Pete CheslockSession Video
About this session
In this workshop. We will show how new users can use AppMap, an open source runtime code analysis tool, to analyze RailsGoat a vulnerable Ruby on Rails application. We’ll show a step my step process for users to get Railsgoat running and also an introduction to VS Code and AppMap. In addition we’ll show:
- Opening projects in VS Code
- Setup and Run Railsgoat locally via bundler
- Install AppMap into VS Code & Ruby Libraries
- Run tests and use Runtime Analysis to identify vulnerabilities
- Navigate AppMaps: Dependency View, Trace View and Sequence Diagrams
- Fix vulnerabilities and use Runtime Analysis to confirm fixes
- Compare Auto-Generate Sequence Diagrams with before/after fixes
- Generate OpenAPI Documentation
- Ingest OpenAPI Documentation into OWASP Zap for targeted Web Application Scanning (DAST)
From here we’ll investigate security findings that can only be picked up within a runtime analysis of the software.