SlideShare ist ein Scribd-Unternehmen logo

Web and mobile security workshop workbook v1 - by santhosh tuppad

Santhosh Tuppad
Santhosh Tuppad

The document consists of various exercises that also includes Social Engineering. These exercises will help you trigger the ideas in your brain and also use the power of imagination to get better at Security.

Technologie
1 von 11
Downloaden Sie, um offline zu lesen
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD SECURITY - WORKSHOP WORKBOOK Twitter: ​https://twitter.com/santhoshst/ LinkedIn: ​https://www.linkedin.com/in/santhosh-tuppad-338b7412/ These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE01​​ → Your enemy resides in a different country and you want to spy on all his activities on his computer More context: // He connects to internet to check his email // He uses anti-virus that is a free edition // He is attracted to piracy and porn Write down your approach or your thoughts about gaining access to his every bit of data on his computer. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE02 → You want to know the IP address of a target and you need to know this without the knowledge of the target. More context: // Target is available on social media platform. That’s twitter. // Target likes freebies These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE03 ​​→ You need to get into a physical infrastructure of a multinational company. The company entrance has a security guard and if you bypass him through social engineering, you can accomplish your goal. What are your ideas to get through the security guard? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX01​​ → Your job is to help the customer with the 5 good security questions and 5 bad security questions. Please list down. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX02​​ → Identify the possible threats in your company. These can be notorious developers, rogue insiders, employees who hold grudge and so on. Also, list down reasons why you think they are threat to your company. Basically, identify ​threat agents or threat drivers​​. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX03 →→ Passive Reconnaissance →→ ​​You have been assigned a task to gather information or do a passive recon for ​http://tuppad.com/ Gather information as much as you can and list down the highlights about your exploration. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX04​​ → Develop a functional design / algorithm for ​forgot password​​ feature in web application. Your goal is to help the customer achieve secure enough forgot password feature. More context: // application type: food delivery / ecommerce // email address is used as a username These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX05​​ → What’s the best password according to you and why? apple@123 aaaaaa@0 RomaniaIsBeautiful ILoveClujOnMilkyWay 19199919 0989 These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX06​​ → Username enumeration attack → Which of the below error message is secure enough and why are others not good enough? Invalid username / password The username entered is incorrect. Please retry! Username and password are both incorrect. Try again! The password entered for username Santhosh is incorrect. (Wordpress way) Incorrect credentials These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX07​​ → Your task is to stop the bots from cracking the username and password in the login form. And also stop the human employed bots to stop manual brute-force attack. As a security consultant, what suggestions would you like to give in order to secure login form against brute force attacks? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

Empfohlen

Mission # 3
Mission # 3Mission # 3
Mission # 3Linda Griego
 
MODIFYING WHATSAPP MESSAGES FOR DUMMIES
MODIFYING WHATSAPP MESSAGES FOR DUMMIESMODIFYING WHATSAPP MESSAGES FOR DUMMIES
MODIFYING WHATSAPP MESSAGES FOR DUMMIESINCIDE
 
Use Salesforce or not use it
Use Salesforce or not use itUse Salesforce or not use it
Use Salesforce or not use itDasol Group
 
How to Make Phishing Simulations Effective in Your Organization.pdf
How to Make Phishing Simulations Effective in Your Organization.pdfHow to Make Phishing Simulations Effective in Your Organization.pdf
How to Make Phishing Simulations Effective in Your Organization.pdfinfosec train
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
Level Up - A Career in Security
Level Up - A Career in SecurityLevel Up - A Career in Security
Level Up - A Career in SecurityGabriel Mathenge
 
Penntech IT Solutions and cyber security
Penntech IT Solutions and cyber security Penntech IT Solutions and cyber security
Penntech IT Solutions and cyber security Penntech IT Solutions
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 

Empfohlen

Mission # 3
Mission # 3Mission # 3
Mission # 3Linda Griego
 
MODIFYING WHATSAPP MESSAGES FOR DUMMIES
MODIFYING WHATSAPP MESSAGES FOR DUMMIESMODIFYING WHATSAPP MESSAGES FOR DUMMIES
MODIFYING WHATSAPP MESSAGES FOR DUMMIESINCIDE
 
