Other Security Resources

Learn more about testing tools.

We'll cover the following

TDD limitations
Open Web Application Security Project

TDD limitations

There’s a limit to what we can test with security using TDD. It’s a good idea to use a static analysis tool to look for security issues. Two options are Brakeman, which we would run ourselves, and CodeClimate, which automatically runs Brakeman on each commit. Brakeman looks for a variety of security issues and provides some tips on working around them.

Note: Use an automatic security scanner to check for common security issues.

Open Web Application Security Project

The Open Web Application Security Project has all kinds of useful information on security risks. Of particular interest is WebGoat, a deliberately insecure application designed to allow us to hack and test solutions. The Rails version is called RailsGoat.

Get hands-on with 1200+ tech skills courses.

Introduction

Test-Driven Fable

Test-Driven Development Basics

Test-Driven Rails

What Makes a Great Test?

Testing Models

Adding Data to Tests

Using Test Doubles as Mocks and Stubs

Integration Testing with Capybara and Cucumber

Testing JavaScript: Integration Testing

Unit-Testing Javascript

Testing Rails Display Elements

Minitest

Testing for Security

Testing External Services

Troubleshooting and Debugging

Running Tests Faster and Running Faster Tests

Testing Legacy Code

Other Security Resources

TDD limitations

Open Web Application Security Project