Safe-guard - Featured TestSphere Card

(Beren) #1

One hundred cards. One hundred Test-related concepts.
Here on the club, we’ll feature a card from the TestSphere deck for people to write their stories about every month.

I challenge you:
Take a few minutes to think about your experiences with the featured card.

What bugs have you found that are related? Which ones have you missed?
How have you tackled testing for this concept?
What made it difficult or more easy?
What have you learned? What can others learn from your experience?

Take one of those experiences and put it to prose.
Telling your stories is as valuable to yourself as it is to others.

My Safe-guard story is about once installing a key-logger as a teenager to steal a password from friend who had Admin access rights on the local Private server of World of Warcraft which we shared with other friends from school.
Once successful, I was able to log in with his account and play around being god myself.
The trick at that time was to grant my own character subtle extra powers so as to be slightly stronger than everyone else without obviously being too overpowered.
I was able to do everything I wanted, but since I kept my exploits low key I was able to keep doing this until I eventually fessed up.

I may not be proud of stealing a password from a friend and then exploiting his account. But I did learn some SQL, keylogger, monitoring tools and explored my “evil exploiter mindset”.
Don’t worry. My friend and I worked it out.

What’s your story?

(Christian) #2

more of an anecdote (or facepalm if you want), but I was once denied using the OWASP ZED proxy because it didn’t comply with the company security guidelines “sorry, we can’t let you do security testing because of security reasons.”