I was wondering if brakeman covers/scans for OWASP top 10 security vulnerabilities:
This is the OWASP top 10:
https://www.owasp.org/index.php/Top_10_2013-Top_10
Is there documentation somewhere on brakeman that shows that it covers the above scans.
I am using ruby on rails 4 and the latest version of brakeman.
You can't really define things in terms of "covering" the OWASP Top 10 since they are categories of vulnerabilities, sometimes very broad.
A1 Injection
Brakeman detects SQL injection and command injection.
A2 Broken Authentication and Session Management
Brakeman warns about unsafe Basic Auth usage and poor session settings. However, A2 is really about how applications implement authentication and session management. Detecting if this is done poorly is pretty difficult.
A3 Cross-Site Scripting (XSS)
Brakeman warns about many instances and variations of XSS.
A4 Insecure Direct Object References
Brakeman has an optional check for unscoped finds, which are an instance of IDOR.
A5 Security Misconfiguration
This is more often a server-level issue and is incredibly broad. Brakeman does detect when SSL verification is turned off for HTTP calls.
A6 Sensitive Data Exposure
A6 is mostly about storing/transmitting data unencrypted. Brakeman does not detect this.
A7 Missing Function Level Access Control
Brakeman does not detect this. Pretty hard to guess what should and should not have access controls.
A8 Cross-Site Request Forgery (CSRF)
Brakeman warns about disabled CSRF protection and unsafe configurations.
A9 Using Components with Known Vulnerabilities
Brakeman only warns about CVEs in Rails. Use bundler-audit for other dependencies.
A10 Unvalidated Redirects and Forwards
Brakeman warns about open redirects.
Keep in mind the OWASP Top 10 is a good resource but not exhaustive (just the "Top 10"). Brakeman's warning categories will give you a sense of the other issues it detects.
