imedo Development Blog

there is no charge for awesomeness

Multipage validator

without comments

If you need a quick overview whether the internal links of your website are working and the markup is valid, checkout the Multipage Validator tool.

Written by ehartung

February 18th, 2010 at 3:44 pm

Posted in Development, Testing

New version of CI output formatter available

without comments

With Cucumber 0.4 the API for the output formatters has been changed. We updated our output formatter according to these changes. It is now compatible with Cucumber versions 0.4.x to 0.6.x.
The the updated code can be found here: imedo_ci_formatter.rb

Written by ehartung

February 16th, 2010 at 1:21 pm

Parameter pollution with JSON

without comments

Nice approach for circumventing input validation for JSON: Parameter Pollution with JSON.
Be sure to have your input validation handle this kind of injection attacks.

Written by ehartung

January 9th, 2010 at 12:54 pm

Choosing a good web password

without comments

Most web applications depend on user name password combinations in order to authorize user access. Hence one of the biggest security problems in the world wide web are weak passwords. Users choose easy to guess password because they are easy to remember. In this article some hints are given which should help choosing a good [...]

Written by ehartung

December 16th, 2009 at 12:14 am

Run Javascript, Run!

with 2 comments

We’re pretty much a Mac shop here at imedo and, as our application is built using Ruby on Rails, it’s safe to say that we are legally obliged to use TextMate for all our editing needs .
One of the features I love about TextMate, catered for in most bundles, is the ability to execute [...]

Written by agroves

December 15th, 2009 at 3:14 pm

Posted in Development

Tagged with , ,

Smusher is crushing your images

without comments

Another short tip, because I really like the smusher gem!
first install it:
gem install smusher
then crush your images automatically using the PunyPng service, which is currently delivering the best results in terms of file size:
smusher * –service PunyPng

Written by mscherf

December 15th, 2009 at 12:35 pm

Posted in Development

PDF2PNG – PDF Thumbnail Generator Script

without comments

If you need to generate thumbnails of the first pages of alot of PDF documents you can use this tiny ruby script:
http://bit.ly/8T0B1a
I also included smusher support to crush the PNGs after they were created. Just gem install smusher and uncomment the smusher command.
Enjoy!

Written by mscherf

December 10th, 2009 at 12:07 pm

Posted in Development

Tagged with , , ,

Is your web server up-to-date?

with one comment

Here is an interesting article about the search engine Shodan which is supposed to find web servers instead of web pages. This means that one can e.g. search for a particular web server version in one country.
Finding vulnerable web servers with Shodan is as easy as using Google. Hence in combination with the Metasploit exploit [...]

Written by ehartung

December 8th, 2009 at 12:02 pm

Posted in Security

Tagged with , , , ,

Secure coding with Ruby on Rails 7: Cross-site request forgery (CSRF)

without comments

Although discovered already in 1988 by Norm Hardy, cross-site request forgery (CSRF) has been the shooting star of web attacks in 2008. As a result it has become one of the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors.
The idea behind CSRF is that an attacker sends a malicious request to the target application using [...]

Written by ehartung

December 4th, 2009 at 4:45 pm

Matching elements on complex web pages with Webrat 2

without comments

In the first part of this article it was shown how to use CSS selectors for matching elements on complex web pages. But selectors are not the only way of matching HTML elements, Webrat also supports matching via XPath.
XPath matchers can be combined with CSS-selector matchers. This is really useful if not, for example, the [...]

Written by ehartung

November 25th, 2009 at 6:46 pm

Posted in Testing

Tagged with , ,