The document consists of various exercises that also includes Social Engineering. These exercises will help you trigger the ideas in your brain and also use the power of imagination to get better at Security.
FAQin Congress - 5/3/2016
EDITING WHATSAPP CONTENTS ON A NON JAILBREAK IPHONE OR HOW TO FOOL FORENSIC EXPERTS REPORTS.
Video at slide 38 ! and also here:
DEMO VIDEO: https://youtu.be/9BTMQSqJy_I
How to Make Phishing Simulations Effective in Your Organization.pdfinfosec train
Phishing simulations are a great way to test employee awareness of phishing attacks and to educate them on how to spot and avoid them.
However, for phishing simulations to be effective, they need to be done correctly Here are some tips on how to make phishing simulations effective in your organization.
https://www.infosectrain.com/courses/certified-ethical-hacker-ceh-training/
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security".
In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more.
Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software.
From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”
Cyber Security is not a nice to have, it's essential to protect your business, its clients and assets. Don't take risks. At Penntech IT Solutions, an IT Service Company in London, we can provide security services to keep your business safe proactively.
Dayton Microcomputer Association (DMA):
April 2020 - Online Meeting
Date: April 28, 2020
Topic: Stupid Cyber Criminal Tricks and How to Combat Them
Speaker: Matt Scheurer
This talk covers various techniques used by cyber criminals, and how to spot them. This is the accompanying slide deck for a presentation that covers live demos. Who does not love a good cyber-crime story?
FAQin Congress - 5/3/2016
EDITING WHATSAPP CONTENTS ON A NON JAILBREAK IPHONE OR HOW TO FOOL FORENSIC EXPERTS REPORTS.
Video at slide 38 ! and also here:
DEMO VIDEO: https://youtu.be/9BTMQSqJy_I
How to Make Phishing Simulations Effective in Your Organization.pdfinfosec train
Phishing simulations are a great way to test employee awareness of phishing attacks and to educate them on how to spot and avoid them.
However, for phishing simulations to be effective, they need to be done correctly Here are some tips on how to make phishing simulations effective in your organization.
https://www.infosectrain.com/courses/certified-ethical-hacker-ceh-training/
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security".
In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more.
Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software.
From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”
Cyber Security is not a nice to have, it's essential to protect your business, its clients and assets. Don't take risks. At Penntech IT Solutions, an IT Service Company in London, we can provide security services to keep your business safe proactively.
Dayton Microcomputer Association (DMA):
April 2020 - Online Meeting
Date: April 28, 2020
Topic: Stupid Cyber Criminal Tricks and How to Combat Them
Speaker: Matt Scheurer
This talk covers various techniques used by cyber criminals, and how to spot them. This is the accompanying slide deck for a presentation that covers live demos. Who does not love a good cyber-crime story?
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperLemi Orhan Ergin
Ethics... It could be the most important and underrated topic in software industry. It is directly related with professionalism, craftsmanship and professional discipline. From time to time we have to jump into the discussions, however we never discuss it deeper.
I have found himself in a huge blast of discussions when he tweeted about a **HUGE** security issue at the most popular operating system. Then I had deep thoughts about ethics and the behaviours of ethical developers.
In this session I talk about the followings:
* I refer to real-life stories of many good practices for professional ethics that are critical in the software development world.
* I mention technical and non-technical aspects of being an ethical developer.
* I deep dive into the arguments against the ethical controversies and the debate over the sharing of a major error in MacOS via Twitter.
Created & Presented by Anshumani Ruddra, Group Product Manager,
Google, at EngageMint, Asia's largest Retention Marketing Conference.
Anshumani covers various frameworks that can help you with your decision-making process while going about user engagement, how your brand shouldn't try to engage your customers and how to give them a good experience so they keep coming back for more.
In this session he covers:
- Masterlist of Dos and Don'ts
- Group Discussion / Submission of Entries
- Insights from Speakers on the Playbook
About the speaker:
Anshumani Ruddra handles product development (web and mobile) for the second largest mobile market in the world, India. He has successfully managed large products - in terms of total install base, active users and revenue - and large teams & his previous stints include some leading brands in the industry like Hotstar, Cuemath, Practo, Tiny Mogul Games, etc.