Use Salesforce or not use it
Use Salesforce or not use itUse Salesforce or not use it
Use Salesforce or not use itDasol Group
 
How to Make Phishing Simulations Effective in Your Organization.pdf
How to Make Phishing Simulations Effective in Your Organization.pdfHow to Make Phishing Simulations Effective in Your Organization.pdf
How to Make Phishing Simulations Effective in Your Organization.pdfinfosec train
 
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...
ExpoQA 2018 - Why software security has gotten worse? And what can we do abou...Santhosh Tuppad
 
Level Up - A Career in Security
Level Up - A Career in SecurityLevel Up - A Career in Security
Level Up - A Career in SecurityGabriel Mathenge
 
Penntech IT Solutions and cyber security
Penntech IT Solutions and cyber security Penntech IT Solutions and cyber security
Penntech IT Solutions and cyber security Penntech IT Solutions
 
DMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksDMA - Stupid Cyber Criminal Tricks
DMA - Stupid Cyber Criminal TricksCiNPA Security SIG
 
Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperLemi Orhan Ergin
 
EngageMint 2022: How NOT to Engage
EngageMint 2022: How NOT to EngageEngageMint 2022: How NOT to Engage
EngageMint 2022: How NOT to EngageWebEngage
 
W make107
W make107W make107
W make107Greg in SD
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDPSecurity BSides London
 
Can I Get Fired For Dating My Boss's Daughter? 
Can I Get Fired For Dating My Boss's Daughter? Can I Get Fired For Dating My Boss's Daughter? 
Can I Get Fired For Dating My Boss's Daughter? damptableware701
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraDevsena Mishra
 
Effective 2FA - Part 1: the technical stuff
Effective 2FA - Part 1: the technical stuffEffective 2FA - Part 1: the technical stuff
Effective 2FA - Part 1: the technical stuffConorGilsenan1
 
Build World Class User Onboarding
Build World Class User OnboardingBuild World Class User Onboarding
Build World Class User OnboardingEnzo Avigo
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Fitsec-remote work and cyber security
Fitsec-remote work and cyber securityFitsec-remote work and cyber security
Fitsec-remote work and cyber securityAnnaVihersalo
 
Session 4 - Developing Open Source Software - The Lessons
Session 4 - Developing Open Source Software - The LessonsSession 4 - Developing Open Source Software - The Lessons
Session 4 - Developing Open Source Software - The LessonsJonathan Field
 
Twitter for Real Estate
Twitter for Real EstateTwitter for Real Estate
Twitter for Real Estateaussiehome.com
 
zaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxzaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxMewar University
 
Your users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themYour users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themSanthosh Tuppad
 
security procedures
security procedures security procedures
security procedures offbeatnominee633
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxAWS Chicago
 
IRC Guide by Offensive Security
IRC Guide by Offensive SecurityIRC Guide by Offensive Security
IRC Guide by Offensive SecuritySami Brahmi
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Shared responsibility model: Why and how to choose the right 2 fa method for ...
Shared responsibility model: Why and how to choose the right 2 fa method for ...Shared responsibility model: Why and how to choose the right 2 fa method for ...
Shared responsibility model: Why and how to choose the right 2 fa method for ...ConorGilsenan1
 
Tools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadTools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadSanthosh Tuppad
 
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatHacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatSanthosh Tuppad
 

Weitere ähnliche Inhalte

Ähnlich wie Web and mobile security workshop workbook v1 - by santhosh tuppad

Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineeringTiago Henriques
 
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperLemi Orhan Ergin
 
EngageMint 2022: How NOT to Engage
EngageMint 2022: How NOT to EngageEngageMint 2022: How NOT to Engage
EngageMint 2022: How NOT to EngageWebEngage
 
Can I Get Fired For Dating My Boss's Daughter? 
Can I Get Fired For Dating My Boss's Daughter? Can I Get Fired For Dating My Boss's Daughter? 
Can I Get Fired For Dating My Boss's Daughter? damptableware701
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraDevsena Mishra
 
Effective 2FA - Part 1: the technical stuff
Effective 2FA - Part 1: the technical stuffEffective 2FA - Part 1: the technical stuff
Effective 2FA - Part 1: the technical stuffConorGilsenan1
 
