[LRUG] External pen test recommendations
Frederick Cheung
frederick.cheung at gmail.com
Tue Apr 28 10:21:43 PDT 2020
On Tue, Apr 28, 2020 at 5:20 PM Igor <igor at kedb.net> wrote:
> If you allow me the suggestion, before you make the decision of hiring someone external to your organisation to do this I'd say there's a bit that can be done in-house, if you're up for that. Qualys and Nessus are good examples of tools that can help you find vulnerabilities. There's also:
>
> Brakeman is a good start - it does static analysis of vulnerabilities, is really easy to integrate with CI and integrating it in a rails project is probably one of the cheapest things that can be done to start finding vulnerabilities
> A pentest checklist by Sqreen
> OWASP has a set of quick basic Ruby on Rails security tips for developers here
> Rails guide on Securing Rails Applications
For sure those are all good things - we run brakeman, educate our team
on OWASP etc. however we have clients that like 3rd party testing to
be done (compliance vs security etc.)
Fred
>
>
More information about the Chat
mailing list