Web resources

http://securitytube.net

http://securityfocus.com/

http://bangalorehackers.com/

http://softwaretestingnews.com/security-testing

http://owasp.com/

Security testing checklist -http://tuppad.com/blog/2012/03/29/security-testing-checklist-for-web-application/
Security testing add-on(s) mind-map http://moolya.com/blog/2011/03/04/addon-mindmap-for-testers-from-moolya/
Sysinternals Suite – Bunch of awesome utilities for testing activity – Google it and download the zip
file from Microsoft website.

http://foundstone.com/

Some of the security testing checklist mind-map by Darren McMillan -

http://www.bettertesting.co.uk/content/?p=1372

http://testingperspective.com/

Books suggested
The Art of Deception by Kevin Mitnick (Flipkart.com – It’s available)
Hacking for Dummies by Kevin Beaver (e-book available at http://issuu.com/ – Search it there)
Web Services Hacking by Sreeraj Shah (Web Services Testing Book)

Learning to hack on these websites

http://hackthissite.org/

There are different levels here and it gets more and more difficult over the duration after you
complete the exercise. Please do not look into solutions or google for it or else it is fun destroyer.

http://hellboundhackers.org/

http://haxme.org/

Things to do once back to desk
1. Install add-ons which can help you to perform security testing
2. Install Burp Suite, WebScarab
3. Subscribe to some of the hacking news and just read the headlines whenever you get time
4. Have passion for hacking / security testing / penetration testing
Follow these guidelines and you will

Share/Bookmark

List of participants

Darren McMillan

Parimala Shankariah

Jari Laakso

Monirul Islam

Andrei Cociuba

Ranjith Selvam

Ajith Kumar

Raghavendra Narayanan

Markus Gartner

Deepa Sampath Prasanna

Without much ado, let me announce the results.

Winners

1^st Prize

Parimala Shankariah, Jari Laakso & Markus Gartner

2^nd Prize

Andrei Cociuba

3^rd Prize

Monirul Islam

Well, I think you had not thought of the prize distribution like this. Well, the kind of submissions I received, it was a difficult to choose the winners. Even though I have chosen 1^st, 2^nd and 3^rd; I feel everyone is 1^st here because there was diversification in the set of answers or comments provided. Some tester did not do well in some contexts and some did very well. For instance: I liked what Markus talked about captcha in terms of how to use it and when to use it. I had difficult time in choosing winners. It was confusion between Parimala, Markus and Jari. Initially, Parimala was in first and Markus + Jari in second. Then, again re-reading it was a big confusion: D I just thought of choosing 1^st prize for Parimala, Jari and Markus finally.

In my opinion, there are some points where the participants need to think deeper rather than just throwing out the answer. Some things require deep analysis. Some answers, I saw them as a practice without the context and some answers were provided bounded by context. I enjoyed reading the thoughts and it was fantastic.

When will be the next contest?

I thank all the participants for participating in this contest actively. I’m thinking of having such contests twice a year. See you for the next contest sometime later in this year again. Till then I wish you a happy learning and happy testing.

How do I receive prizes?

Oh, I forgot to mention this. How will you receive the prizes? I wanted to say this, the prizes will be received even by testers outsideIndia.

I need these details,

Your full name

Complete postal address with PIN code

Phone number (Personal – Just in case if the parcel / courier service needs to reach you)

Once you send this I will quickly send you the prizes and notify you all about the sent date and also let you know when you can expect the parcel at your place.

What if I already have the book that you are giving as a prize?

In case if you have any book listed in the prize list then you can write to me at Santhosh.Tuppad@gmail.com with the name of the book that you already have and I will choose some other book for you.

Astalavista baby!

Thanks!

Share/Bookmark

Generic

• For All web pages which carry confidential data like password, Secret answer for security question should be submitted via HTTPS(SSL).
• Password & security answer needs to be masked with input type = password.
• Server Side Validation for form. Use “Firebug” and “TamperData” to perform this test (You can tamper for minimum length of password, set only new password without old password >> You got to remove the old password element from Firebug from the client-side and then submit it <<)
• Check for SQL Injection for any page in your application that accepts user-supplied information to access a database.
  • A login form, signup form, or “forgot password” form is a good start.
  • A dynamic page that uses URL variables such as ID (product information pages are good for this).
  • Check for XSS by searching application for a page that takes user input and outputs it directly to a webpage. Common examples: Forums, Comments, Wikis, Review. Also, check for CSRF.

