[LRUG] External pen test recommendations

Igor igor at kedb.net
Tue Apr 28 08:38:09 PDT 2020

Hi Frederick,

If you allow me the suggestion, before you make the decision of hiring
someone external to your organisation to do this I'd say there's a bit that
can be done in-house, if you're up for that. Qualys and Nessus are good
examples of tools that can help you find vulnerabilities. There's also:

   - Brakeman <https://github.com/presidentbeef/brakeman> is a good start
   - it does static analysis of vulnerabilities, is really easy to integrate
   with CI and integrating it in a rails project is probably one of the
   cheapest things that can be done to start finding vulnerabilities
   - A pentest checklist
   <https://www.sqreen.com/checklists/pentest-checklist> by Sqreen
   - OWASP has a set of quick basic Ruby on Rails security tips for
   developers here
   - Rails guide on Securing Rails Applications

Having said that, I know a pen testing specialist who I can recommend. If
you're interested, let me know via PM and I'd be happy to connect you with


On Tue, Apr 28, 2020 at 3:38 PM Frederick Cheung <frederick.cheung at gmail.com>

> Hi,
> Does anyone have any recommendations on providers of pen tests? The apps
> we’re testing are rails apps so I guess someone with some familiarity with
> common pitfalls/misconfigurations of rails applications would be useful
> I did find
> http://lists.lrug.org/htdig.cgi/chat-lrug.org/2012-January/019543.html but
> 2012 is probably prehistory in this domain
> Thanks,
> Fred
> Sent from my iPhone
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> Archives: http://lists.lrug.org/pipermail/chat-lrug.org
> Manage your subscription: http://lists.lrug.org/options.cgi/chat-lrug.org
> List info: http://lists.lrug.org/listinfo.cgi/chat-lrug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20200428/9c6e0e55/attachment.html>

More information about the Chat mailing list