Skip to content

My talk on Security Testing at Kristu Jayanti College – Feb 16th

Friday, January 11, 2013

It all started when I had been Kristu Jayanti College to participate in the talk provided by Parimala Hariprasad (She blogs at http://curioustester.blogspot.com/). Her talk was on “Software testing and Career opportunities”. I got a reference to Mr. Ramanathan who had organized it. I added him on Gmail and Facebook as well. I had talked to him long back about organizing “Security Testing / Hacking” workshop for the interested students at his college. Today, he pinged me and asked me about the details and here I go, it’s on February 16th which is Saturday. I would conduct the workshop for 4 hours. I have asked the organizer to make it 2 parts where 4 hours remaining would be conducted the sooner weekend or later.

 

Agenda

  1. History of hacking
  2. Different opinions and definitions of hacking
  3. Social Engineering Attacks
  4. Current threats & vulnerabilities
  5. Becoming a security researcher
  6. Selling your vulnerabilities
  7. Responsible & full disclosure
  8. Resources
  9. Discussion

This is not a hands-on workshop. This is more about initial start for participants to know about hacking. And anyone who is interested to take it as a further learning can take it up.

 

To the students (Kristu Jayanti College) who might be reading this, you are going to might experience something awesome in your life-time.

 

I want to spread about hacking to more and more people. If you think that you know some college and students are interested in this topic, then please write to me at Santhosh.Tuppad@gmail.com or tweet @santhoshst or just comment on this blog post.

 

Last but not least, I am very good at boasting about myself. So, please help me to be much better at it by sharing this blog post on Facebook, Twitter, LinkedIn or whatever place you want to. You are free to do it and awesome thing about it is, I do not charge for sharing *Grins*.

Filed in General | Tagged , , , | Comments (0)

FREE Security Testing Workshop By Santhosh Tuppad in Bengaluru

Friday, December 7, 2012

It has been months now, I planned to conduct a security testing workshop in Namma Bengaluru for free to the enthusiasts / aspirants. I have already finished half a day workshop in Chennai and now it’s time for “Namma Bengaluru”. And then I have planned for Hyderabad and then Gurgaon / Delhi / Noida region.

 

What’s the agenda?

  1. Introduction to Hacking
  2. Social Engineering Attacks
  3. Web Application Hacking
  4. Bug Advocacy for vulnerabilities
  5. WTF are these? White / Black / Gray Hat
  6. Legalities when you are in hacking business
  7. Earn while you hack (Ethical)
  8. Exercises
  9. Quiz
  10. Discussion / Arguments / Fights (Not physical) / Planning for the next workshop

 

Date and Time

We will have this on December 15th, 2012. We have been always seeing workshops starting at morning 9 or 10. Well, there is a difference here. We will start it from 11 AM. Well, there is no reasoning behind this. Just like that. Being a weekend, sleep a bit more and have your breakfast. Then let us begin hacking. It is important that you have good night sleep and good breakfast because hacking coaching demands it (Grins).

 

Venue

THE HHI SELECT BEGALURU

Anil Nair (G.M ) 15th Cross,Ring Road, J.P Nagar, II Phase,
Bangalore – 560078
Phone – 08 40761500 / 09731766305

 

Questions / clarifications

If you have anything to ask me, then please write to me at Santhosh.Tuppad@gmail.com or comment on this blog post.

Filed in BangaloreHackers, Bugs, coaching, Communities, Events, Exercises, Investigation, Security Testing, Social Engineering Attacks, Test Ideas | Tagged , , , , , , , , , , , , , , , | Comments (18)

Security Testing – Help your customers from being victimized

Thursday, November 22, 2012

Hunger for data

Hackers are always hungry about getting access to treasure which is related to data which they can sell to your competitors or use it for their own purpose. They will be on patrol and big organizations are their targets where they can make big news and also get the data of the customers. Let us speak about retail giants like Amazon, Wal-Mart, Tesco and others. Millions of data is stored in the database and security is very crucial for these big giants. There is no word called “compromise” in this context. If you’re compromising; it is as equivalent to being negligent or compromising your customers privacy. So, if hackers are hungry for data then it is like you are showing yourself as bait.