About EngageMint:
Hosted with love by WebEngage, EngageMint is a platform that brings together marketers and product managers from across Asia, passionate about one thing - giving their customers the ‘aha’ experiences they deserve. At EngageMint, we strongly believe that by equipping professionals with the right strategies, we can initiate a massive shift in the way businesses think about growth, product experiences, customer retention, and everything else in between.
All our sessions are hand-curated and deep-dive into each aspect of user engagement and retention. So all you have to do is take notes and implement these learnings as soon as you get back to work! More details: https://webengage.com/engagemint/
WebEngage is a new age Retention Operating System, a single suite for marketers to store user data, provide actionable insights, orchestrate omnichannel campaigns by leveraging user insights to provide a hyper-personalized end-user experience.
The platform helps brands drive more revenue from existing customers and anonymous users across 10+ communication channels. WebEngage goes above and beyond a marketing automation platform and powers the user engagement for thousands of enterprise brands worldwide, working across several industries like E-Commerce, Edtech, Fintech, Foodtech, Media & Publications, Gaming, BFSI, Healthcare, Online Retail. The key clientele includes marquee brands like HUL, Bajaj Finserv, Unacademy, ALT Balaji, MakeMyTrip, Zivame, Firstcry, and many more.
----------------------------------------------
To know more about WebEngage, visit - https://webengage.com/
Book a demo with us: https://webengage.com/campaign-lp/request-a-demo/?utm_source=youtube&utm_medium=social&utm_campaign=engagemint2022&utm_term=anshumaniruddra
To know the latest insights on customer retention and marketing automation worldwide, follow us here:
Twitter: https://twitter.com/WebEngage
LinkedIn: https://www.linkedin.com/company/webengage
Facebook: https://www.facebook.com/WebEngage/
Instagram: https://www.instagram.com/webengage/
BSidesLondon 20th April 2011 - @wickedclownuk
---------------------------------------------------
Lots of companies are using RDP to support their external users. The administrators lock down the servers via group policy believing it is all secure, I will demostrate how you can instantly bypass group policy and how to escalate your privileges with the use of Metasploit.
---f
Cyber Security aware society is the need of the hour, there is a growing need for Cyber Security awareness, every user of internet should know at least the basics of cyber security, an educated and aware user can help in minimizing the impact and rate of cyber crimes, particularly of those that are related with online transactions and phishing…
Effective 2FA - Part 1: the technical stuffConorGilsenan1
Two-factor authentication (2FA) is the most straightforward way for companies to drastically improve the security of their user authentication process. However, not all 2FA implementations are created equal. Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. In this presentation, I dive into the technical details of the most common 2FA implementations and highlight security and usability trade-offs. You will learn how to develop a 2FA implementation strategy that will best serve your users.
Time to unlock the growth of your product and boost your User Onboarding!
Learn how to capture your users hearts and minds, optimize their signups, and align your in-app touch points to increase their retention from day one.
➡️ Credit @mxbraud for the design of the slides!
Session 4 - Developing Open Source Software - The LessonsJonathan Field
Index Data have found that projects where open-source software is seen simply as a cheaper alternative to a proprietary solution rarely reach such satisfactory conclusions as those where the method of working takes advantage of the open-source approach. The principles described in this talk will be illustrated by real-world examples drawn from actual experiences.
Your users are humans and let's live our promise of securing themSanthosh Tuppad
We have been in the software world for long now and I think still security is not given enough importance. Maybe lack of skills or lack of expertise? How about kickstarting your security testing learning after this talk? Santhosh Tuppad will demonstrate some quick hits (Well, the real hacks) to motivate you and also give you tips to kickstart your security testing learning. Ready for it? Let's do it and nail it down.
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.
Shared responsibility model: Why and how to choose the right 2 fa method for ...ConorGilsenan1
Service providers have a responsibility to provide two factor authentication (2FA) and help their users make informed decisions about which 2FA method(s) to enable.
