

[ANN] Codesake::Dawn v1.0.0 released - thesp0nge
http://dawn.codesake.com/blog/announce-codesake-dawn-v1-0-0-released/

======
thesp0nge
After 9 months of development, it’s now time for Codesake::Dawn security
source code scanner first major release.

Codesake::Dawn is a static analysis security scanner for ruby written web
applications. It supports Sinatra, Padrino and Ruby on Rails frameworks.

Version 1.0 introduces 142 security checks against public bulletins since
2006, you can use to check the vulnerabilities introduced by third party
libraries your web application include in its Gemfile.

Writing safe code it’s important, but sometimes security issues are introduced
by third party code your application relies on. As example, consider a SQL
Injection vulnerability introduced by Ruby on Rails framework. Despite the
effort you spend in sanitize inputs, your web application inherits the
vulnerability suffering as well. An attacker can easily exploit it and break
into your database unless you upgrade the offended gem.

There is a comprehensive set of command line flags you can read more by
issuing dawn -h flag or by reading project README file.

The list of security checks included in version 1.0.0 can be found online at:
[http://dawn.codesake.com/knowledge-base](http://dawn.codesake.com/knowledge-
base).

You can use facilities provided by github to submit bug reports, product
enhancements, new security checks you want to me to add in future releases and
even success stories.

Now it’s time for you to install Codesake::Dawn version 1.0.0 with the
following command and start reviewing your code for security issues:

$ gem install codesake-dawn

Enjoy it! Paolo - paolo@codesake.com

