Web and mobile security workshop workbook v1 - by santhosh tuppad

•

2 likes•848 views

The document consists of various exercises that also includes Social Engineering. These exercises will help you trigger the ideas in your brain and also use the power of imagination to get better at Security.

Technology

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
SECURITY - WORKSHOP
WORKBOOK
Twitter: https://twitter.com/santhoshst/
LinkedIn: https://www.linkedin.com/in/santhosh-tuppad-338b7412/
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#SE01 → Your enemy resides in a different country and you want to spy on all
his activities on his computer
More context:
// He connects to internet to check his email
// He uses anti-virus that is a free edition
// He is attracted to piracy and porn
Write down your approach or your thoughts about gaining access to his every
bit of data on his computer.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#SE02 → You want to know the IP address of a target and you need to know
this without the knowledge of the target.
More context:
// Target is available on social media platform. That’s twitter.
// Target likes freebies
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#SE03 → You need to get into a physical infrastructure of a multinational
company. The company entrance has a security guard and if you bypass him
through social engineering, you can accomplish your goal. What are your ideas
to get through the security guard?
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#EX01 → Your job is to help the customer with the 5 good security questions
and 5 bad security questions. Please list down.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#EX02 → Identify the possible threats in your company. These can be
notorious developers, rogue insiders, employees who hold grudge and so on.
Also, list down reasons why you think they are threat to your company.
Basically, identify threat agents or threat drivers.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
#EX03 →→ Passive Reconnaissance →→ You have been assigned a task to
gather information or do a passive recon for http://tuppad.com/
Gather information as much as you can and list down the highlights about
your exploration.
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX04 → Develop a functional design / algorithm for forgot password feature
in web application. Your goal is to help the customer achieve secure enough
forgot password feature.
More context:
// application type: food delivery / ecommerce
// email address is used as a username
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX05 → What’s the best password according to you and why?
apple@123
aaaaaa@0
RomaniaIsBeautiful
ILoveClujOnMilkyWay
19199919
0989
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX06 → Username enumeration attack → Which of the below error message
is secure enough and why are others not good enough?
Invalid username / password
The username entered is incorrect. Please retry!
Username and password are both incorrect. Try again!
The password entered for username Santhosh is incorrect. (Wordpress way)
Incorrect credentials
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD
EX07 → Your task is to stop the bots from cracking the username and
password in the login form. And also stop the human employed bots to stop
manual brute-force attack. As a security consultant, what suggestions would
you like to give in order to secure login form against brute force attacks?
These exercises are crafted only for the participants of the workshop by Santhosh Tuppad.
Kindly do not redistribute them without the permission.

As technology evolved, software security faced huge challenges and as the years passed, the world has seen drastic changes far too quickly. And along with these advancements, even black-hat hackers or malicious hackers have evolved also very well. Today, the internet is the place for everyone where hackers dwell almost all the time. Every day new applications are released to the web and users start using them and even get addicted to them due to outstanding UX. But, wait! Did someone think about the "security" layer of these applications? Well, we often don’t and most of the applications today suffer from "beggarly / bad security". In this talk, Santhosh Tuppad will focus on the pitfalls of bad security and why software security has failed in a pretty way. He will also shed light on how your users may be facing bigger problems than you can imagine due to bad software that lacks security testing. He will also demonstrate some of the lethal problems that exist in the industry and will talk about technical impact, business impacts like reputation damage, revenue loss and a lot more. Not only that, Santhosh won’t end his talk without some hacking demonstrations that will for sure wow you. Finally, he will tell you how you can start security testing from day 1 and start contributing in terms of building secure software. From this talk, you will gain an understanding about the problems that a lack of security testing presents and you find out about tool-assisted security testing; performing security tests through questioning. After the talk, you will be able to start identifying risks and report comm.on vulnerabilities giving you a feeling of “I can do this”

Level Up - A Career in Security

Gabriel Mathenge

Penntech IT Solutions and cyber security

Penntech IT Solutions

DMA - Stupid Cyber Criminal Tricks

ThreatReel Podcast

Ethics... It could be the most important and underrated topic in software industry. It is directly related with professionalism, craftsmanship and professional discipline. From time to time we have to jump into the discussions, however we never discuss it deeper. I have found himself in a huge blast of discussions when he tweeted about a **HUGE** security issue at the most popular operating system. Then I had deep thoughts about ethics and the behaviours of ethical developers. In this session I talk about the followings: * I refer to real-life stories of many good practices for professional ethics that are critical in the software development world. * I mention technical and non-technical aspects of being an ethical developer. * I deep dive into the arguments against the ethical controversies and the debate over the sharing of a major error in MacOS via Twitter.

