1 Level
763 Review
53 Karma
Review on Brakeman by Todd Markel
Easy way of conducting vulnerability scares
I like that it's easy to use, you can get up and running quickly without needing much knowledge about rails or ruby in general. There are some features i dislike (like not having an API) but they're minor things. If you want something simple i would recommend giving this one a try! You don't need extensive experience with both ruby/rails and vulnerabilities research to be able to learn how to do basic scans and get results in no time. We were looking for a solution where we could just plug in our app files and have something scan them for common vulnerabilities using open source tools.
Pros
- The tool is super fast at scanning applications so there isn’t really any waiting when doing multiple tests which makes sense considering what type software these kinds solutions target anyway :) It does its job well regardless if your application was written by someone experienced who knows best practices from security perspective OR whether people used poor decisions such as including mass assignment protection etc.It runs through all standard checks required before production launch even though maybe developers overlooked certain issues during
Cons
- Some difficulties
