March #MidsTest: “The dark side of web”

Our guest for March edition of #MidsTest was Santhosh Tuppad. This time, the meetup was a slightly delayed affair given our guest speaker’s availability after TestBash 2017. Santhosh and his team at TestInsane very generously gave us our logo (its’ now on the home page) and provided us with a poster for his talk too!

After an anxious time waiting to hear from Santhosh about his travel plans, we heard late on the eve of the meetup that he would indeed be present at the meetup! With a slight anxiety of whether he will make it and with no “Plan B”, we set about faithfully making arrangements for the meetup; Given the tremendous interest in the session, the attendance appeared to inch to our highest participation levels risking overcrowding in our regular meetup area. Ramada Solihull very kindly moved us to a much bigger space – the Courtyard Suite – generally suitable for much bigger occasions that our meetup;

It was pleasantly surprising to meet Santhosh for the first time – without is almost trademarked beard! Matt Drinkwater, our sponsor from Woodrow Mercer had most graciously set up a tab at the bar so while the testers gathered and refreshed themselves, Raji and Ranjit got time to introduce themselves to Santhosh, Tracey and welcome other attendees and arrange for a little something for Santhosh.

Santhosh’s high level of energy, enthusiasm and zeal was evident when he jumped straight into plugging his laptop to the projector, raring to go – this is generally where we have our slides up, we convey our agenda, introduce our speaker etc – but this time, we were more than happy to have Santhosh take it away!

We, of course, had to do a little bit of our job of introductions etc – which was left to the defacto face of our meetup – Raji. With formalities completed, the stage was all Santhosh’s.

Santhosh began with his journey into the testing world – from his hacking as a 12 yo to being a co-founder at Moolya to a startup owner at TestInsane.

He then jumped straight into demonstrating hacking; all live – exposing how low the awareness was amongst organisations with regards to securing their (and their client’s) data. Attendees were left shocked and horrified to see how easy it was for any hacker to get access to private data and exploit the vulnerabilities for financial gain; One such demo of showing a screen grab video of hacking he did before showed how a malicious hacker could syphon off money from companies.

Santhosh, while demo’ing the vulnerabilities kept the audience informed not only what a hacker might look for, but also as a responsible tester/authority what to ensure that might help reduce/avoid such attacks and the tools that could help – one such example was port scanning using nmap and what ideal states of these should be.

Next came the demo of some of the tools – nmap, Mantra browser – and its many many addons and perhaps his favourite – BurpSuite. Santhosh spent some time demonstrating the use of BurpSuite and related tools that allowed tester find (sensitive) information. There was a slight feel of the talk diverting into a tool/product demo but given the topic, it remained a relevant segment of Santhosh’s talk that made tester aware and equipped them with the right toolset.

The audience then got to engage with Santhosh over the ‘crack the password exercise’ before moving onto the mobile vulnerabilities and how there are tools out there to reverse engineer the Android APK files and allow code to reveal vulnerabilities.

The number of tips, tricks, websites, tools and techniques that Santhosh covered while talking came at an astonishing speed; and whilst Ranjit was jotting things down for a retrospective writeup, he could barely keep up! In fact, there is probably more out there on TestInsane website – especially within the mindmaps area than we could have jotted down – so feel free to browse the area, if you don’t already know it!

Such was the involvement and passion with which Santhosh was keeping the attendees engaged, it was only fair for us to allow him to go beyond the hour we had; We regrettably had to interrupt as the food had been served for the attendees; Santhosh made himself available to attendees, answering their questions, giving them tips, suggestions and pointers;

A quick and informal survey of the attendees revealed this to be the best session #MidsTest had organised so far with quite a few requesting half-day / full day (paid) workshops to be conducted as a part of #MidsTest.

It was a further few hours of varied and interesting conversations before the hosts got to say goodbye to our guests for the evening – a truly thought-provoking, highly informative and eye-opening sessions we’ve had the privilege to host.

Santhosh has been kind enough to say a few good things about the meetup, the hosts and the attendees too!

Santhosh has also put up a summary write-up of his own here.

Some pictures of the event are below:

.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s