Take a look at what Santhosh Tuppad has to say about his workshop
Did you ever wanted to hack the applications that you are testing? Did you ever wanted to start testing for security right away? If the answer is “Yes” then this workshop is definitely for you. I, being a hacker since 16 believe in hands-on training rather than just showing some slides with definitions and flow diagrams however; I will not be excluding the slides but use them in a minimal fashion. So, to summarize it would be a workshop where we say, “Let the hacking begin”. I would relate the security aspects to different things which would help you in understanding the concepts better way where you could visualize. I would be calling the volunteers to take part in various exercises. We are going to have loads of fun and exciting hacking stuff. Without much ado, here are the contents for this workshop.
1. Introduction about Security Testing & Hacking
- What hacking is and what hacking is not?
- White hat, Black hat, Gray hat, Script Kiddies
- Hackers and what they could potentially do
- Cases of hacking that has caused huge loss (Case Studies)
- Why knowing tools doesn’t really mean you are hacker
- Security testing and hacking – are they different?
- How you should advice your customers about security
- Laws related to hacking and how you should be aware of the laws before you test / hack
2. Talking about Physical Security and Software Security
- Social Engineering attacks can be very bad
- Cheat Sheets
- Things to keep in mind with respect to Physical Security
3. Web Application Security
- How secure is the web?
- How functionally correct software is fundamentally incorrect on security?
- Developing Bug Advocacy Skills to help others understand about risk
4. Desktop Application Security
- Hacking licenses and extending the licenses
- Data theft using malware / trojan embedded into the software
5. Tools / Add-ons / Utilities to aid for security testing
- Mantra browser
- Tamper Data, Cookie Manager, Hackbar and more
- And more
6. Hands-on training
- Exercises on SQL injection
- Exercise on Cross site scripting
- Exercise on Tampering Data
- Exercise on Brute Force and Dictionary Attack
- Exercise on Social Engineering Attacks
- Exercise on Bug Advocacy for Security Bugs
- And more
7. Question and Answers with Discussion
Testers, Developers and Students who want to learn “How to test software for Security?”
Note for Participants
I insist participants to bring their laptop with them to facilitate learning. Most of the time will be used for hands-on exercises and not having laptop would just look like theory and you might miss out the fun of not really experiencing “Hacking or Security Testing”.
If you do not have a laptop then you can pair up with another participant who has got a laptop.
One more cool news for participants is: Even after the workshop you can get in touch with me for any help regarding security testing either through chatting or e-mail communication.
Register for the workshop
Limited seats only!
About Santhosh Tuppad:
Santhosh Tuppad is known for his testing skills and winning many testing competitions across the world. He is an avid testing blogger and a testing enthusiast. Security, Usability, UX and Web Accessibility testing are his core strengths. He has published his articles in testing magazines – a few of those being Testing Circus, STP Pro and Logigear. He has also conducted Security testing workshop for one of his clients. While many youngsters at his age were thinking about job security, Santhosh was game to start his own testing services company http://moolya.com. Santhosh blogs at http://tuppad.com/blog/ and tweets at @santhoshst.