219 RR Brakeman and Rails Security with Justin Collins

02:40 - Justin Collins Introduction

• Twitter 
• GitHub 
• Blog
• Brakeman
  • @brakeman
• SurveyMonkey
• Brakeman Pro
  • @brakemanpro

03:40 - Brakeman & Static Analysis 04:02 - Common Security Vulnerabilities (and Definitions)

• Cross-site Scripting
• SQL Injection    
  • rails-sqli.org
• Mass Assignment
• Open Redirects

08:57 - The Inspiration for Brakeman09:47 - Getting Brakeman Working (Process)10:41 - Learning About Security

• The Rails Cheat Sheets
• The Open Web Application Security Project (OWASP)
  • The OWASP Top Ten    

13:01 - Security and The Rails Core Team

• Justin Collins: The World of Ruby on Rails Security @ RailsConf 2015 

15:19 - Should Brakeman be integrated into Rails?16:29 - Running Brakeman On Your CI Machine

• guard-brakeman

17:43 - Are there specific types of vulnerabilities that are hard to find with static analysis?19:18 - Rails Engines20:56 - When building an app, is security something you should focus on from the get-go?

• Where should you get started?
  • The OWASP Top Ten

25:32 - Code Schools Teaching Security26:17 - Translating Lessons Learned Into Brakeman27:24 - Handling Security and Data Breaches

• Charlie Miller

32:28 - Crowdsourcing Security (Security in Open Source)

• Terri Oda: Bringing Security to Your Open Source Project 

34:54 - The Technical Side of Brakeman and Static Analysis Tools

• Identifying a Dangerous Value

37:34 - Data Tracing,...