Best practices and testing strategies

Security incidents are expensive. They derail teams from providing business value, lead to a crisis of confidence for the company, and, in many cases, expose users’ personal information to bad actors. There’s no way to absolutely prevent such incidents, but ensuring that our access controls are working is a huge help.

The clearest way to do this is to write system tests that exercise the system as different types of users. Depending on how complex our authorization needs are, we may need a lot of tests. Remember that tests are a mechanism for risk management. This means we probably don’t want to test every action against every possible role, but we do need to strategically test many roles and ...

Prologue

Getting Started

The Rails Application Architecture

Start Our App Off Right

Business Logic

Routes and URLs

HTML Templates

Helpers

CSS

Minimize JavaScript

Carefully Manage the JavaScript We Need

Testing the View

Models I

The Database

Build an E-learning Website with Ruby-on-Rails and PostgreSQL

Business Logic Code is a Seam

Models II

End-to-End Testing

Controllers

Jobs

Other Boundary Classes

Authentication and Authorization beyond Rails

Create a Bill Split Application Using Ruby on Rails

API Endpoints

Sustainable Process and Workflows

Operations

Conclusion

Appendices

Test Access Controls in System Tests

Best practices and testing strategies