Password

• Set of rules for setting a password should be same across all the modules like Registration form, Change password, and Forgot password. If these rules differ than hacker might exploit it through brute force method. Example: If the registration form does not validate for password minimum length as 8 chars but while changing password from user profile it validates for minimum length or vice versa. Now, as registration form accepts password which are less than 8 chars it becomes easy for hacker to apply brute-force method.

• Password enforcement of alphabets + numeric + special characters should be used in order to protect the account to a greater extent against brute force attack mechanisms.

Forgot your password

• There need to be a restriction on number of forgot password requests sent per day or in “X” hours interval or have a captcha so that automated requests are not sent (To automate the requests  you could use “ReloadEvery” add-on which is to be used on http://example.com/user/forgot-password/)
• The URL has to expire on one use after being used to set new password.
• The token associated with the URL should not be guessable or there should be any pattern which could be easily cracked.
• If the URL is not used within “X” hours then it has to expire (Example: Once the URL is generated, if it is not used then it has to expire after “72 hours”)
• When new token is generated the old ones should expire even if they are not used.
• Example.com should not send the password via e-mails by resetting automatically. There has to be URL which should be used by end-user to set new password of his / her choice.
• While typing secret answer in Forgot Password the secret answer needs to be masked (Secret Answer is also part of authentication which is similar to password, shoulder surfing or auto-complete stuff could be dangerous here compromising the end-user account).
• Once the password is set, you might want to take end-user to logged in state or requesting him / her to login now with the hyperlink (I, personally would recommend taking to login page and requesting him / her to login with new password)

Registration Form

• There needs to be a captcha so that spam bots do not register and spam in discussion forums with illicit content which could be frustrating for your genuine end-users.
• Tamper with the mandatory fields by trying to register without mandatory fields – This is a server-side validation (Add-on on Mozilla Firefox – Tamper Data) Example: Can anyone bypass acceptance of terms of conditions and proceed with registration? This could be applied for all the forms and this test idea will not be repeated in other forms.

Change Password

• ·         Once the password is changed successfully. User should not be able to login again with his old password & new password both.
• ·         Login using the credentials on Mozilla Firefox | Login with the same credentials on Google Chrome | Now, change password for the account in Google Chrome | After this, refresh or try to navigate to some webpage which are allowed to be navigated only by logged in end-users | Result: The end-user in Mozilla Firefox web browser has to log out as he / she is in the session which has old password

Security Questions & Secret answer

• Frame the security question in such a fashion that they are not obvious to be known (What’s your pet’s name? >> Now, is that secret and no wonder we see such questions in famous web applications). It would be good if user is provided with option of choosing customized security question.
• Secret / security answers should be stored in database as hashes and not plain text.

Session Management

• User whose activity is idle for some time should be automatically logged out by expiring his session. (Example: User has gone out to fresh room or to have some snacks without logging out. Now, anyone can come to his system & see the user account open & exploit user account.
• No confidential details like password should be saved in cookie.
• Check what information cookie carries & try to tamper with it using Mozilla add-on Tamper Data.

Captcha

• Captcha characters should not be displayed in cyclic fashion.
• Captcha images should not be allowed to download at one time using add-on like “DownThemAll”
• Use http://free-ocr.com/ to see if captcha could be deciphered.
• Every refresh of a webpage should display new captcha every time.
• Do not show the absolute path names of the captcha that is being displayed because it is easy to put assertions identifying the URL and then entering the according characters to pass the captcha.
• I personally insist on using Google reCaptcha for your web application because it has not been cracked till date. There are many captcha third party services out there but, I do not recommend those.
• Usage of question and answers type of captcha in textual format is good but, not good enough.

This is a good checklist but, it could be made much better if you want to. I stop here because I can go on and on generating the test ideas. You are free to use this checklist for your project in your organization and share it with your colleagues owing credits to me. To share this document here is the PDF document which you can download.

Share/Bookmark

BugBusters is a facebook app launched by uTest which is a crowd-sourcing community for software testing. This game is a flash game and to look at the game or play the game please visit http://apps.facebook.com/bugsbusters/?ref=ts

This game was launched as a contest which had 3 prizes being first prize as iPad and other 2 prizes as Digital Cameras.

