imedo Development Blog

If you need a quick overview whether the internal links of your website are working and the markup is valid, checkout the Multipage Validator tool.

With Cucumber 0.4 the API for the output formatters has been changed. We updated our output formatter according to these changes. It is now compatible with Cucumber versions 0.4.x to 0.6.x.
The the updated code can be found here: imedo_ci_formatter.rb

Nice approach for circumventing input validation for JSON: Parameter Pollution with JSON.
Be sure to have your input validation handle this kind of injection attacks.

Most web applications depend on user name password combinations in order to authorize user access. Hence one of the biggest security problems in the world wide web are weak passwords. Users choose easy to guess password because they are easy to remember. In this article some hints are given which should help choosing a good [...]

We’re pretty much a Mac shop here at imedo and, as our application is built using Ruby on Rails, it’s safe to say that we are legally obliged to use TextMate for all our editing needs .
One of the features I love about TextMate, catered for in most bundles, is the ability to execute [...]

Another short tip, because I really like the smusher gem!
first install it:
gem install smusher
then crush your images automatically using the PunyPng service, which is currently delivering the best results in terms of file size:
smusher * –service PunyPng

If you need to generate thumbnails of the first pages of alot of PDF documents you can use this tiny ruby script:
http://bit.ly/8T0B1a
I also included smusher support to crush the PNGs after they were created. Just gem install smusher and uncomment the smusher command.
Enjoy!

Here is an interesting article about the search engine Shodan which is supposed to find web servers instead of web pages. This means that one can e.g. search for a particular web server version in one country.
Finding vulnerable web servers with Shodan is as easy as using Google. Hence in combination with the Metasploit exploit [...]

Although discovered already in 1988 by Norm Hardy, cross-site request forgery (CSRF) has been the shooting star of web attacks in 2008. As a result it has become one of the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors.
The idea behind CSRF is that an attacker sends a malicious request to the target application using [...]

In the first part of this article it was shown how to use CSS selectors for matching elements on complex web pages. But selectors are not the only way of matching HTML elements, Webrat also supports matching via XPath.
XPath matchers can be combined with CSS-selector matchers. This is really useful if not, for example, the [...]