Skip to content

Crude to Cool way. Start using add-on’s now!

Monday, June 17, 2013

I hope that you are going to learn something awesome with this article and have this as one of the learning for your 2013 (this year)  journey. This article just doesn’t speak directly about some add-on(s) and just give out the names of them. Well, I need not give them; you can still find it by going to the add-on(s) of Firefox or Chrome with the respective websites. I am going to share my experience as well and also talk about, “How a tester / developer” could use these add-on(s) to test better while improving their productivity. That’s why this is called an article. Else I could have just tweeted the add-on(s) name (Chuckles).

Going back 2 years or 3 years, I used to see following kind of testers,

Case 1: A tester was looking into his watch while he wanted to know the page-load time. I went to him and asked, how long do you need to do this? He said, for the same web-page I need to try 100 iterations with several settings like with cache and without cache and on different bandwidths.

Case 2: A tester reporting a bug: I see a text in red color while it had to be in purple. Unfortunately, there were 2 shades of red color and developer thought that tester was talking about the red colored text which was in the bottom of the paragraph rather than between of the paragraph. As they were shades, developer perceived those in his own way.

Looking at the above two examples, it looks very sloppy (At least to me).

Let us speak about, how did I deal with such problems now?

Considering Case 1, for the tester who was checking the load time for the web page, I went to him and said; How about cutting down the effort of you looking into your watch every-time you want to know the load time? He said, please tell me. I introduced him to an add-on of Mozilla Firefox called “Extended status bar” which can help him to get rid of what he is currently doing. He can just refresh the web-page and wait till it loads that’s all. And then he can look into the statistics bar which will not only talk about load time but, more information. Now, he has got it the cool way.

He thanked me so much and then he said, is it a new tool? Well, I said; you are still in stone-age. Please move on to modern era. It has been there from long time, it is just that you never thought of exploring. You were happy with what you were doing and not wanted to become happiest.

Now, let us consider case 2 where the tester reported a bug by saying red while there were 2 shades of red and developer considered the wrong one and thought he / she fixed something while he / she actually created one more bug. Now, I was consulting the project and wanted to know why such problem occurred. It is because, lack of the knowledge about Hex color codes and knowing that there are different shades among 1 color itself. And other thing is, how to get to know those color codes from the web-page. I went to the tester and introduced him to an add-on called “ColorZilla” which is used along with Mozilla Firefox web browser. With that add-on, he need to just mouse over on the text or image and that will provide the Hex code of that specific text or image area. Now, the tester re-wrote the bug report and instead of saying “Red”, he reported it in Hex value (Say #FFFFFF for White). Now, Developer just searched for this Hex value and changed the Hex value to purple to fix the bug. Now, that’s the smarter way.

 

I hope that by now you might have got some idea about how these add-on(s) could be of help.

 

This is sample of my experience! What’s your story? You might want to share it!

Filed in General | Tagged , , , | Comments (4)

My talk on Security Testing at Kristu Jayanti College – Feb 16th

Friday, January 11, 2013

It all started when I had been Kristu Jayanti College to participate in the talk provided by Parimala Hariprasad (She blogs at http://curioustester.blogspot.com/). Her talk was on “Software testing and Career opportunities”. I got a reference to Mr. Ramanathan who had organized it. I added him on Gmail and Facebook as well. I had talked to him long back about organizing “Security Testing / Hacking” workshop for the interested students at his college. Today, he pinged me and asked me about the details and here I go, it’s on February 16th which is Saturday. I would conduct the workshop for 4 hours. I have asked the organizer to make it 2 parts where 4 hours remaining would be conducted the sooner weekend or later.

 

Agenda

  1. History of hacking
  2. Different opinions and definitions of hacking
  3. Social Engineering Attacks
  4. Current threats & vulnerabilities
  5. Becoming a security researcher
  6. Selling your vulnerabilities
  7. Responsible & full disclosure
  8. Resources
  9. Discussion

This is not a hands-on workshop. This is more about initial start for participants to know about hacking. And anyone who is interested to take it as a further learning can take it up.

 

To the students (Kristu Jayanti College) who might be reading this, you are going to might experience something awesome in your life-time.

 

I want to spread about hacking to more and more people. If you think that you know some college and students are interested in this topic, then please write to me at Santhosh.Tuppad@gmail.com or tweet @santhoshst or just comment on this blog post.

 

Last but not least, I am very good at boasting about myself. So, please help me to be much better at it by sharing this blog post on Facebook, Twitter, LinkedIn or whatever place you want to. You are free to do it and awesome thing about it is, I do not charge for sharing *Grins*.

Filed in General | Tagged , , , | Comments (0)

FREE Security Testing Workshop By Santhosh Tuppad in Bengaluru

Friday, December 7, 2012

It has been months now, I planned to conduct a security testing workshop in Namma Bengaluru for free to the enthusiasts / aspirants. I have already finished half a day workshop in Chennai and now it’s time for “Namma Bengaluru”. And then I have planned for Hyderabad and then Gurgaon / Delhi / Noida region.