In this talk, I discuss the AWS Shared Responsibility Model and highlight that implementing 2FA follows a similar pattern. I dive into the details of the 4 most common methods of 2FA and explain the security and usability tradeoffs of each. I cover SMS, time-based one-time passwords (TOTP), push notifications, and Universal 2nd Factor (U2F).
Audio and slides on YouTube: https://www.youtube.com/watch?v=ub7tU6ZLxAs
Tools are my servants. and I am the master - By Santhosh TuppadSanthosh Tuppad
I am always excited about the tools which can aid me in my mission. And that mission is, to inject my test idea and produce effective results. Since my school days, I have been using various tools/utilities/plugins/extensions to execute my idea. To me, it is not about the tool only but also the idea that comes first to the brain from a variety of thinking skills. For instance, if I do not know how to drive a sports utility vehicle skillfully, I cannot harness the power of the machine offered to me.
You are going to join me in this workshop for these 3 reasons:
Usage of tools to perform better testing
Increase your productivity and invest more time in testing
Just because you can
In this tools demonstration, I will be focussing on a variety of aspects or ways in how a specific tool can be used in your testing activity. And remember that, a tool offers you more than what you think it can achieve if and only the fuel is the right one to feed the tool. And that fuel is your creative ideas. In my childhood days and adulthood, I have used tiny, teeny, and little tools or plugins to extract great results in my testing and achieving effective productivity. In short, tools are my slaves and I am a good master.
The first and foremost idea is to have blueprint/architecture of what you want to achieve and then the tools or frameworks or piece of code is a matter of connecting the wires to power the building. Welcome to this lightning powerful tools demonstration workshop.
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatSanthosh Tuppad
Hacking is one of the areas which shall never stop until the software/hardware exists on this planet. Whatever is built can be compromised and its an order of nature. Some things will never change, but all we can do is protect ourselves from the majority of the attacks and also build solid secure layers around the software that we test. This helps in improving the privacy of our users and also protecting our businesses from the black-hat world. Alas! We have a massive skill shortage. Most white-hat hackers are script kiddies, toolsmith, checkers and someone who keeps running scanners only and then report them as vulnerabilities.
Santhosh Tuppad's question is, if black-hat hackers also use scanners or checkers to hack something, then why is that we have not been able to successfully stop them as we are also using scanners to identify vulnerabilities? Do you get his point? Think.
In this talk, Santhosh Tuppad is going to demonstrate the bad shape of software industry where security is not considered or taken seriously and how shallow or sloppy way of security testing is being done just for the namesake. Santhosh will not just be a pessimist, but also share his thoughts on how we can fix this problem of massive skill shortage and how one can foster their skills by upskilling themselves with characteristics of passion, self-educating, learning, digging deeper and more.
Are you ready for a jaw-dropping session? You bet.
More Related Content
Similar to Web and mobile security workshop workbook v1 - by santhosh tuppad
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperLemi Orhan Ergin
Ethics... It could be the most important and underrated topic in software industry. It is directly related with professionalism, craftsmanship and professional discipline. From time to time we have to jump into the discussions, however we never discuss it deeper.
I have found himself in a huge blast of discussions when he tweeted about a **HUGE** security issue at the most popular operating system. Then I had deep thoughts about ethics and the behaviours of ethical developers.
In this session I talk about the followings:
* I refer to real-life stories of many good practices for professional ethics that are critical in the software development world.
* I mention technical and non-technical aspects of being an ethical developer.
* I deep dive into the arguments against the ethical controversies and the debate over the sharing of a major error in MacOS via Twitter.
Created & Presented by Anshumani Ruddra, Group Product Manager,
Google, at EngageMint, Asia's largest Retention Marketing Conference.
Anshumani covers various frameworks that can help you with your decision-making process while going about user engagement, how your brand shouldn't try to engage your customers and how to give them a good experience so they keep coming back for more.
In this session he covers:
- Masterlist of Dos and Don'ts
- Group Discussion / Submission of Entries
- Insights from Speakers on the Playbook
About the speaker:
Anshumani Ruddra handles product development (web and mobile) for the second largest mobile market in the world, India. He has successfully managed large products - in terms of total install base, active users and revenue - and large teams & his previous stints include some leading brands in the industry like Hotstar, Cuemath, Practo, Tiny Mogul Games, etc.