 

Safeguarding from the hackers

Identify some vendors who have cool hackers who can hunt for security bugs or identify the security testers in a consultant role and get them on-board; if you have in-house skilled testers, even then it will do. Do not go to a vendor who just blindly run a tool and say these are the vulnerabilities; Agreed that a tool ran some checks and reported some vulnerabilities but, it is what the tool is programmed for and I personally would not call it is security testing. Tool would give some information whereas, you need skilled exploratory testers to show you colony of security bugs. Security Testers will use different techniques, explore in many different ways based on the application; they think of features where social engineering attacks would be the entry point to exploit the vulnerability and many more. You got to find a good geeky skilled security tester or consultant or a researcher who has been in hacking for many years; not just years but has extensive hands-on experience. This is one of the way how you can safeguard from black hat hackers.

 

Attitude of (Most or Some) Dev Folks

I have personally experienced this where; I reported security vulnerabilities and development team did not fix it however; when the report came from a third-party vendor and they had the same security vulnerabilities that I reported and they fixed them. Now, this talks about the attitude of taking things lightly. They fixed it because they had paid the vendor some cool money. So, this speaks about attitude towards the product. You are working to give some good enough quality product to your customers rather than slipping away from fixing these security bugs. Personal discipline is very much required which should be learned if it is lacking. Not to deny that I have seen developers with a good attitude and thinking skills with respect to the security bugs and sad to say that they are very few just like very few good testers.

 

Crime / Robbery / Impersonation due to security bugs

You could laugh at this but; your laugh will end when you realize it being true. You can just go to past incidents that might have happened due to security loop holes in the product where someone got some girls confidential data; the person started abusing / torturing / blackmail / Sexual Harassment and such evil stuff. You might want to just put yourself in the shoes or your family member being in the bad situation just similar to above example. What would you do? Would you sue the company? Yes, indeed. I hope now, I need not explain the impact. You must have understood by now.

 

 

I stop here and I scream, “Are you next victim?”

 

 

Filed in BangaloreHackers, Bugs, General, Investigation, Management, Security Testing, Social Engineering Attacks, Stories, Test Ideas | Tagged , , , , , , , , , , , , , , , , | Comments (3)

Finally, “tested” conference is here at Bangalore, India – By Moolya

Tuesday, November 20, 2012

Today, I am going to share some awesome news with all my blog readers. We (Moolya Software Testing Private Limited) are organizing the “tested” conference for the first time on December 05th, 2012. More than anyone I am just excited to witness the success of the conference. The website which we have made live will speak about all the things that you can have at the conference.

 

Visit

http://test-ed.in/

 

Well, the post ends here. I will share my experience report once the conference comes to an end. Err, you can just read my experience but; can’t really experience. One needs to do skydiving in order to experience it rather than reading it. So, come and experience! One shocking news, the price is 50,000 just 500/- INR for 1 day.

Filed in Communities, Events, General | Tagged , , , , , , , | Comments (0)

Happy Birthday Yagnesh – A Future Leader In The Making

Tuesday, September 18, 2012

Yagnesh H Shah

This blog post I am dedicating to Yagnesh H Shah, who is a Software Tester and works at Moolya Software Testing Private Limited. Today (September 18th, 2012), is his birthday and I thought let me wish him in a different way by expressing my views about him via this blog post. This kid is someone special that I have met in my life that has got different set of good qualities in him. Few include,

  1. Learning attitude
  2. Passion for “Software Testing”
  3. Willingness to listen to what others are saying
  4. Creative work
  5. A good blogger – I have not seen the style of writing which he does and I totally appreciate the same. Let any other newbie in “Software Testing” challenge him in his writing

What is it that makes me think he is going to be the future leader, huh?

Well, my answer doesn’t have logical reasoning. It’s just a confidence that I have in him. Yagnesh, I hope you are seeing this and make it true. I know, you are going to be the leader. I can visualize him doing the following set of activities,

  1. Speaking in conferences
  2. Coaching budding testers
  3. Motivating / Inspiring the next generation testers
  4. Helping experienced testers to test better
  5. Taking initiatives in “Software Testing” space
  6. Writing for e-magazines

And everything that he could do as a great software tester *Grins*. In the age group that he belongs to, I respect him for the skills that he has got along with dedication and commitment levels. It’s just awesome! Sometimes I feel even “awesome” word is less to describe him for what he is doing at Moolya.

Happy Birthday, Yagnesh. I am running out of money and I could not think any better gift than writing this blog post (ROFL). Have a great life ahead and do what you love which you are already doing.

Have a great birthday and party is a MUST. Rock it, boy.

Filed in Books, coaching, Communities, General | Tagged , , , | Comments (2)