 

What’s the agenda?

  1. Introduction to Hacking
  2. Social Engineering Attacks
  3. Web Application Hacking
  4. Bug Advocacy for vulnerabilities
  5. WTF are these? White / Black / Gray Hat
  6. Legalities when you are in hacking business
  7. Earn while you hack (Ethical)
  8. Exercises
  9. Quiz
  10. Discussion / Arguments / Fights (Not physical) / Planning for the next workshop

 

Date and Time

We will have this on December 15th, 2012. We have been always seeing workshops starting at morning 9 or 10. Well, there is a difference here. We will start it from 11 AM. Well, there is no reasoning behind this. Just like that. Being a weekend, sleep a bit more and have your breakfast. Then let us begin hacking. It is important that you have good night sleep and good breakfast because hacking coaching demands it (Grins).

 

Venue

THE HHI SELECT BEGALURU

Anil Nair (G.M ) 15th Cross,Ring Road, J.P Nagar, II Phase,
Bangalore – 560078
Phone – 08 40761500 / 09731766305

 

Questions / clarifications

If you have anything to ask me, then please write to me at Santhosh.Tuppad@gmail.com or comment on this blog post.

Filed in BangaloreHackers, Bugs, coaching, Communities, Events, Exercises, Investigation, Security Testing, Social Engineering Attacks, Test Ideas | Tagged , , , , , , , , , , , , , , , | Comments (18)

Security Testing – Help your customers from being victimized

Thursday, November 22, 2012

Hunger for data

Hackers are always hungry about getting access to treasure which is related to data which they can sell to your competitors or use it for their own purpose. They will be on patrol and big organizations are their targets where they can make big news and also get the data of the customers. Let us speak about retail giants like Amazon, Wal-Mart, Tesco and others. Millions of data is stored in the database and security is very crucial for these big giants. There is no word called “compromise” in this context. If you’re compromising; it is as equivalent to being negligent or compromising your customers privacy. So, if hackers are hungry for data then it is like you are showing yourself as bait.

 

Safeguarding from the hackers

Identify some vendors who have cool hackers who can hunt for security bugs or identify the security testers in a consultant role and get them on-board; if you have in-house skilled testers, even then it will do. Do not go to a vendor who just blindly run a tool and say these are the vulnerabilities; Agreed that a tool ran some checks and reported some vulnerabilities but, it is what the tool is programmed for and I personally would not call it is security testing. Tool would give some information whereas, you need skilled exploratory testers to show you colony of security bugs. Security Testers will use different techniques, explore in many different ways based on the application; they think of features where social engineering attacks would be the entry point to exploit the vulnerability and many more. You got to find a good geeky skilled security tester or consultant or a researcher who has been in hacking for many years; not just years but has extensive hands-on experience. This is one of the way how you can safeguard from black hat hackers.

 

Attitude of (Most or Some) Dev Folks

I have personally experienced this where; I reported security vulnerabilities and development team did not fix it however; when the report came from a third-party vendor and they had the same security vulnerabilities that I reported and they fixed them. Now, this talks about the attitude of taking things lightly. They fixed it because they had paid the vendor some cool money. So, this speaks about attitude towards the product. You are working to give some good enough quality product to your customers rather than slipping away from fixing these security bugs. Personal discipline is very much required which should be learned if it is lacking. Not to deny that I have seen developers with a good attitude and thinking skills with respect to the security bugs and sad to say that they are very few just like very few good testers.

 

Crime / Robbery / Impersonation due to security bugs

You could laugh at this but; your laugh will end when you realize it being true. You can just go to past incidents that might have happened due to security loop holes in the product where someone got some girls confidential data; the person started abusing / torturing / blackmail / Sexual Harassment and such evil stuff. You might want to just put yourself in the shoes or your family member being in the bad situation just similar to above example. What would you do? Would you sue the company? Yes, indeed. I hope now, I need not explain the impact. You must have understood by now.

 

 

I stop here and I scream, “Are you next victim?”

 

 

Filed in BangaloreHackers, Bugs, General, Investigation, Management, Security Testing, Social Engineering Attacks, Stories, Test Ideas | Tagged , , , , , , , , , , , , , , , , | Comments (3)

Finally, “tested” conference is here at Bangalore, India – By Moolya

Tuesday, November 20, 2012

Today, I am going to share some awesome news with all my blog readers. We (Moolya Software Testing Private Limited) are organizing the “tested” conference for the first time on December 05th, 2012. More than anyone I am just excited to witness the success of the conference. The website which we have made live will speak about all the things that you can have at the conference.

 

Visit

http://test-ed.in/

 

Well, the post ends here. I will share my experience report once the conference comes to an end. Err, you can just read my experience but; can’t really experience. One needs to do skydiving in order to experience it rather than reading it. So, come and experience! One shocking news, the price is 50,000 just 500/- INR for 1 day.

Filed in Communities, Events, General | Tagged , , , , , , , | Comments (0)