What happened after I discovered the security vulnerabilities?

This game was already live and I could see lot of activity from the users around the globe. Once I found this, I quickly documented the report with the necessary details which could help uTest or the development vendor to fix it.

Once the report was ready, I contacted VP of Marketing Mr. Matt Johnston and Mr. Peter Shih who is a community manager via e-mail. They responded quickly with interest to look into the details. Thanks to Matt for introducing the development company to whom I reported these bugs (The development company name is: Blonde20 – http://blonde20.com/).

Those security vulnerabilities were fixed within the same week I reported them. Thanks to Blonde20 folks for fixing it very soon. The fix was not including the details like Score, Profile ID, profile Name etc. in the POST_DATA form. Once they fixed it I tried reproducing it and could not reproduce the same however, I did not explore for more vulnerabilities for the new fix if there were any because I got busy for the BugDeBug conference and other tasks.

This is all good but, where is full disclosure? Well, I have it for you here.

I did not win the game but, at least for me I am the top most winner and have a feeling of winning billion dollars. I wish all the security testers, researchers, newbie (ethical) hackers to learn from my findings and help the web community to protect from the bad guys out there.

Share/Bookmark

There are 18 questions / contexts which you might want to comment on or answer for. Not all are mandatory and if the question or context doesn’t apply to you then you can skip it with a proper reasoning. Example: I have not done check automation before. Remember that it need not be appropriate answers for the questions or contexts. If you think you can add value to this contest in much better way by talking about different things around the context then that would be something that I call awesome.

Without much ado, Santhosh Tuppad WELCOMES YOU TO THE SHOW :) I wish you a happy and joyful ride in the learning and this contest.

Here you go,

1. What if you click on something (A hyperlink) and to process or navigate to that webpage you need to be signed in? Currently, you are not signed in. Should you be taken to Sign up form or Sign in form? What is the better solution that you can provide?

2. Using “Close” naming convention to go back to the homepage is good or it should be named as “Cancel” or it is not really required because there is a “Home” link which is accessible. What are your thoughts?

3. Logout should be placed on top right hand side? What if it is on the top left hand side or in the left hand sidebar which is menu widget like “My Profile”, “Change Password” etc. – Is it a problem or what is your thought process?

4. Current design of forgot password asks for username and security answer and then sends a link to e-mail inbox to set new password. How does “security answer” increase the cost of operations? Also, what questions do you frame for security questions?

5. If you had to design “Forgot Password” working, how would you do it and why? You are free to give different many functional designs.

6. There is neither account lockout policy nor captcha for the login or security answer forms; what kind of problems do you see with the current implementation and what do you propose?

7. Well, it is about context and there are no best practices in general. What are your thoughts on usage of captcha? Where should they be used and why?

8. If you are the solution architect for a retail website which has to be developed; what kind of questions would you ask with respect to “Scalability” purpose with respect to “Technology” being used for the website?

9. How do you think “Deactivate Account” should work functionally keeping in mind about “Usability” & “Security” quality criteria?

10. For every registration, there is an e-mail sent with activation link. Once this activation link is used account is activated and a “Welcome E-mail” is sent to the end-users e-mail inbox. Now, list down the test ideas which could result in spamming if specific tests are not done.

11. In what different ways can you use “Tamper Data” add-on from “Mozilla Firefox” web browser? If you have not used it till date then how about exploring it and using it; then you can share your experience here.

12. Application is being launched in a month from now and management has decided not to test for “Usability” or there are no testers in the team who can perform it and it is a web application. What is your take on this?

13. Share your experience wherein; the developer did not accept security vulnerability and you did great bug advocacy to prove that it is a bug and finally it was fixed. Even if it was not fixed then please let me know about what was the bug and how did you do bug advocacy without revealing the application / company details.

14. What do you have in your tester’s toolkit? Name at least 10 such tools or utilities. Please do not list like QTP, LoadRunner, SilkTest and such things. Something which you have discovered (Example: Process Explorer from SysInternals) on your own or from your colleague. If you can also share how you use it then it would be fantastic.

15. Let us say there is a commenting feature for the blog post; there are 100 comments currently. How would you load / render every comment. Is it one by one or all 100 at once? Justify.

