[LRUG] External pen test recommendations

Frederick Cheung frederick.cheung at gmail.com
Tue Apr 28 10:21:43 PDT 2020

On Tue, Apr 28, 2020 at 5:20 PM Igor <igor at kedb.net> wrote:
> If you allow me the suggestion, before you make the decision of hiring someone external to your organisation to do this I'd say there's a bit that can be done in-house, if you're up for that. Qualys and Nessus are good examples of tools that can help you find vulnerabilities. There's also:
> Brakeman is a good start - it does static analysis of vulnerabilities, is really easy to integrate with CI and integrating it in a rails project is probably one of the cheapest things that can be done to start finding vulnerabilities
> A pentest checklist by Sqreen
> OWASP has a set of quick basic Ruby on Rails security tips for developers here
> Rails guide on Securing Rails Applications

For sure those are all good things - we run brakeman, educate our team
on OWASP etc. however we have clients that like 3rd party testing to
be done (compliance vs security etc.)


More information about the Chat mailing list