[LRUG] Keeping track of new security vulnerabilities?
Riccardo Tacconi
rtacconi at gmail.com
Wed Sep 25 06:37:27 PDT 2013
This is going out of the current topic a bit but here is a slideshow on
security monitoring and automated pentesting:
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring<https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring>.
Static code analysis is not enough :-)
On 25 September 2013 14:30, Joel Chippindale <joel.chippindale at gmail.com>wrote:
> Thanks to all of you for your excellent suggestions.
>
> Both bundler-audit [1] and brakeman [2] look very interesting and I am
> certainly going to give them a go.
>
> J.
>
>
> [1] https://github.com/rubysec/bundler-audit
> [2] http://brakemanscanner.org/
>
>
>
> On 20 September 2013 12:49, Chris Mear <chrismear at gmail.com> wrote:
>
>> On 20 Sep 2013, at 10:21, Mark Burns <markthedeveloper at gmail.com> wrote:
>>
>> > Code climate provides a paid for security service. I'm not sure if it
>> is any more comprehensive than the any others but it's at least another
>> option to throw into the mix.
>>
>> I've tried this one. It's for Rails apps only, and AFAICT it's just
>> running Brakeman for you:
>>
>> http://brakemanscanner.org
>>
>> Which is not to say the service doesn't add some potentially handy
>> features: email notifications, tracking of individual problems until they
>> are fixed, easy marking of false-positives, automatic ticket creation... I
>> just didn't personally find those worth the entry fee.
>>
>> Chris
>>
>>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
--
Riccardo Tacconi
Ruby on Rails and PHP development - System Administration
VIRTUELOGIC LIMITED <http://www.virtuelogic.net/>
http://github.com/rtacconi
http://riccardotacconi.blogspot.com
http://twitter.com/rtacconi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130925/c594dbe7/attachment-0003.html>
More information about the Chat
mailing list