Paul's Security Weekly Subscribe

Application security, Security Staff Acquisition & Development

Brakeman – Justin Collins – PSW #710

September 16, 2021

Brakeman is a free static analysis security tool specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security issues at any stage of development.

Justin first released Brakeman in 2010. In 2018, the commercial version, "Brakeman Pro", was acquired by Synopsys. Brakeman continues to be a very popular security tool for Rails, with tens of thousands of downloads per day.

https://github.com/presidentbeef/brakeman

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

People Empowerer for Product Security Team at Gusto

Justin currently empowers the product security team at Gusto. In the past, he has been an application security engineer at SurveyMonkey, Twitter, & AT&T Interactive. Justin is the primary author of Brakeman, a free static analysis security tool for Ruby on Rails. The commercial version of Brakeman was acquired by Synopsys in 2018.

Hosts

Paul Asadoorian

Principal Security Researcher at Eclypsium

https://securitypodcaster.com

Senior Engineering Leader at AWS

Patrick Laverty

Security Consultant at Rapid 7

http://patricklaverty.com/

Related

Vulnerability Management

2024 End-of-Year News and Wrapup – ESW #388

December 19, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP – ASW #311

December 16, 2024

Curl's oldest bug yet, RCPs (and more!) from AWS re:Invent, possible controls for NPM's malware proliferation, insights and next steps on protecting top 500 packages from the Census III report, the flawed design choice that made Microsoft's OTP (successfully) brute-forceable, and more! 00:00 - Intro & Cyber Resilience Insights 01:20 - The 25-Y...

Application security

Applying Usability and Transparency to Security – Hannah Sutor – ASW #311

December 16, 2024

Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and se...