson – recently renamed Jenkins – is a continuous integration system which can be configured to run and monitor a wide variety of jobs. This talk will focus on the advantages of using static analysis for discovering security issues, and demonstrate how easy it is automatically monitor vulnerabilities in Ruby on Rails applications during all stages of development using Brakeman and Jenkins.