The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing
inputs and analyzing what comes back. We have pointed Tarantula at
about 20 Rails applications, both commercial and open source, and have
never failed to uncover flaws.
How does your Rails app stand up? It's easy to find out. Install the
plugin, and create a Tarantula integration test: (Update: Note that
Tarantula integration tests live in test/tarantula so that you can
treat them separately in your cruise builds. For a substantial app or
fixture set Tarantula can take a while to run!)
# somewhere in your test
# customize to match your security setup
post '/sessions/create', :password => 'your-pass'
t = tarantula_crawler(self)
Then rake tarantula:test, and then start looking through the Failures
section of the HTML report.
Tarantula is just a baby now, but we plan to feed it until it is a lot
bigger and meaner. Suggestions and contributions are welcome via the
Relevance Open Source Trac.
gem install htmlentities
gem install facets
Hat tip to Courtenay, whose SpiderTest plugin inspired us to go down
this road. Also congrats to Mephisto, which is the best behaved app
under Tarantula to date (only three problems, all minor broken
-- Relevance Open Source Team