Other Tools                                                                Chapter 11

            Bandit

            Bandit is another great source code analysis tool that analyzes Python using a series of
            customizable plugins that can be used to focus the tool on a specific set of vulnerabilities.
            Unlike QZUBJOU, Bandit doesn't follow a particular methodology like taint analysis; rather,
            the logic applied depends on your plugin integrations.


            Brakeman

            Brakeman (IUUQT   CSBLFNBOTDBOOFS PSH ) is considered one of the top security static
            analysis tools for Rails apps, and is used by industry leaders such as GitHub to secure their
            internal RoR stack. If you have access to the source code, Brakeman is an excellent tool for
            discovering Rails-based issues.


            Burp

            There are many ways to expand on the Burp Suite workflows we've covered in this book.
            Some of the extra solutions will be paid features, to show the appeal of considering a
            subscription, and others will simply be other extensions or features we didn't have time to
            take advantage of in the course of our engagements.


            Burp Extensions

            There are a lot of great Burp extensions you can use to build on your Burp-based
            workflows and better leverage Burp's native capabilities.


            +40/ #FBVUJ`FS
            An easy add, the JSON beautifier pretty-prints any JSON you interact with within Burp
            Suite. It's simple, but formatting can be a big productivity boost if there are portions of your
            process that have a lot of manual interaction. There's also a similar set of beautifiers/pretty-
            printers for other languages, including YML, JS, SAML, and more other common data
            types.












                                                    [ 180 ]