undefined | Better HN

0 pointstprynn6y ago0 comments

Really? I find that brakeman is a pretty amazing tool which finds a number of surprising issues. Of course, these days the vast majority of Rails apps already have brakeman set up, so it's used more as part of the commit process and less of a "wow, here's a few dozen potentially high-impact web vulns". I wouldn't hesitate to say that it's the most high-signal SCA tool I've used across any language/framework.

(source: a few years of webapp pentesting and Rails app dev)

0 comments

Polylactic_acid6y ago

I ran brakeman on our app and it found a bunch of things that were almost vulnerabilities because it was unable to work out the source of some data going in to a potentially unsafe function but after I inspected all of them, none of them were actual vulnerabilities. Meanwhile a bunch of real issues go undetected that could have been spotted in a language like rust.

thrownaway9546y ago

https://github.com/presidentbeef/brakeman

link to mentioned app for those interested.

slimed6y ago

The bar is low for such tools regardless of programming language. In a language as dynamic as Ruby it's several miles into the Earth's crust. The tool won't be able to tell you much of anything you shouldn't already know. "Potentially high-impact web vulns" is a next to useless metric when provided by such a tool. The rate of false positives is high. A distraction such as this when your application surely has more serious vulnerabilities is not helpful.

dwheeler6y ago

Railroader and Brakeman compensate for this by not being generic analysis tools for Ruby, but instead focusing specifically only on Ruby on Rails. Because Ruby on Rails has a lot of additional conventions, it's much easier to build a specialized tool to look for violations of those conventions.

j / k navigate · click thread line to collapse