real life deployment – Entire application stack, configuration • Penetration Testing Cons – Reports symptoms, not root causes – Setup time, find defects late during QA cycle – Incomplete view of running app
Early detection of defects – Integrated into developer’s workflow – No deployment required • Static Code Analysis Cons – Limited to code – Need access to source code
Built on the model-view-controller design pattern “Convention over configuration” – encourages assumptions which lead to default behavior http://rubyonrails.org/