Event details
- A wing, 5th Floor, MCCIA Trade Towers, ICC Complex, Senapati Bapat Road, Shivajinagar, Pune 411016
- November 19, 2022
- Saturday, 10:00 AM to 1:00 PM
- VTEST
Contact event manager
Book your tickets
Security Testing for Everyone
A wing, 5th Floor, MCCIA Trade Towers, ICC Complex, Senapati Bapat Road, Shivajinagar, Pune 411016
Saturday, 10:00 AM to 1:00 PM
November 19, 2022
000000
Security Testing for Everyone
A wing, 5th Floor, MCCIA Trade Towers, ICC Complex, Senapati Bapat Road, Shivajinagar, Pune 411016
Saturday, 10:00 AM to 1:00 PM
November 19, 2022
A quick story and what’s gonna happen in this mini workshop:
I was 12, when I first got introduced to a computer (running Disc Operating System) and I quickly fell in love with the magic of computer
and also command-line terminal. Many days passed by and I had my first hacking lesson or exploiting the vulnerability experience when I was 16. Since then my learning about security has never stopped. Despite not being labelled as a security tester at the age of 16, I was successful in finding my first vulnerability through my mindset & (hacker) instincts. Even you can.
Through this mini workshop, I am going to help the testers who have never done any type of start security testing / penetration testing in their web applications to find potentially dangerous vulnerabilities while every tester in the organisation can start their journey to contribute to the Web Security and also creating “Every tester does security testing to an extent” culture.
Who should attend:
● Web Application Testers
● Web Developers
● Security Enthusiasts irrespective of their years of experience
Topics and Subtopics:
- What is Web Security & its mysteries?
a. Getting the terminology right in simple words through real world example
b. The state of current web security and what it lacks?
c. Why do we see data breaches everyday? What are we doing wrong? - Building Security Mindset Culture
a. My experience of practicing the mindset
b. Expanding the horizons of “Security Thinking” through practice & Exploration
c. Creating a “Security Culture” as a “Team” - Finding Vulnerabilities Through Questions to the Programmers
a. Questioning the team (programmers, security architects, stakeholders) to identify vulnerabilities in different phases of development lifecycle - Attacking Web Applications using Web Developer Tools
a. Finding potentially dangerous vulnerabilities through Web Developer Tools using Network Tab
i. Tampering the request body
ii. HTTP Headers Analysis
b. Manipulating HTML DOM to identify access control vulnerabilities
c. Console tips and tricks to manipulate HTML attributes through Javascript to fasten your execution of tests
i. Writing simple javascript code
ii. Storing them in Snippets to run them whenever required
About Speaker – Santhosh Tuppad
Santhosh Tuppad has played different roles in his life which include being a passionate entrepreneur, liar, lover, boyfriend, thief, software tester, blogger, reader, trainer, coach, black-hat hacker, white-hat hacker, grey-hat hacker and what not. In this amazing journey of life, he has experienced his salvation. Not to forget that “Salvation comes at a price” and of course he has paid that price. Before he was known for being merciless, ruthless, unkind, evil etc. And today he is known for kindness, humbleness, and some people call him “Privacy Fighter”. Santhosh is also one of the OWASP Cheatsheet Contributors and shares his knowledge on Security and Testing unconditionally. The world finds his ways “Unconventional”, but he thinks that it’s the best.