16. Have you ever done check automation using open-source tools? How did you identify the checks and what value did you add by automating them? Explain.

17.  What kind of information do you gather before starting to test a software? (Example: Purpose of this application)

18. How do you achieve data coverage (Inputs coverage) for a specific form with text fields like mobile number, date of birth etc? There are so many character sets and how do you achieve the coverage? You could share your past experience. If not any then you can talk about how it could be done.

Winners and Prizes

I will be giving out 3 prizes and I choose the winners. I take liberty to not give any reasoning behind why I chose the winner and not the other one. It is solely my decision.

1^st Prize: Lessons learned in Software Testing, Six Thinking Hats and General Systems Thinking (Total: 3 Books)

2^nd Prize:  Lessons learned in Software Testing, Six Thinking Hats

3^rd Prize: Lessons learned in Software Testing

Who can participate?

This contest is applicable to the testers who are based in INDIA only however; for participation with the individual interest even testers outside INDIA can participate but, eligible testers for winning prizes will be only from India.

The above is not a strict disclaimer, it is because of the charges applied for sending the prizes and also I am not pretty aware of those things as of now. If it becomes possible to send the prizes then the decision could be changed anytime and winners worldwide would be chosen.

How to submit the answers?

You can do that by commenting here in this blog post itself. Or else you could send even the document (Send it to Santhosh.Tuppad@gmail.com) if you do not want others to read your answers till the competition is over. I leave the decision to you, whichever is comfortable for you. However, once the results are announced, I would add your answers in the comment section which would be public to others.

Contest Duration

The contest starts from today and ends exactly after 1 month from today. I wish you all the best and let us see who can win this contest.

NOTE: Results will be announced as a blog post in this blog itself after a month.

Share/Bookmark

Non technical product owners do not understand security
As a white-hat hacker I have reported security vulnerabilities to the product owner; I have written e-mails. Some responded once and later they did not care about understanding the security vulnerability nor fixed it. Some people did not even respond even over so many gentle reminders; looks like I had to send rude reminder LOL. Then I finally do a responsible disclosure using platforms like CERT, Keeda Null and others. They try to get in touch with vendors and see if they can get it fixed but, it is still not sure however; I can go full disclosure after stipulated time when vendor doesn’t fix it even on notification.

Most of the companies do not educate customers about security
A customer provides requirements which should help him / her in his / her business. All customers might not be technically sound. In such case, technical set of people from the companies should educate them to understand about security however; it is sad that most of the companies are not serious about it and they just want to give what customer asked and get huge amount of money transferred to their bank. Finally, customer goes for a toss while hackers sit on it and rule it. Where is the problem? The problem I personally see here is, either company does not have technical people who can understand about security or companies do not want to educate them even when they could at least try.

We do not have security testing team
This is something that I hear from organizations saying, we do not have team of testers who can test for security. In my opinion, testers can learn to test for security. This comes from a personal learning and passion is a must. After learning if testers can spend at least 1 hour with a mission of testing for security, then I think that must help and also helps organization in return. Testers, are you game to learn security testing? The answer should not be, “We do not have security testing team”. Rather it has to be, “We will build one”.

Let us say if the testers at your organization do not have the skills to test for security and they are not willing or able to learn because of any reason; then what you can do is hire security consultants, ethical hackers who can do awesome job and help you uncover the security bugs. Search on Google for some security testing aspirants or ethical hackers and I am sure you will get bunch of them. Well, you can even hire me :D

Tester: How do I start security testing? / Whom do we hire for security testing?
The answer is pretty simple, start practicing, reading hacking books, conferring with IT security professionals, think like a hacker. Here are some of the resources that can help you to start of with,
a. http://securitytube.net/ – Security Testing / Penetration Testing videos and tools.
b. http://hackthissite.org/ – You can test your skills here. Good enough exercises to help you in assessing your skill levels.
c. http://owasp.com/ – I just love this.
d. Hacking for Dummies by Kevin Beaver – You can also get e-book version for free if you search with “Hacking for Dummies” at http://issuu.com/

Above things are just enough for you to start of with. It will take lots of days for you to finish the above activities. Well, it is not about finishing; it is about exploring more and more about what you read and what you analyze. Do not just read it and say, “I finished it”. After reading it, you got to question yourself – “What progress have I made? How am I able to test for security?”

