<div dir="ltr">This is going out of the current topic a bit but here is a slideshow on security monitoring and automated pentesting:<a href="https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring"> https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring</a>. Static code analysis is not enough :-) </div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On 25 September 2013 14:30, Joel Chippindale <span dir="ltr"><<a href="mailto:joel.chippindale@gmail.com" target="_blank">joel.chippindale@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks to all of you for your excellent suggestions.<div><br></div><div>Both bundler-audit [1] and brakeman [2] look very interesting and I am certainly going to give them a go.</div>
<div><br></div>
<div>J.</div><div><br></div><div><br></div><div>[1] <a href="https://github.com/rubysec/bundler-audit" target="_blank">https://github.com/rubysec/bundler-audit</a></div><div>[2] <a href="http://brakemanscanner.org/" target="_blank">http://brakemanscanner.org/</a></div>
<div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 20 September 2013 12:49, Chris Mear <span dir="ltr"><<a href="mailto:chrismear@gmail.com" target="_blank">chrismear@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On 20 Sep 2013, at 10:21, Mark Burns <<a href="mailto:markthedeveloper@gmail.com" target="_blank">markthedeveloper@gmail.com</a>> wrote:<br>
<br>
> Code climate provides a paid for security service. I'm not sure if it is any more comprehensive than the any others but it's at least another option to throw into the mix.<br>
<br>
</div>I've tried this one. It's for Rails apps only, and AFAICT it's just running Brakeman for you:<br>
<br>
<a href="http://brakemanscanner.org" target="_blank">http://brakemanscanner.org</a><br>
<br>
Which is not to say the service doesn't add some potentially handy features: email notifications, tracking of individual problems until they are fixed, easy marking of false-positives, automatic ticket creation... I just didn't personally find those worth the entry fee.<br>
<span><font color="#888888"><br>
Chris<br>
<br>
</font></span></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Riccardo Tacconi<br>Ruby on Rails and PHP development - System Administration<br><a href="http://www.virtuelogic.net/" target="_blank">VIRTUELOGIC LIMITED</a><br>
<br><a href="http://github.com/rtacconi" target="_blank">http://github.com/rtacconi</a><br><a href="http://riccardotacconi.blogspot.com" target="_blank">http://riccardotacconi.blogspot.com</a><br><a href="http://twitter.com/rtacconi" target="_blank">http://twitter.com/rtacconi</a>
</div>