Active scanners operate on on a running application and attempt to discover and/or exploit vulnerabilities
Attempt to discover features vulnerabilities by analyzing an application at rest
All of these are covered in the Rails Security Guide and at length on the web as well as in the Brakeman docs
~/rails_app $ gem install brakeman
~/rails_app $ brakeman [Notice] Detected Rails 3 application Loading scanner... [Notice] Using Ruby 1.9.3. Please make sure this matches the one used to run your Rails application. Processing application in /Users/dworth/Documents/my_projects/badapp Processing configuration... [Notice] Escaping HTML by default Processing gems... # ... SNIP ... Indexing call sites... Running checks in parallel... - CheckBasicAuth - CheckCrossSiteScripting # ... SNIP ...
+BRAKEMAN REPORT+ Application path: /Users/dworth/Documents/my_projects/badapp Rails version: 3.2.1 Generated at 2012-04-11 16:17:02 -0400 Checks run: BasicAuth, CrossSiteScripting, DefaultRoutes, # ... SNIP ... +SUMMARY+ +---------------------------------------------+ | Scanned/Reported | Total | +---------------------------------------------+ | Controllers | 2 | | Models | 1 | | Templates | 1 | | Errors | 0 | | Security Warnings | 2 (1) | | Ignored warnings due to annotations | 0 | +---------------------------------------------+ # ... SNIP ...
-f html -o brakeman_report.html
/