Other Security Resources
Thereâs a limit to what you can test with security using TDD. Itâs a good idea to use a static analysis tool to look for security issues. Two options are Brakeman, which you would run yourself, and CodeClimate, which automatically runs Brakeman on each commit.[18] Brakeman looks for a variety of security issues and provides some tips on working around them.
| Prescription 30 | Use an automatic security scanner to check for common security issues. |
The Open Web Application Security Project has all kinds of useful information on security risks.[19] Of particular interest is WebGoat, a deliberately insecure application designed to allow you to hack and test solutions. The Rails version is called RailsGoat.[20]
Footnotes ...
Get Rails 4 Test Prescriptions now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