EngageMint 2022: How NOT to Engage

WebEngage

Created & Presented by Anshumani Ruddra, Group Product Manager, Google, at EngageMint, Asia's largest Retention Marketing Conference. Anshumani covers various frameworks that can help you with your decision-making process while going about user engagement, how your brand shouldn't try to engage your customers and how to give them a good experience so they keep coming back for more. In this session he covers: - Masterlist of Dos and Don'ts - Group Discussion / Submission of Entries - Insights from Speakers on the Playbook About the speaker: Anshumani Ruddra handles product development (web and mobile) for the second largest mobile market in the world, India. He has successfully managed large products - in terms of total install base, active users and revenue - and large teams & his previous stints include some leading brands in the industry like Hotstar, Cuemath, Practo, Tiny Mogul Games, etc. About EngageMint: Hosted with love by WebEngage, EngageMint is a platform that brings together marketers and product managers from across Asia, passionate about one thing - giving their customers the ‘aha’ experiences they deserve. At EngageMint, we strongly believe that by equipping professionals with the right strategies, we can initiate a massive shift in the way businesses think about growth, product experiences, customer retention, and everything else in between. All our sessions are hand-curated and deep-dive into each aspect of user engagement and retention. So all you have to do is take notes and implement these learnings as soon as you get back to work! More details: https://webengage.com/engagemint/ WebEngage is a new age Retention Operating System, a single suite for marketers to store user data, provide actionable insights, orchestrate omnichannel campaigns by leveraging user insights to provide a hyper-personalized end-user experience. The platform helps brands drive more revenue from existing customers and anonymous users across 10+ communication channels. WebEngage goes above and beyond a marketing automation platform and powers the user engagement for thousands of enterprise brands worldwide, working across several industries like E-Commerce, Edtech, Fintech, Foodtech, Media & Publications, Gaming, BFSI, Healthcare, Online Retail. The key clientele includes marquee brands like HUL, Bajaj Finserv, Unacademy, ALT Balaji, MakeMyTrip, Zivame, Firstcry, and many more. ---------------------------------------------- To know more about WebEngage, visit - https://webengage.com/ Book a demo with us: https://webengage.com/campaign-lp/request-a-demo/?utm_source=youtube&utm_medium=social&utm_campaign=engagemint2022&utm_term=anshumaniruddra To know the latest insights on customer retention and marketing automation worldwide, follow us here: Twitter: https://twitter.com/WebEngage LinkedIn: https://www.linkedin.com/company/webengage Facebook: https://www.facebook.com/WebEngage/ Instagram: https://www.instagram.com/webengage/

W make107Greg in SD

Breaking out of restricted RDP

Security BSides London

Can I Get Fired For Dating My Boss's Daughter?

damptableware701

Cyber security-awareness-for-social-media-users - Devsena Mishra

Devsena Mishra

Effective 2FA - Part 1: the technical stuff

ConorGilsenan1

Two-factor authentication (2FA) is the most straightforward way for companies to drastically improve the security of their user authentication process. However, not all 2FA implementations are created equal. Thinking of quickly throwing together a workflow using SMS and calling it a day? Think again! Though popular, 2FA via SMS has many security issues and was actually deprecated by NIST in 2017. In this presentation, I dive into the technical details of the most common 2FA implementations and highlight security and usability trade-offs. You will learn how to develop a 2FA implementation strategy that will best serve your users.

