情報収集場所 - rubyのコードをセキュリティの観点から見るときの参考用

情報収集場所

脆弱性データベース

ruby-advisory-db

https://github.com/rubysec/ruby-advisory-db

GitHub Advisory Database (Rubygems)

Snyk vulnerability DB (Rubygems)

Ruby, Ruby on Railsの脆弱性公開場所

Ruby

https://www.ruby-lang.org/en/security/

https://groups.google.com/g/ruby-security-ann

Rails, rack

https://discuss.rubyonrails.org/tag/security

https://discuss.rubyonrails.org/c/security-announcements/9

hackerone

https://hackerone.com/rails?type=team

https://groups.google.com/g/rubyonrails-security

メーリングリストは廃止

https://groups.google.com/g/rubyonrails-security/c/gop_gIKDw00

アプリケーション

HackerOne

https://hackerone.com/security?type=team

https://hackerone.com/security/hacktivity

Github

https://hackerone.com/github?type=team

https://bounty.github.com/

Gitlab

https://hackerone.com/gitlab?type=team

https://gitlab-com.gitlab.io/gl-security/security-tech-notes/

Shopify

https://hackerone.com/shopify?type=team

https://hackerone.com/shopify/hacktivity

Discourse

https://hackerone.com/discourse?type=team

News

https://www.getrevue.co/profile/pentesterlab

https://blog.sonatype.com/?topnav=true

https://portswigger.net/daily-swig

更新停止

https://pentester.land/writeups/

https://shopify.engineering/topics/development

https://techracho.bpsinc.jp/category/ruby-rails-related

https://bugcrowd.com/crowdstream

https://github.com/ruby/ruby/blob/master/doc/security.rdoc