tentamen blog
Blog that makes software testing interesting and exciting.
Menu Close
  • Home
  • About
  • Disclaimer
  • Need a testing service?

Ruby on Rails

1

Time modeling

Posted on April 21, 2018 by Karlo Smid

Reading Time: 2 minutesTL;DR When I test feature that involve time,  depicted graph helps me to understand that feature. I found features that involve time tricky to test because time is abstract attribute and I can not put my hands on it. What… Continue Reading →

BBST Test Design, learn testing, ruby, Ruby on Rails
0

Ruby on Rails bottom up security – sensitive data exposure

Posted on November 25, 2017 by Karlo Smid

Reading Time: 1 minuteTL;DR This post is about risk sensitive data exposure in your Ruby on Rails application. It will cover unauthorized access and cross site request forgery check (CSRF). Unauthorized access risk is simple. User can access data that it is not… Continue Reading →

OWASP, Ruby on Rails, security
0

Ruby on Rails bottom up security – mass assignment

Posted on November 4, 2017 by Karlo Smid

Reading Time: 2 minutesTL;DR Mass assignment is security risk where user can create/update data attributes that is not allowed to update. Here is an example. Imagine application that registers your employees working hours. When user logs in it sets start time, and when… Continue Reading →

OWASP, Ruby on Rails, security
0

Ruby on Rails bottom up security – Cross site scripting (XSS) check

Posted on October 14, 2017 by Karlo Smid

Reading Time: 1 minuteTL;DR This post explains how to check your Rails application source code for cross site scripting (XSS) attack. Cross site scripting means that your application accepts html code as user input. Biggest issue is <script> tag, that allows user to… Continue Reading →

Ruby on Rails, security
0

Ruby on Rails bottom up security – authentication and session management check

Posted on September 30, 2017 by Karlo Smid

Reading Time: 1 minuteTL;DR This post is about checking “The Gates” of your Rails application. Every web application is a set of urls. Some of them are publically available and some are available only to you (e.g. your bank account page should be… Continue Reading →

Ruby on Rails, security, security testing
0

Ruby on Rails bottom up security – sql injection check

Posted on September 9, 2017 by Karlo Smid

Reading Time: 2 minutesTL;DR This post will explain how to check your Ruby on Rails code base against sql injections [Wikipedia]. After you have read Wikipedia source link about sql injections, you are ready to proceed. It is important to state that Ruby… Continue Reading →

Ruby on Rails, security, security testing, Uncategorized
0

Ruby on Rails bottom up security – daily server check

Posted on August 26, 2017 by Karlo Smid

Reading Time: 2 minutesTL;DR This is next post in series about Ruby on Rails security. In previous post I explained how to harden other servers. This time I will explain daily security check for CentOS servers. After you securely set up your Ruby… Continue Reading →

OWASP, Ruby on Rails, security
1

Ruby on Rails bottom up security – other servers

Posted on August 5, 2017 by Karlo Smid

Reading Time: 1 minuteTL;DR In previous post I described how to do security hardening for your Ruby on Rails web server. In this post I will talk about other servers: database, openvpn, cache and job. Database server holds web application data so hacker… Continue Reading →

Ruby on Rails, security, security testing
1

Ruby on Rails bottom up security – web server

Posted on July 29, 2017 by Karlo Smid

Reading Time: 2 minutesTL;DR In previous post I explained security hardening for linux server. This post will describe hardening based on server purpose. Modern web application typically consists from following components: web server database server job server cache server Security hardening for those… Continue Reading →

OWASP, Ruby on Rails, security
1

Ruby on Rails bottom up security – hardening the servers

Posted on July 22, 2017 by Karlo Smid

Reading Time: 3 minutesTL;DR Next series of blog posts is about Ruby on Rails bottom up security. I will cover all aspects of web application written in Ruby on Rails framework. Described security concepts could be applied to any other modern web framework… Continue Reading →

OWASP, Ruby on Rails, security, security testing

Post navigation

Older Articles

Monty Python’s famous bank robber sketch in context of software testing.

Robber: Good morning, I am a bank robber. Er, please don’t panic, just hand over all your money. Assistant: This is a lingerie shop, sir. Robber: Fine, fine, fine. (slightly nonplussed) Adopt, adapt and improve. Motto of the round table. Well, um . what have you got?

RSS testing reads

  • Risk-driven Testing vs. Risk-based Testing – It’s the Thought that Counts Trevor Atkins
  • Testers Don’t Test Anymore jason arbon
  • Created my own Mobile Testing Mnemonic Daniel
  • Life hacks for introverts? Gerald M. Weinberg
  • Testing Tour Stop #5: Pair Exploring with Lisa Elisabeth Hocke
  • Introducing GitHub Learning Lab: A new way to level up on GitHub aayush@users.lobste.rs
  • Where Are Your Bug Reports? Maaret Pyhäjärvi
  • Mapping your Test efforts to Automation Toyer
  • Test Driven Testing – No Activities Outside the Objective Brendan Connolly
  • Real Life TDD With Spring – Initial Project Setup Gil Zilberfeld

Recent Posts

  • Time modeling
  • Demystified testing pyramid
  • What I learned on Testival #37 meetup
  • Browser automatization for beginners
  • BBST test design – user testing, a practical example

Recent Comments

  • Testing Bits – April 15th – April 21st, 2018 | Testing Curator Blog on Time modeling
  • Robert Day on Vincent Van Gogh learning path
  • What I learned on Testival #36 meetup – tentamen blog on What I learned on first day of European Testing Conference 2018
  • Željko Filipin on What I learned on Testival #35 meetup
  • Testing Bits – Feb 18th – Feb 24th, 2018 | Testing Curator Blog on What I learned on first day of European Testing Conference 2018

Archives

  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • May 2013
  • April 2013
  • March 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • March 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011

Categories

  • agile
  • AMI Linux
  • BBST
  • BBST Foundations
  • BBST Test Design
  • bug advocacy
  • business
  • cookie
  • cucumber
  • django
  • docker
  • elixir
  • eutotestconf
  • events
  • Firefox
  • firewall
  • git
  • headless
  • heuristic
  • HL7
  • HTSM
  • issues from the void
  • J2EE
  • javascipt
  • jenkins
  • jira
  • jruby
  • jython
  • karlo
  • learn testing
  • load test
  • load test framework jython java
  • meetup
  • mentoring
  • mobile testing
  • nexus
  • nginx
  • oracle
  • OWASP
  • page object gem
  • pl-sql
  • plsql
  • programming
  • python
  • RIMGEA
  • rspec
  • ruby
  • Ruby on Rails
  • scrum
  • security
  • security testing
  • selenium
  • selenium-webdriver
  • software development
  • Speak Up Meeting
  • speakeasy
  • spring
  • test design
  • testbash
  • testing tool
  • testival
  • UI regression
  • Uncategorized
  • utf-8
  • ux
  • watir-webdriver
  • webcampzg
  • webdriver
  • Zagreb STC

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
© 2018 tentamen blog. All rights reserved.
Hiero by aThemes