Build World Class User Onboarding

Enzo Avigo

ISMS Awareness Training (2) (1).pptx

vasidharta

Fitsec-remote work and cyber security

AnnaVihersalo

Session 4 - Developing Open Source Software - The Lessons

Jonathan Field

Twitter for Real Estate

aussiehome.com

zaki_anwer_cryptography.pptx

Mewar University

Your users are humans and let's live our promise of securing them

Santhosh Tuppad

We have been in the software world for long now and I think still security is not given enough importance. Maybe lack of skills or lack of expertise? How about kickstarting your security testing learning after this talk? Santhosh Tuppad will demonstrate some quick hits (Well, the real hacks) to motivate you and also give you tips to kickstart your security testing learning. Ready for it? Let's do it and nail it down.

security procedures

offbeatnominee633

MichaelSoule-UsingJupyterNotebooks.pptx

AWS Chicago

IRC Guide by Offensive Security

Sami Brahmi

Owasp top 10 web application security hazards - Part 1

Abhinav Sejpal

Shared responsibility model: Why and how to choose the right 2 fa method for ...

ConorGilsenan1

Service providers have a responsibility to provide two factor authentication (2FA) and help their users make informed decisions about which 2FA method(s) to enable. In this talk, I discuss the AWS Shared Responsibility Model and highlight that implementing 2FA follows a similar pattern. I dive into the details of the 4 most common methods of 2FA and explain the security and usability tradeoffs of each. I cover SMS, time-based one-time passwords (TOTP), push notifications, and Universal 2nd Factor (U2F). Audio and slides on YouTube: https://www.youtube.com/watch?v=ub7tU6ZLxAs

Tools are my servants. and I am the master - By Santhosh Tuppad

Santhosh Tuppad

I am always excited about the tools which can aid me in my mission. And that mission is, to inject my test idea and produce effective results. Since my school days, I have been using various tools/utilities/plugins/extensions to execute my idea. To me, it is not about the tool only but also the idea that comes first to the brain from a variety of thinking skills. For instance, if I do not know how to drive a sports utility vehicle skillfully, I cannot harness the power of the machine offered to me. You are going to join me in this workshop for these 3 reasons: Usage of tools to perform better testing Increase your productivity and invest more time in testing Just because you can In this tools demonstration, I will be focussing on a variety of aspects or ways in how a specific tool can be used in your testing activity. And remember that, a tool offers you more than what you think it can achieve if and only the fuel is the right one to feed the tool. And that fuel is your creative ideas. In my childhood days and adulthood, I have used tiny, teeny, and little tools or plugins to extract great results in my testing and achieving effective productivity. In short, tools are my slaves and I am a good master. The first and foremost idea is to have blueprint/architecture of what you want to achieve and then the tools or frameworks or piece of code is a matter of connecting the wires to power the building. Welcome to this lightning powerful tools demonstration workshop.

Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat

Santhosh Tuppad

Hacking is one of the areas which shall never stop until the software/hardware exists on this planet. Whatever is built can be compromised and its an order of nature. Some things will never change, but all we can do is protect ourselves from the majority of the attacks and also build solid secure layers around the software that we test. This helps in improving the privacy of our users and also protecting our businesses from the black-hat world. Alas! We have a massive skill shortage. Most white-hat hackers are script kiddies, toolsmith, checkers and someone who keeps running scanners only and then report them as vulnerabilities. Santhosh Tuppad's question is, if black-hat hackers also use scanners or checkers to hack something, then why is that we have not been able to successfully stop them as we are also using scanners to identify vulnerabilities? Do you get his point? Think. In this talk, Santhosh Tuppad is going to demonstrate the bad shape of software industry where security is not considered or taken seriously and how shallow or sloppy way of security testing is being done just for the namesake. Santhosh will not just be a pessimist, but also share his thoughts on how we can fix this problem of massive skill shortage and how one can foster their skills by upskilling themselves with characteristics of passion, self-educating, learning, digging deeper and more. Are you ready for a jaw-dropping session? You bet.

Similar to Web and mobile security workshop workbook v1 - by santhosh tuppad

Practical exploitation and social engineering

Tiago Henriques

Irresponsible Disclosure: Short Handbook of an Ethical Developer

Lemi Orhan Ergin

EngageMint 2022: How NOT to Engage

WebEngage

W make107Greg in SD

Breaking out of restricted RDP

Security BSides London

Can I Get Fired For Dating My Boss's Daughter?

damptableware701

Cyber security-awareness-for-social-media-users - Devsena Mishra

Devsena Mishra

Effective 2FA - Part 1: the technical stuff

ConorGilsenan1

Build World Class User Onboarding

Enzo Avigo

ISMS Awareness Training (2) (1).pptx

vasidharta

Fitsec-remote work and cyber security

AnnaVihersalo

Session 4 - Developing Open Source Software - The Lessons

Jonathan Field

Twitter for Real Estate

aussiehome.com

zaki_anwer_cryptography.pptx

Mewar University

Your users are humans and let's live our promise of securing them

Santhosh Tuppad

security procedures

offbeatnominee633

MichaelSoule-UsingJupyterNotebooks.pptx

AWS Chicago

IRC Guide by Offensive Security

Sami Brahmi

Owasp top 10 web application security hazards - Part 1

Abhinav Sejpal

Shared responsibility model: Why and how to choose the right 2 fa method for ...