About EngageMint:
Hosted with love by WebEngage, EngageMint is a platform that brings together marketers and product managers from across Asia, passionate about one thing - giving their customers the ‘aha’ experiences they deserve. At EngageMint, we strongly believe that by equipping professionals with the right strategies, we can initiate a massive shift in the way businesses think about growth, product experiences, customer retention, and everything else in between.
All our sessions are hand-curated and deep-dive into each aspect of user engagement and retention. So all you have to do is take notes and implement these learnings as soon as you get back to work! More details: https://webengage.com/engagemint/
WebEngage is a new age Retention Operating System, a single suite for marketers to store user data, provide actionable insights, orchestrate omnichannel campaigns by leveraging user insights to provide a hyper-personalized end-user experience.
The platform helps brands drive more revenue from existing customers and anonymous users across 10+ communication channels. WebEngage goes above and beyond a marketing automation platform and powers the user engagement for thousands of enterprise brands worldwide, working across several industries like E-Commerce, Edtech, Fintech, Foodtech, Media & Publications, Gaming, BFSI, Healthcare, Online Retail. The key clientele includes marquee brands like HUL, Bajaj Finserv, Unacademy, ALT Balaji, MakeMyTrip, Zivame, Firstcry, and many more.
----------------------------------------------
To know more about WebEngage, visit - https://webengage.com/
Book a demo with us: https://webengage.com/campaign-lp/request-a-demo/?utm_source=youtube&utm_medium=social&utm_campaign=engagemint2022&utm_term=anshumaniruddra
To know the latest insights on customer retention and marketing automation worldwide, follow us here:
Twitter: https://twitter.com/WebEngage
LinkedIn: https://www.linkedin.com/company/webengage
Facebook: https://www.facebook.com/WebEngage/
Instagram: https://www.instagram.com/webengage/
BSidesLondon 20th April 2011 - @wickedclownuk
---------------------------------------------------
Lots of companies are using RDP to support their external users. The administrators lock down the servers via group policy believing it is all secure, I will demostrate how you can instantly bypass group policy and how to escalate your privileges with the use of Metasploit.
---f
Cyber Security aware society is the need of the hour, there is a growing need for Cyber Security awareness, every user of internet should know at least the basics of cyber security, an educated and aware user can help in minimizing the impact and rate of cyber crimes, particularly of those that are related with online transactions and phishing…
Effective 2FA - Part 1: the technical stuffConorGilsenan1
Two-factor authentication (2FA) is the most straightforward way for companies to drastically improve the security of their user authentication process. However, not all 2FA implementations are created equal. Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. In this presentation, I dive into the technical details of the most common 2FA implementations and highlight security and usability trade-offs. You will learn how to develop a 2FA implementation strategy that will best serve your users.
Time to unlock the growth of your product and boost your User Onboarding!
Learn how to capture your users hearts and minds, optimize their signups, and align your in-app touch points to increase their retention from day one.
➡️ Credit @mxbraud for the design of the slides!
Session 4 - Developing Open Source Software - The LessonsJonathan Field
Index Data have found that projects where open-source software is seen simply as a cheaper alternative to a proprietary solution rarely reach such satisfactory conclusions as those where the method of working takes advantage of the open-source approach. The principles described in this talk will be illustrated by real-world examples drawn from actual experiences.
Your users are humans and let's live our promise of securing themSanthosh Tuppad
We have been in the software world for long now and I think still security is not given enough importance. Maybe lack of skills or lack of expertise? How about kickstarting your security testing learning after this talk? Santhosh Tuppad will demonstrate some quick hits (Well, the real hacks) to motivate you and also give you tips to kickstart your security testing learning. Ready for it? Let's do it and nail it down.
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.
Shared responsibility model: Why and how to choose the right 2 fa method for ...ConorGilsenan1
Service providers have a responsibility to provide two factor authentication (2FA) and help their users make informed decisions about which 2FA method(s) to enable.
In this talk, I discuss the AWS Shared Responsibility Model and highlight that implementing 2FA follows a similar pattern. I dive into the details of the 4 most common methods of 2FA and explain the security and usability tradeoffs of each. I cover SMS, time-based one-time passwords (TOTP), push notifications, and Universal 2nd Factor (U2F).
