Eliminating a Class of Defects

Imagine the following line of PHP code: $db->GetRow("SELECT * FROM users WHERE id = $user_id"); This line is vulnerable to SQL injection, if an attacker controls $user_id variable. This is the safe version (using parametrized query): $db->GetRow("SELECT * FROM users WHERE id = ?", array(‘$user_id’…

PHP Unlocker

PHP-Unlocker is a static analysis tool that detects potential, unintended DB table locks for PHP applications using ADOdb. It searches your code for improper usage of StartTrans() and CompleteTrans() methods. So why write this tool? It’s to scratch our own need, because we had an application with bad coding…

The Cost of Quality

TL;DR It all comes down to economics. What is the cheapest possible way for a company to find defects in its application? For some it's - let the users find problems. For others - extensive in-house testing before each release. Apples and oranges. Recently I happened upon a book…

Keep External Dependencies Under Control

Two months ago, we were moving production servers from one datacenter to another. It was supposed to be boring, no-thrills event. There was no new code to be deployed, only running it from different location. We were pretty confident, that there would be no problems, partly because we’ve migrated…

Writing Unit Tests for Node.js Application

Given the widespread adoption of node.js it’s surprising that there is not much synthesized information about the specifics of writing unit tests on this platform. Recently I open sourced Nagual, HTTP simulator for faster and reliable automation tests. these are the challenges I faced writing unit tests for…