Automated Testing for Infrastrure

By: Johnathon Wright on: July 20, 2010

I have a client whose website is subject to HIPAA regulations. I just finished setting up SSL for them. I also set up redirects so that:

http://domain.com => https://www.domain.com http://www.domain.com => https://www.domain.com

It all works now. Unfortunately, I've become accustomed to the feeling of security that I get from automated tests. I can't use rspec here, because that configuration is on the server. I have signed up for monitoring service, but that won't tell me if somehow https://www.domain.com starts serving insecure pages. (most modern browsers will flip, but that doesn't get me around HIPAA.) What if the server crashes, has to be rebuilt, and I forget to set up the SSL stuff? It could be weeks before someone discovers that it isn't there, and that isn't good enough.

Not sure yet what to do.





Comments:

Just checking that you are human. What would be the result of this code?

a = 3*(4/2); b = 1; a+b

Back