Nuts and Bolts of Security Testing
What is Security Testing?
The Security Testing in the very basic form is nothing more than what the dictionary quotes. It is neither small & niche area nor beyond Testers reach. The current post is intended to reveal all the popular Security Testing practices.
Where to find Security Testers? How to be one?
Everywhere, including the world class security companies, volunteers, and the Organizations who are incorporating Security into their products.
The only differentiating factor is that the Security Tester needs to have a little more than just winding up job during 9 to 6. The vary essence of Security Testing is so addictive that once you start opening the doors(which takes a significant effort), you will never leave it regardless of whether you are doing as a part of your job or as a hobby.
Why do Virus’es Occur/Who Creates the Virus’es
Who Will shave the barber, is the answer that surfaced when someone asked me the question? For me, here is how it started –
Two decades back, I once ran into issues when my computer started behaving strangely and I requested a friend to help. He purchased a software (accompanied with a boot disk) and could successfully clean the system. Later while handling over the software to me, he cautioned me to either –
1. Uninstall the software before the expiry date or
2. Extend the subscription well before the expiry date
The events that succeeded were shocking and scary.
Yes, I neither un-installed nor extended the subscription. The result, “the anti virus software started infecting the system after propagating/releasing virus’es”. That was the first shock of my life, a trait that continues to expand on the other areas as well.
A background – my flirtations with Internet Security
Well, before diving deep, it is important to share where I am coming from and what is the intention of the current post. I have been associated with the IT Industry from over past 15 years where security was never exclusively a part of my job. Yes, I was involved in working with my friends and colleagues where I managed to make 3 releases of McAfee Group Shield for Exchange. The product was number 1 in the market place, with no competitor even close to them. There were extremely professional professionals, Tools, and Technologies supporting us and there was no question of anything non – professional.
Now – Lately I got involved in 4 activities in succession and all of them were related to Internet Security. The most interesting turned out to be a book on Hacking, where my involvement was limited to research and content as a SME. During this time, I encountered facts that would make shivers run down my spine and I do look forward to share the lessons learnt. I will not be able to share the actual piece/content since it is copyright of the Publisher, who sponsored the project. But I will be using alternative examples to support what I learnt. I also look forward to host a lessons learnt event around a quarter down the line. In case anyone wants any specific question to be addressed, any challenge to be addressed, any account to be cracked etc., please send the details over to me at – firstname.lastname@example.org.
Although, the request should be in and around the areas that were covered in the project. Refer to a high level list of Topics below –
Types of Hackers Skill vs Intent –
The 7 layers of Network – The barebones and the gaps!
Hacking Windows – Why always Windows
Cracking Windows Passwords Using Ophcrack –
Using Google Tools to Hack
Using Google Search Engine to hack
Using Microsoft Bing Search Engine to Hack
Using DuckDuckGo to Hack
Getting Nastier – Finding web to see what’s being tried to hack
Sony’s example –
Hacking Windows Passwords
Hacking the World Wide Web
Using Cross Site Scripting
Using Penetration Testing
Staying Safe – Importance and Measures
Kali Linux –
Using Firefox Plugins –
Live Headers – automating/playing with the traffic
Tamper data – playing and tampering the network traffic
Other Tricks and Possibilities –
1. Creating 1000 Hotmail accounts – in one click
2. Scaling up real world network Traffic gracefully – using 3 steps
3. Sending mail from Bill Gates email@example.com
4. Getting 10000 facebook likes
Chapter – The Road Ahead
Ethics and Law Enforcement
Fate of Whistle Blowers
What can be done for a safer environment?
35 Recommend Tests to make Web a Safer Web Experience