Build World Class User Onboarding
Build World Class User OnboardingBuild World Class User Onboarding
Build World Class User OnboardingEnzo Avigo
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxvasidharta
 
Fitsec-remote work and cyber security
Fitsec-remote work and cyber securityFitsec-remote work and cyber security
Fitsec-remote work and cyber securityAnnaVihersalo
 
Session 4 - Developing Open Source Software - The Lessons
Session 4 - Developing Open Source Software - The LessonsSession 4 - Developing Open Source Software - The Lessons
Session 4 - Developing Open Source Software - The LessonsJonathan Field
 
Twitter for Real Estate
Twitter for Real EstateTwitter for Real Estate
Twitter for Real Estateaussiehome.com
 
zaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxzaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxMewar University
 
Your users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themYour users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themSanthosh Tuppad
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxAWS Chicago
 
IRC Guide by Offensive Security
IRC Guide by Offensive SecurityIRC Guide by Offensive Security
IRC Guide by Offensive SecuritySami Brahmi
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Shared responsibility model: Why and how to choose the right 2 fa method for ...
Shared responsibility model: Why and how to choose the right 2 fa method for ...Shared responsibility model: Why and how to choose the right 2 fa method for ...
Shared responsibility model: Why and how to choose the right 2 fa method for ...ConorGilsenan1
 

Ähnlich wie Web and mobile security workshop workbook v1 - by santhosh tuppad (20)

Practical exploitation and social engineering
Practical exploitation and social engineeringPractical exploitation and social engineering
Practical exploitation and social engineering
 
Irresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical DeveloperIrresponsible Disclosure: Short Handbook of an Ethical Developer
Irresponsible Disclosure: Short Handbook of an Ethical Developer
 
EngageMint 2022: How NOT to Engage
EngageMint 2022: How NOT to EngageEngageMint 2022: How NOT to Engage
EngageMint 2022: How NOT to Engage
 
W make107
W make107W make107
W make107
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDP
 
Can I Get Fired For Dating My Boss's Daughter? 
Can I Get Fired For Dating My Boss's Daughter? Can I Get Fired For Dating My Boss's Daughter? 
Can I Get Fired For Dating My Boss's Daughter? 
 
Cyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena MishraCyber security-awareness-for-social-media-users - Devsena Mishra
Cyber security-awareness-for-social-media-users - Devsena Mishra
 
Effective 2FA - Part 1: the technical stuff
Effective 2FA - Part 1: the technical stuffEffective 2FA - Part 1: the technical stuff
Effective 2FA - Part 1: the technical stuff
 
Build World Class User Onboarding
Build World Class User OnboardingBuild World Class User Onboarding
Build World Class User Onboarding
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
Fitsec-remote work and cyber security
Fitsec-remote work and cyber securityFitsec-remote work and cyber security
Fitsec-remote work and cyber security
 
Session 4 - Developing Open Source Software - The Lessons
Session 4 - Developing Open Source Software - The LessonsSession 4 - Developing Open Source Software - The Lessons
Session 4 - Developing Open Source Software - The Lessons
 
Twitter for Real Estate
Twitter for Real EstateTwitter for Real Estate
Twitter for Real Estate
 
zaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptxzaki_anwer_cryptography.pptx
zaki_anwer_cryptography.pptx
 
Your users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing themYour users are humans and let's live our promise of securing them
Your users are humans and let's live our promise of securing them
 
security procedures
security procedures security procedures
security procedures
 
MichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptxMichaelSoule-UsingJupyterNotebooks.pptx
MichaelSoule-UsingJupyterNotebooks.pptx
 
IRC Guide by Offensive Security
IRC Guide by Offensive SecurityIRC Guide by Offensive Security
IRC Guide by Offensive Security
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1
 
Shared responsibility model: Why and how to choose the right 2 fa method for ...
Shared responsibility model: Why and how to choose the right 2 fa method for ...Shared responsibility model: Why and how to choose the right 2 fa method for ...
Shared responsibility model: Why and how to choose the right 2 fa method for ...
 

Mehr von Santhosh Tuppad

Tools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadTools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadSanthosh Tuppad
 
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatHacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatSanthosh Tuppad
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Santhosh Tuppad
 
The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadThe BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadSanthosh Tuppad
 
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Santhosh Tuppad
 
Test ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login SessionTest ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login SessionSanthosh Tuppad
 
Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.Santhosh Tuppad
 
Software Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat SheetSoftware Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat SheetSanthosh Tuppad
 
Santhosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh Tuppad
 
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...Santhosh Tuppad
 
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh Tuppad
 

Mehr von Santhosh Tuppad (11)

Tools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh TuppadTools are my servants. and I am the master - By Santhosh Tuppad
Tools are my servants. and I am the master - By Santhosh Tuppad
 
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-HatHacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
 
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
Testing IoT Security shouldn't fear you if you have got a hacker mindset - By...
 
The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh TuppadThe BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
The BUZZ Word - Entrepreneur. A Perspective of Santhosh Tuppad
 
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
Agile Testing Days Tutorial (Germany) 2017 - Web and Mobile Security Testing...
 
Test ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login SessionTest ideas for Login / Authentication and Login Session
Test ideas for Login / Authentication and Login Session
 
Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.Passion is a free spirit, only you can cage it.
Passion is a free spirit, only you can cage it.
 
Software Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat SheetSoftware Testing - Heuristics Cheat Sheet
Software Testing - Heuristics Cheat Sheet
 
Santhosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentationSanthosh tuppad romanian testing conference 2017 - keynote presentation
Santhosh tuppad romanian testing conference 2017 - keynote presentation
 
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
Santhosh Tuppad - Profile - Entrepreneur - Software Tester - Ethical Hacker -...
 
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
Santhosh tuppad - A journey that is fascinating and will be more fascinating ...
 

Kürzlich hochgeladen

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Kürzlich hochgeladen (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Web and mobile security workshop workbook v1 - by santhosh tuppad

  • 1. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD SECURITY - WORKSHOP WORKBOOK Twitter: ​https://twitter.com/santhoshst/ LinkedIn: ​https://www.linkedin.com/in/santhosh-tuppad-338b7412/ These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 2. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE01​​ → Your enemy resides in a different country and you want to spy on all his activities on his computer More context: // He connects to internet to check his email // He uses anti-virus that is a free edition // He is attracted to piracy and porn Write down your approach or your thoughts about gaining access to his every bit of data on his computer. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 3. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE02 → You want to know the IP address of a target and you need to know this without the knowledge of the target. More context: // Target is available on social media platform. That’s twitter. // Target likes freebies These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 4. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE03 ​​→ You need to get into a physical infrastructure of a multinational company. The company entrance has a security guard and if you bypass him through social engineering, you can accomplish your goal. What are your ideas to get through the security guard? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 5. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX01​​ → Your job is to help the customer with the 5 good security questions and 5 bad security questions. Please list down. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 6. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX02​​ → Identify the possible threats in your company. These can be notorious developers, rogue insiders, employees who hold grudge and so on. Also, list down reasons why you think they are threat to your company. Basically, identify ​threat agents or threat drivers​​. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 7. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX03 →→ Passive Reconnaissance →→ ​​You have been assigned a task to gather information or do a passive recon for ​http://tuppad.com/ Gather information as much as you can and list down the highlights about your exploration. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 8. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX04​​ → Develop a functional design / algorithm for ​forgot password​​ feature in web application. Your goal is to help the customer achieve secure enough forgot password feature. More context: // application type: food delivery / ecommerce // email address is used as a username These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 9. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX05​​ → What’s the best password according to you and why? apple@123 aaaaaa@0 RomaniaIsBeautiful ILoveClujOnMilkyWay 19199919 0989 These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 10. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX06​​ → Username enumeration attack → Which of the below error message is secure enough and why are others not good enough? Invalid username / password The username entered is incorrect. Please retry! Username and password are both incorrect. Try again! The password entered for username Santhosh is incorrect. (Wordpress way) Incorrect credentials These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  • 11. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX07​​ → Your task is to stop the bots from cracking the username and password in the login form. And also stop the human employed bots to stop manual brute-force attack. As a security consultant, what suggestions would you like to give in order to secure login form against brute force attacks? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.