How developer should test?
TL;DR At one meetup, @neektza, excellent developer, asked me: “Karlo, I learned xy testing framework, but now I do not know which test should I write”? At that time, I…
Ruby on Rails bottom up security – sensitive data exposure
OWASP, Ruby on Rails, security
TL;DR This post is about risk sensitive data exposure in your Ruby on Rails application. It will cover unauthorized access and cross site request forgery check (CSRF). Unauthorized access risk…
Be careful with software updates: example for osx text to speech feature
BBST Test Design, learn testing
TL;DR This blog post is about how OSX update affected text to speech feature that I use as proof reading aid for my blog posts. I will propose a testing…
What I learned at Testival #32 meetup
learn testing, meetup, testival
TL;DR This post is about my Testival #32 meetup learning experience. Sponsor of this meetup was Degordian, digital agency where there is no cure for their curiosity 🙂 They recently…
Ruby on Rails bottom up security – mass assignment
OWASP, Ruby on Rails, security
TL;DR Mass assignment is security risk where user can create/update data attributes that is not allowed to update. Here is an example. Imagine application that registers your employees working hours….
Oracle exercise on real example
heuristic, learn testing, oracle
TL;DR This post is example how to apply oracle heuristic to identify is there a problem. Disclaimer: this blog post is not about some fancy new software testing framework. Pure…
UI check automation suggests important project issues
TL;DR This blog post is my experience about UI test automation applied in various projects. First disclaimer, this post is not against UI check automation. If not used as a…
Ruby on Rails bottom up security – Cross site scripting (XSS) check
TL;DR This post explains how to check your Rails application source code for cross site scripting (XSS) attack. Cross site scripting means that your application accepts html code as user…
Exploratory session of Pena Palace
TL;DR Using this excellent post by Marcel Gehlen , I am learning about exploratory software testing. I created github wiki where I put notes about every resource listed in that post. This…
Ruby on Rails bottom up security – authentication and session management check
Ruby on Rails, security, security testing
TL;DR This post is about checking “The Gates” of your Rails application. Every web application is a set of urls. Some of them are publically available and some are available…
