Other Security Resources

Learn more about testing tools.

TDD limitations

There’s a limit to what we can test with security using TDD. It’s a good idea to use a static analysis tool to look for security issues. Two options are Brakeman, which we would run ourselves, and CodeClimate, which automatically runs Brakeman on each commit. Brakeman looks for a variety of security issues and provides some tips on working around them.

Note: Use an automatic security scanner to check for common security issues.

Open Web Application Security Project

The Open Web Application Security Project has all kinds of useful information on security risks. Of particular interest is WebGoat, a deliberately insecure application designed to allow us to hack and test solutions. The Rails version is called RailsGoat.

Get hands-on with 1200+ tech skills courses.