The Ruby language has gained many followers recently. Ruby offers many of the same features that made Perl a popular scripting language, but also has the advantage of being a fully object-oriented language. While developing an object-oriented application in Perl might be a bit clumsy, Ruby supports object-oriented programming quite naturally. This can offer many advantages when developing a large testing application.
To ensure the quality and safety of Web applications, security testing is a necessity. So, how do you cover all the different threats-SQL injection, cross-site scripting, buffer overflow, and others? James Knowlton explains how Ruby combined with Watir-both freely available-makes a great toolset for testing Web application security. Testing many common security vulnerabilities requires posting data to a Web server via a client, exactly what Watir does. The Ruby side of Watir, a full-function programming language, provides the tools for querying the database, checking audit logs, and other test-related processing. For example, you can use Ruby to generate random data or large datasets to throw at a Web application. James describes common security attacks and demonstrates step-by-step examples of testing these attack types with Ruby and Watir.
Ready to start writing your own test scripts? Not sure of what tools to use? Kalen Howell discovered Ruby, a powerful scripting language that is easy to learn. Using Ruby led Kalen to WATIR, an open source tool written in Ruby. WATIR is used to drive Web sites through Internet Explorer just as a user would. Just by following a few examples, Kalen was able to create automated test scripts in a matter of minutes. Learning more about Ruby enabled Kalen to write more robust scripts. Ruby connects to databases, writes XML, creates and reads data files, and can be used to create customized libraries. Combining the powerful features of WATIR with the robust and easy to learn language of Ruby gives the tester powerful tools for automated scripting.