Ask Me Anything: Security Testing

TestSphere wasn’t around when Dan got into security testing but it was recommended tonight as a good place to start. He’s even used it in some workshops!

Dan talked about input fields and potential places for security risks which reminded me of these posts: How to Test a Text Field & How to test error messages.

https://www.owasp.org/index.php/Buffer_Overflow

For basic learning:
https://www.owasp.org/index.php/Main_Page

People:
https://twitter.com/Bill_Matthews
https://twitter.com/santhoshst
https://twitter.com/Scott_Helme
https://twitter.com/JayHarris_Sec
https://twitter.com/QualityFrog
https://twitter.com/quizzicaljosh
https://twitter.com/troyhunt

Conferences:
https://2018.appsec.eu/
http://www.securitybsides.com/w/page/12194156/FrontPage
https://www.defcon.org/

As starting points for your testing ideas
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Have some evil user personas Setting up and using testing personas.

Safe sites to practice testing on (includes security testing safe places)

Tools


https://www.kali.org/

1 Like