Audio and slides on YouTube: https://www.youtube.com/watch?v=ub7tU6ZLxAs
Similar to Web and mobile security workshop workbook v1 - by santhosh tuppad (20)
Tools are my servants. and I am the master - By Santhosh TuppadSanthosh Tuppad
I am always excited about the tools which can aid me in my mission. And that mission is, to inject my test idea and produce effective results. Since my school days, I have been using various tools/utilities/plugins/extensions to execute my idea. To me, it is not about the tool only but also the idea that comes first to the brain from a variety of thinking skills. For instance, if I do not know how to drive a sports utility vehicle skillfully, I cannot harness the power of the machine offered to me.
You are going to join me in this workshop for these 3 reasons:
Usage of tools to perform better testing
Increase your productivity and invest more time in testing
Just because you can
In this tools demonstration, I will be focussing on a variety of aspects or ways in how a specific tool can be used in your testing activity. And remember that, a tool offers you more than what you think it can achieve if and only the fuel is the right one to feed the tool. And that fuel is your creative ideas. In my childhood days and adulthood, I have used tiny, teeny, and little tools or plugins to extract great results in my testing and achieving effective productivity. In short, tools are my slaves and I am a good master.
The first and foremost idea is to have blueprint/architecture of what you want to achieve and then the tools or frameworks or piece of code is a matter of connecting the wires to power the building. Welcome to this lightning powerful tools demonstration workshop.
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatSanthosh Tuppad
Hacking is one of the areas which shall never stop until the software/hardware exists on this planet. Whatever is built can be compromised and its an order of nature. Some things will never change, but all we can do is protect ourselves from the majority of the attacks and also build solid secure layers around the software that we test. This helps in improving the privacy of our users and also protecting our businesses from the black-hat world. Alas! We have a massive skill shortage. Most white-hat hackers are script kiddies, toolsmith, checkers and someone who keeps running scanners only and then report them as vulnerabilities.
Santhosh Tuppad's question is, if black-hat hackers also use scanners or checkers to hack something, then why is that we have not been able to successfully stop them as we are also using scanners to identify vulnerabilities? Do you get his point? Think.
In this talk, Santhosh Tuppad is going to demonstrate the bad shape of software industry where security is not considered or taken seriously and how shallow or sloppy way of security testing is being done just for the namesake. Santhosh will not just be a pessimist, but also share his thoughts on how we can fix this problem of massive skill shortage and how one can foster their skills by upskilling themselves with characteristics of passion, self-educating, learning, digging deeper and more.
Are you ready for a jaw-dropping session? You bet.
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
Most of us have fear when we have spent so much of time in doing something and all of a sudden we are made to embrace a new change which could be in terms of technology. Recently, IoT, AI, ML and Automation have been great subjects and are made to be believed by testers as “Problem Solvers” for “Testing” problem which isn’t really true. They do add value, but let’s not compare them with testing because they are elements of testing while Testing still remains a profession which requires intelligence and is backed by Science.
In this talk, Santhosh Tuppad will try to help the testers to kick-out the fear and embrace the new technologies and learn them by helping them to understand Mindset concept and built their mindset very well. He shall also speak about IoT Security Elements and then relate them to daily life and and current web / mobile hacking. In short, “Once a tester has a mindset of Security or Hacking, it’s much easier to embrace new technologies or domains or software as most of the ideas from web/mobile hacking or life are relevant.
This talk relates very much too, Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. ATTRIBUTION: Chinese proverb
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadSanthosh Tuppad
It may look like many of the entrepreneurs have lost the true meaning of Entrepreneur. Santhosh Tuppad sheds light on his perspective of "Entrepreneur".
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Santhosh Tuppad
Not many slides as most of the workshop had an exploratory style and also hands-on after few slides. The description of this workshop goes as follows (This was done for Agile Testing Days - Potsdam in 2017): Most of the people speak about security testing being one of the priorities, but most of the people do not do. My workshop will not make you great hacker on Day 1, but enable you to do security tests on your web and mobile apps and find security vulnerabilities. I am going to focus on Web Security Attacks.