More information
If you are looking to learn more and need some information from me then you can skype me at “santhosh.s.tuppad” and tweet @santhoshst. I hope you had a good read (At least a few).

Share/Bookmark

• This tool could be used in context where steps to reproduce is more complex and there are many steps in it to be written along with more screenshots. qTrace has capability to capture keystrokes and screenshots for every click done. Later, once you record the steps you can view the steps one by one and also the exact position of click is displayed.
• I liked “System Information” fetching at one place. You have flexibility in including system information. If the bug you are reporting is based on the specific system requirements then you could use this feature to just fetch it in a second by a mouse click. Isn’t that cool enough?
• Save As options – I see that this report could be saved as MS-Word document, PDF document and other options. These export options are cool too.
• You can choose what you want to record – By saying this I mean to say that, it gives you list of windows to be recorded which are already in open state. You could choose “Skype” from the list and only any action performed on “Skype” would be recorded and not any other. I found this interesting as other things will not be recorded if any interruption comes in.
• Screenshot editing feature – This is a MUST and glad to see this feature in qTrace. You can add annotations, crop which is editing feature.

What am I looking forward from qTrace?

• More features to make it powerful one.
• My wish-list of features include;
• Customizable “System Information” elements. Tester should be able to choose what all information he needs rather than things which might not be required for the context.
• Exclude “screenshots” option while exporting it as DOC or PDF format. Not all bug reports would require screenshot. This could be disabled before recording the steps itself rather than saying “Exclude” after recording the steps.
• Make it available for other Operating System platforms like Macintosh and Linux.

What is it priced for?

Yearly license costs you 199838 USD. Err, I am just kidding. It is just 49 USD and could be installed on 3 machines under one license. This is damn affordable for the value that you will be getting out of it. I recommend it.

Happy qTracing!

Share/Bookmark

My comments for what Jakob Nielsen mentions in his article,

Jakob Nielsen says: “Typically, masking passwords doesn’t even increase security, but it does cost you business due to login failures.”

Santhosh Tuppad says: Security is not about making it fool-proof. It is about building layer by layer. Yes, it does increase security rather than not having masked password. It protects against shoulder surfing.

Jakob Nielsen says: “More importantly, there’s usually nobody looking over your shoulder when you log in to a website. It’s just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.”

Santhosh Tuppad says: I have seen many people even in office feel uncomfortable when someone is sitting beside them and they need to enter their password. It is because they feel they might look into the keyboard if their typing is slow. When they feel uncomfortable for this instance, will they not feel unsecured for showing the password without masking? I have seen my colleagues coming to my desk and asking for something. There have been instances when they came to my desk for something where I had to login to application and show them something. Now, do I need to ask them to turn that side and keep looking at them if they are watching me and then type my password?

I would say contexts are different, if you are sitting alone in your office in a separate chamber it’s different. But, remember that here we are dealing with the whole Web End-Users and not just hand-picked people.

Jakob Nielsen says: “Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users’ shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn’t even protect fully against snoopers.”

Santhosh Tuppad says: Well, by unmasking them you are giving chance even to any snooper rather than skilled ones. You are degrading the security here. Let me give a typical example which you can relate to: You have doors for your home and windows. Even windows could be used to by thieves to get in the house by breaking them. Now, it doesn’t mean you should remove doors because they can get in from window as well. I repeat: Security is about adding layers rather than saying FOOL PROOF security.

Jakob Nielsen says: “Password masking has proven to be a particularly nasty usability problem in our testing of mobile devices, where typing is difficult and typos are common. But the problem exists for desktop users as well.”

Santhosh Tuppad says: I partially agree to usability problem in mobile devices where the keypad is cumbersome while I disagree with desktop users – Yes, there have been times when we have typed it wrongly but, I personally have not found it as a usability problem. It is as simple as this; by mistake from bunch of keys I inserted some other key in the lock which did not open it. So, it doesn’t make sense to say “Let me not lock the door itself”.

Jakob Nielsen says: Users make more errors when they can’t see what they’re typing while filling in a form. They therefore feel less confident. This double degradation of the user experience means that people are more likely to give up and never log in to your site at all, leading to lost business.