ConorGilsenan1

Similar to Web and mobile security workshop workbook v1 - by santhosh tuppad (20)

Practical exploitation and social engineering

Irresponsible Disclosure: Short Handbook of an Ethical Developer

EngageMint 2022: How NOT to Engage

W make107

Breaking out of restricted RDP

Can I Get Fired For Dating My Boss's Daughter?

Cyber security-awareness-for-social-media-users - Devsena Mishra

Effective 2FA - Part 1: the technical stuff

Build World Class User Onboarding

ISMS Awareness Training (2) (1).pptx

Fitsec-remote work and cyber security

Session 4 - Developing Open Source Software - The Lessons

Twitter for Real Estate

zaki_anwer_cryptography.pptx

Your users are humans and let's live our promise of securing them

security procedures

MichaelSoule-UsingJupyterNotebooks.pptx

IRC Guide by Offensive Security

Owasp top 10 web application security hazards - Part 1

Shared responsibility model: Why and how to choose the right 2 fa method for ...

More from Santhosh Tuppad

Tools are my servants. and I am the master - By Santhosh Tuppad

Santhosh Tuppad

Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat

Santhosh Tuppad

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...

Santhosh Tuppad

Most of us have fear when we have spent so much of time in doing something and all of a sudden we are made to embrace a new change which could be in terms of technology. Recently, IoT, AI, ML and Automation have been great subjects and are made to be believed by testers as “Problem Solvers” for “Testing” problem which isn’t really true. They do add value, but let’s not compare them with testing because they are elements of testing while Testing still remains a profession which requires intelligence and is backed by Science. In this talk, Santhosh Tuppad will try to help the testers to kick-out the fear and embrace the new technologies and learn them by helping them to understand Mindset concept and built their mindset very well. He shall also speak about IoT Security Elements and then relate them to daily life and and current web / mobile hacking. In short, “Once a tester has a mindset of Security or Hacking, it’s much easier to embrace new technologies or domains or software as most of the ideas from web/mobile hacking or life are relevant. This talk relates very much too, Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime. ATTRIBUTION: Chinese proverb

The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad

Santhosh Tuppad

Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...

Santhosh Tuppad

Not many slides as most of the workshop had an exploratory style and also hands-on after few slides. The description of this workshop goes as follows (This was done for Agile Testing Days - Potsdam in 2017): Most of the people speak about security testing being one of the priorities, but most of the people do not do. My workshop will not make you great hacker on Day 1, but enable you to do security tests on your web and mobile apps and find security vulnerabilities. I am going to focus on Web Security Attacks.

Test ideas for Login / Authentication and Login Session

Santhosh Tuppad

Passion is a free spirit, only you can cage it.

Santhosh Tuppad

Passion can die and also can reincarnate. Only people who can cage it is people themselves. And they are the ones who can free their passion for being a free-spirit. Letting the passion be free can be done only through learning and continuous improvement (Kaizen in Japanese). This presentation was delivered at Beyond Passion meetup organized by Accesa company in Cluj-Napoca, Romania. Thanks to Diana Pomian and other organizers for providing me this opportunity.

Software Testing - Heuristics Cheat Sheet

Santhosh Tuppad

Santhosh tuppad romanian testing conference 2017 - keynote presentation

Santhosh Tuppad

I started my career in software testing as highly passionate and I was very aggressive in the things that I did. Well, the passion appeared to dwindle as the days passed and it was extremely boring for me and I did fear the consequences of letting go my passion. Nevertheless, I said this to myself — “When I started, I was highly passionate. And possibly, one of the reason was — “I did not know much and wanted to learn which was one of my highest priority in life”. And my journey of learning restarted from scratch and learning to do better testing. This experiential story is about my journey where passion wanted to leave me alone, but I convinced passion to stay and now I am so occupied with the learning everyday and thriving for excellence in the things that I do in software testing craft.

Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...

Santhosh Tuppad

Santhosh tuppad - A journey that is fascinating and will be more fascinating ...

Santhosh Tuppad

More from Santhosh Tuppad (11)

Tools are my servants. and I am the master - By Santhosh Tuppad

Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat

Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...

The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad

Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...

Test ideas for Login / Authentication and Login Session

Passion is a free spirit, only you can cage it.

Software Testing - Heuristics Cheat Sheet

Santhosh tuppad romanian testing conference 2017 - keynote presentation

Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...

Santhosh tuppad - A journey that is fascinating and will be more fascinating ...

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

20 Comprehensive Checklist of Designing and Developing a Website

Pixlogix Infotech

Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

Mind map of terminologies used in context of Generative AI

Kumud Singh

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

SOFTTECHHUB

As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

20 Comprehensive Checklist of Designing and Developing a Website

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Mind map of terminologies used in context of Generative AI

Microsoft - Power Platform_G.Aspiotis.pdf

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

UiPath Test Automation using UiPath Test Suite series, part 6

A tale of scale & speed: How the US Navy is enabling software delivery from l...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Introduction to CHERI technology - Cybersecurity

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

20240609 QFM020 Irresponsible AI Reading List May 2024

Climate Impact of Software Testing at Nordic Testing Days

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Essentials of Automations: The Art of Triggers and Actions in FME

Web and mobile security workshop workbook v1 - by santhosh tuppad

1. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD SECURITY - WORKSHOP WORKBOOK Twitter: https://twitter.com/santhoshst/ LinkedIn: https://www.linkedin.com/in/santhosh-tuppad-338b7412/ These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

2. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE01 → Your enemy resides in a different country and you want to spy on all his activities on his computer More context: // He connects to internet to check his email // He uses anti-virus that is a free edition // He is attracted to piracy and porn Write down your approach or your thoughts about gaining access to his every bit of data on his computer. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

3. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE02 → You want to know the IP address of a target and you need to know this without the knowledge of the target. More context: // Target is available on social media platform. That’s twitter. // Target likes freebies These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

4. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE03 → You need to get into a physical infrastructure of a multinational company. The company entrance has a security guard and if you bypass him through social engineering, you can accomplish your goal. What are your ideas to get through the security guard? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

5. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX01 → Your job is to help the customer with the 5 good security questions and 5 bad security questions. Please list down. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

6. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX02 → Identify the possible threats in your company. These can be notorious developers, rogue insiders, employees who hold grudge and so on. Also, list down reasons why you think they are threat to your company. Basically, identify threat agents or threat drivers. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

7. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX03 →→ Passive Reconnaissance →→ You have been assigned a task to gather information or do a passive recon for http://tuppad.com/ Gather information as much as you can and list down the highlights about your exploration. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

8. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX04 → Develop a functional design / algorithm for forgot password feature in web application. Your goal is to help the customer achieve secure enough forgot password feature. More context: // application type: food delivery / ecommerce // email address is used as a username These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

9. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX05 → What’s the best password according to you and why? apple@123 aaaaaa@0 RomaniaIsBeautiful ILoveClujOnMilkyWay 19199919 0989 These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

10. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX06 → Username enumeration attack → Which of the below error message is secure enough and why are others not good enough? Invalid username / password The username entered is incorrect. Please retry! Username and password are both incorrect. Try again! The password entered for username Santhosh is incorrect. (Wordpress way) Incorrect credentials These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

11. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX07 → Your task is to stop the bots from cracking the username and password in the login form. And also stop the human employed bots to stop manual brute-force attack. As a security consultant, what suggestions would you like to give in order to secure login form against brute force attacks? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

Web and mobile security workshop workbook v1 - by santhosh tuppad

Recommended

Recommended

More Related Content

Similar to Web and mobile security workshop workbook v1 - by santhosh tuppad

Similar to Web and mobile security workshop workbook v1 - by santhosh tuppad (20)

More from Santhosh Tuppad

More from Santhosh Tuppad (11)

Recently uploaded

Recently uploaded (20)

Web and mobile security workshop workbook v1 - by santhosh tuppad