Passion is a free spirit, only you can cage it.Santhosh Tuppad
Passion can die and also can reincarnate. Only people who can cage it is people themselves. And they are the ones who can free their passion for being a free-spirit. Letting the passion be free can be done only through learning and continuous improvement (Kaizen in Japanese).
This presentation was delivered at Beyond Passion meetup organized by Accesa company in Cluj-Napoca, Romania. Thanks to Diana Pomian and other organizers for providing me this opportunity.
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh Tuppad
I started my career in software testing as highly passionate and I was very aggressive in the things that I did. Well, the passion appeared to dwindle as the days passed and it was extremely boring for me and I did fear the consequences of letting go my passion. Nevertheless, I said this to myself — “When I started, I was highly passionate. And possibly, one of the reason was — “I did not know much and wanted to learn which was one of my highest priority in life”. And my journey of learning restarted from scratch and learning to do better testing.
This experiential story is about my journey where passion wanted to leave me alone, but I convinced passion to stay and now I am so occupied with the learning everyday and thriving for excellence in the things that I do in software testing craft.
This document provides details about Santhosh Tuppad's profession as Software Tester, Entrepreneur, Ethical Hacker, Hackathon Winner, Being a Writer and More.
You can follow him on Twitter @santhoshst and know him better.
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh Tuppad
A quick expression of explaining the journey of Santhosh Tuppad as a software tester :-) This is just a very tiny snapshot though. I will come up a bigger one with my more accomplishments in life which make me happy and take me to peace.
Cheers!
#Testing #Speaker #Badass #Visceral #Conference #Journey #Life
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Essentials of Automations: The Art of Triggers and Actions in FME
Web and mobile security workshop workbook v1 - by santhosh tuppad
1. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
SECURITY - WORKSHOP
WORKBOOK
Twitter: https://twitter.com/santhoshst/
LinkedIn: https://www.linkedin.com/in/santhosh-tuppad-338b7412/
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
2. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#SE01 → Your enemy resides in a different country and you want to spy on all
his activities on his computer
More context:
// He connects to internet to check his email
// He uses anti-virus that is a free edition
// He is attracted to piracy and porn
Write down your approach or your thoughts about gaining access to his every
bit of data on his computer.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
3. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#SE02 → You want to know the IP address of a target and you need to know
this without the knowledge of the target.
More context:
// Target is available on social media platform. That’s twitter.
// Target likes freebies
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
4. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#SE03 → You need to get into a physical infrastructure of a multinational
company. The company entrance has a security guard and if you bypass him
through social engineering, you can accomplish your goal. What are your ideas
to get through the security guard?
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
5. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#EX01 → Your job is to help the customer with the 5 good security questions
and 5 bad security questions. Please list down.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
6. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#EX02 → Identify the possible threats in your company. These can be
notorious developers, rogue insiders, employees who hold grudge and so on.
Also, list down reasons why you think they are threat to your company.
Basically, identify threat agents or threat drivers.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
7. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#EX03 →→ Passive Reconnaissance →→ You have been assigned a task to
gather information or do a passive recon for http://tuppad.com/
Gather information as much as you can and list down the highlights about
your exploration.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
8. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX04 → Develop a functional design / algorithm for forgot password feature
in web application. Your goal is to help the customer achieve secure enough
forgot password feature.
More context:
// application type: food delivery / ecommerce
// email address is used as a username
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
9. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX05 → What’s the best password according to you and why?
apple@123
aaaaaa@0
RomaniaIsBeautiful
ILoveClujOnMilkyWay
19199919
0989
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
10. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX06 → Username enumeration attack → Which of the below error message
is secure enough and why are others not good enough?
Invalid username / password
The username entered is incorrect. Please retry!
Username and password are both incorrect. Try again!
The password entered for username Santhosh is incorrect. (Wordpress way)
Incorrect credentials
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.
11. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX07 → Your task is to stop the bots from cracking the username and
password in the login form. And also stop the human employed bots to stop
manual brute-force attack. As a security consultant, what suggestions would
you like to give in order to secure login form against brute force attacks?
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.