Ruby on Rails静态代码扫描工具—Brakeman v1.9.5

  • A+
所属分类:神兵利刃

Brakeman是一个针对Ruby on Rails应用的开源安全扫描工具,他可以静态分析Rails应用代码,帮助安全研究人员在开发流程中发现安全问题。

Ruby on Rails静态代码扫描工具—Brakeman v1.9.5

与其他大多数web安全扫描器不同的是,Brakeman检查的是你应用的源代码(白盒),并可以最终生成一份不错的报告。

特性

配置简单
Brakeman requires zero setup or configuration once it is installed. Just run it.

白盒扫描
Because all Brakeman needs is source code, Brakeman can be run at any stage of development: you can generate a new application with rails new and immediately check it with Brakeman.

不依赖于爬虫,覆盖全面
Since Brakeman does not rely on spidering sites to determine all their pages, it can provide more complete coverage of an application. This includes pages which may not be ‘live’ yet. In theory, Brakeman can find security vulnerabilities before they become exploitable.

可检查应用配置
Brakeman is specifically built for Ruby on Rails applications, so it can easily check configuration settings for best practices.

测试灵活
Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.

速度优越于黑盒测试
While Brakeman may not be exceptionally speedy, it is much faster than “black box” website scanners. Even large applications should not take more than a few minutes to scan.

下载地址

  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: