Insight into Software Security – Workshop

In Pakistan, testers meetup happen rarely and if it happens, it must be appreciated. Stella Technology organized workshop named as ‘Insight into Software Security’ last Saturday i.e. Sep 23, 2017 in their Islamabad office. Main objective of workshop was to provide testers community a space to share knowledge about Software Security.

Though workshop started 20 min late due to participants being late, however it was a time bound workshop so organizers executed the plan efficiently.

Session about web application testing - Testers meetup Islamabd

Workshop started with an interactive session of Mr. Amir Shahzad, QA Manager – Stella Technology who talked about Web application security testing. He discussed various vulnerabilities in detail that can affect web applications security, causes and precautions to avoid security issues. He also talked about areas which can be covered in security testing of web applications. Most importantly, he talked about identification of these vulnerabilities using add ons, tools and vulnerability scanners. He also gave chocolates to participants who were answering his questions which increased audience particpation.

Introduction to ZAP tool - Testers meetup Islamabad

Mr. Hassan Farooq, Test Automation Engineer at Stella Technology was second speaker of the day. He gave an introduction and configuration demo of OWASP ZAP (Zed Attack Proxy) tool. ZAP is an open source security testing tool developed by OWASP (Open Source Web Application Security Project) – an online community. This tool can be used for security scanning of web applications. ZAP tool provides users not only diverse data set but also gives option to create customized data set and use it for security scan. Live demonstration of the tool made the session interesting.

Reverse engineering and APK Tool - Testers meetup Islamabad

Next speaker to take on the stage was Mr. Abdul Hannan, another zealous QA Automation Engineer. He talked about security testing of android application and gave a live demonstration of APK tool – a tool for reverse engineering 3rd party, closed, binary Android apps. He also extracted code through APK file using APK tool. Here it is important to mention that he used a test APK file to perform these operations. Remember, if a tester uses any APK file to test it on APK tool, s/ he must take consent of the owner. Not to mention, the excitement all participants had to experience the reverse engineering concept. He also discussed the security gaps in code and precautionary measures and solutions to these security problems.

SKIPFISH & its benefits – This was the topic of session of Mr. Muhammad Zia. SKIPFISH is an active web application security reconnaissance tool that carries out recursive crawl and dictionary based probes in a way. This results a site map that provides security results at different check points. He specifically discussed usage of this tool.

Security testing, Testers meetup Islamabad

In the last, Country Manager of Stella Technology, Mr. Shafik Baloch gave final talk about growth of testers in IT industry over the years. He talked about his team’s vision for QA Automation and its importance. Participants congratulated him and his team for successful testers meetup which provided testers a platform to share knowledge.

Refreshments were served which was a networking time for all participants as well. It was great to meet some IIUI students who aspire to be testers. I also met few old colleagues and like always, it was fun to meet them. Yes, getting up early on a saturday morning was worth it.

Here, I would like to thank my organization, Naxxa Consulting for sponsoring our team for the workshop.

Have you attended any testers meetup? How can make these meetups more effective? