BBST Test Design, learn testing, ruby, Ruby on Rails
Reading Time: 2 minutes
TL;DR When I test feature that involve time, depicted graph helps me to understand that feature. I found features that involve time tricky to test because time is abstract attribute…
OWASP, Ruby on Rails, security
Reading Time: < 1 minute
TL;DR This post is about risk sensitive data exposure in your Ruby on Rails application. It will cover unauthorized access and cross site request forgery check (CSRF). Unauthorized access risk…
OWASP, Ruby on Rails, security
Reading Time: 2 minutes
TL;DR Mass assignment is security risk where user can create/update data attributes that is not allowed to update. Here is an example. Imagine application that registers your employees working hours….
Reading Time: < 1 minute
TL;DR This post explains how to check your Rails application source code for cross site scripting (XSS) attack. Cross site scripting means that your application accepts html code as user…
Ruby on Rails, security, security testing
Reading Time: < 1 minute
TL;DR This post is about checking “The Gates” of your Rails application. Every web application is a set of urls. Some of them are publically available and some are available…
Ruby on Rails, security, security testing, Uncategorized
Reading Time: 2 minutes
TL;DR This post will explain how to check your Ruby on Rails code base against sql injections [Wikipedia]. After you have read Wikipedia source link about sql injections, you are…
OWASP, Ruby on Rails, security
Reading Time: 2 minutes
TL;DR This is next post in series about Ruby on Rails security. In previous post I explained how to harden other servers. This time I will explain daily security check…
Ruby on Rails, security, security testing
Reading Time: < 1 minute
TL;DR In previous post I described how to do security hardening for your Ruby on Rails web server. In this post I will talk about other servers: database, openvpn, cache…
OWASP, Ruby on Rails, security
Reading Time: 2 minutes
TL;DR In previous post I explained security hardening for linux server. This post will describe hardening based on server purpose. Modern web application typically consists from following components: web server…
OWASP, Ruby on Rails, security, security testing
Reading Time: 3 minutes
TL;DR Next series of blog posts is about Ruby on Rails bottom up security. I will cover all aspects of web application written in Ruby on Rails framework. Described security…