Santhosh Tuppad says: I personally see password not being asked as a security vulnerability rather than seeing it from usability perspective. I have not seen end-user saying I will not login to this site because they mask the password. Well, password is secret and it has to be secured. If there is a website which doesn’t mask its password, then I would say it is a security bug rather than seeing it as a usability element.

Jakob Nielsen says: The more uncertain users feel about typing passwords, the more likely they are to (a) employ overly simple passwords and/or (b) copy-paste passwords from a file on their computer. Both behaviors lead to a true loss of security.

Santhosh Tuppad says: How does it help when password is unmasked? Still people will continue to use simple password which they can remember. This doesn’t make any difference. People having random passwords who want to copy paste will still continue even when password is masked or unmasked. It is important to remember that, technology provides one layer of security and other layer should come from individual awareness. I cannot complain that system is not securing my account while I wrote my password on some piece of paper and hacker got that piece of paper.

Jakob Nielsen says: Yes, users are sometimes truly at risk of having bystanders spy on their passwords, such as when they’re using an Internet cafe. It’s therefore worth offering them a checkbox to have their passwords masked; for high-risk applications, such as bank accounts, you might even check this box by default. In cases where there’s a tension between security and usability, sometimes security should win.

Santhosh Tuppad says: The checkbox idea might be employed given that by default password is masked. However; I do not agree where Jakob Nielsen mentions only about “high risk applications”. Why is there discrimination? Any application that has login feature is made with the purpose to protect the data.

Banking application by default should have masking feature for password? Why not others? You are putting masking feature by default that no one else should see it and you should not feel uncomfortable to continue with your work while someone is sitting beside you. Right? Then why do it only for some applications and leave others. Just like “iPhone is iPhone”, “Security is Security” and “End-user is end-user” irrespective what kind of application he / she is using.

Summary

In my opinion, it doesn’t make sense to say, “I will remove the doors to add usability, so people can not open the door lock and put efforts in it”. People can still get in by breaking the window or door but, it is layer of security which is same as “masked” password rather than removing it. I agree to some extent to the checkbox idea where you give a checkbox to unmask the password and show it as plain text to end-user however; by default it has to be masked. It is just like you are not checking “Remember Me” in option by default because of Security. Considering this password unmasking, then “Remember Me” should be checked by default to add usability which is not correct.

It is not security versus usability. It is about thinking how we can build applications with better security and better usability and not compromises on both of them to at least a certain level even if we cannot match both of these and there are contexts where I have provided solution so that there is no degrade of usability or degrade of security. It is not security must win and usability should lose and vice-versa (They are not contenders). There are always better ideas, what it needs is brainstorming. Usability is more of analysis and psychology rather than just concluding in few minutes or concluding by thinking as individual. I would finally like to add one point here – “If you are not masking the password then you are spoiling User eXperience and may be you can make end-users not login to your application because they feel uncomfortable logging in with plain text while someone is beside them.”

I hope you had a good read and happy learning.

Share/Bookmark

1. 2 Days Conference
2. Workshops on different topics like Exploratory Testing (@testertested), Performance Testing (@rahul_verma) and Security Testing (@santhoshst)

How this conference is different from yet another conference that happens?

I have attended quite a few conferences till now and the only conference where I enjoy being is “BugDeBug” which is organized by RIA RUI society. Some of the things that I like about this conference are,

1. Organizing part
2. Speakers
3. Competitions
4. Not to forget, good lunch! Yummmmmmmm!
5. Affordable price for registration (Remember that, the value that you will be getting out of this conference will be no match to what you have paid. It’s awesome conference)

The list will go on if I want to speak all the good things about this conference.

How can you benefit from this conference?

Networking with people

Once you register and just sit their idle in the conference doesn’t work out. You need to move out from the place, go introduce yourself and network with the people around you. Do not wait for others to come to you and talk. Just go and say “Hi” and start rolling the ball.

Participating in competitions

There would be some competitions I guess even in this conference. So, do not be shy from participating. Participate actively and you might win some goodies.

Workshop

If you are attending a 1 day workshop, then please do carry a laptop with you which can facilitate better learning for you. If you do not have one, then you can request someone to share their laptop with you.

What are you waiting for?

This is not the time to think, go and register for BugDeBug at http://bugdebug.in/ and keep your fingers crossed to witness one of the successful software testing conference in India.

See you all at Bug De Bug 2012 in Chennai.

Share/Bookmark

Share/Bookmark