Time modeling
BBST Test Design, learn testing, ruby, Ruby on Rails
TL;DR When I test feature that involve time, depicted graph helps me to understand that feature. I found features that involve time tricky to test because time is abstract attribute…
Category: Ruby on Rails
Ruby on Rails bottom up security – sensitive data exposure
OWASP, Ruby on Rails, security
TL;DR This post is about risk sensitive data exposure in your Ruby on Rails application. It will cover unauthorized access and cross site request forgery check (CSRF). Unauthorized access risk…
Ruby on Rails bottom up security – mass assignment
OWASP, Ruby on Rails, security
TL;DR Mass assignment is security risk where user can create/update data attributes that is not allowed to update. Here is an example. Imagine application that registers your employees working hours….
Ruby on Rails bottom up security – Cross site scripting (XSS) check
TL;DR This post explains how to check your Rails application source code for cross site scripting (XSS) attack. Cross site scripting means that your application accepts html code as user…
Ruby on Rails bottom up security – authentication and session management check
Ruby on Rails, security, security testing
TL;DR This post is about checking “The Gates” of your Rails application. Every web application is a set of urls. Some of them are publically available and some are available…
Ruby on Rails bottom up security – sql injection check
Ruby on Rails, security, security testing, Uncategorized
TL;DR This post will explain how to check your Ruby on Rails code base against sql injections [Wikipedia]. After you have read Wikipedia source link about sql injections, you are…
Ruby on Rails bottom up security – daily server check
OWASP, Ruby on Rails, security
TL;DR This is next post in series about Ruby on Rails security. In previous post I explained how to harden other servers. This time I will explain daily security check…
Ruby on Rails bottom up security – other servers
Ruby on Rails, security, security testing
TL;DR In previous post I described how to do security hardening for your Ruby on Rails web server. In this post I will talk about other servers: database, openvpn, cache…
Ruby on Rails bottom up security – web server
OWASP, Ruby on Rails, security
TL;DR In previous post I explained security hardening for linux server. This post will describe hardening based on server purpose. Modern web application typically consists from following components: web server…
Ruby on Rails bottom up security – hardening the servers
OWASP, Ruby on Rails, security, security testing
TL;DR Next series of blog posts is about Ruby on Rails bottom up security. I will cover all aspects of web application written in Ruby on Rails framework. Described security…
