Automated Testing for Infrastrure

By: Johnathon Wright on: July 20, 2010

I have a client whose website is subject to HIPAA regulations. I just finished setting up SSL for them. I also set up redirects so that: => =>

It all works now. Unfortunately, I've become accustomed to the feeling of security that I get from automated tests. I can't use rspec here, because that configuration is on the server. I have signed up for monitoring service, but that won't tell me if somehow starts serving insecure pages. (most modern browsers will flip, but that doesn't get me around HIPAA.) What if the server crashes, has to be rebuilt, and I forget to set up the SSL stuff? It could be weeks before someone discovers that it isn't there, and that isn't good enough.

Not sure yet what to do.


Just checking that you are human. What would be the result of this code?

a = 3*(4/2); b = 1; a+b