Do not keep your credit card and PIN together in your wallet heuristic
TL;DR This post is about testing heuristic : “Do not keep your credit card and PIN together in your wallet”. Heuristic is commonsense rule (or set of rules) intended to…
Category: security testing
How to smart test minor version Ruby on Rails upgrade?
Ruby on Rails, security, security testing, Uncategorized
TL;DR In this post I will explain what should be checked after Ruby on Rails minor version upgrade. Minor version upgrades are usually connected with security releases. As I am subscribed to Ruby…
How to set regression test scope for HTTPS only access?
learn testing, OWASP, security, security testing, testing tool, Uncategorized
TL;DR In this post I will provide an example how to set the scope of system regression test in order to achieve coverage of features that need to be tested….
Selenium RemoteWebDriver over http
security testing, testing tool
TLDR In this post I will explain how I connected knowledge from two testing domains, security and UI automation, in order to achieve proper UI automation stack configuration. In order…
When you should restart any server instance?
image credit: findicons.com TLDR In order to know when you should restart your server process (web server, database server, or any other type of server), you need to understand how…
Heroku ACTION REQUIRED: Potential security vulnerability in Ruby and YAML parsing
I received email from security@heroku.com with that subject on April 3rd, 2014 at 22.55 local time. I was expecting that email. How many of you who have Rails application deployed…
‘Hacking’ Rails session
learn testing, security testing
One of important security attack vector in web applications is cookie session content. Rails security guide gives all relevant information which data could be stored in cookie session.I will explain…
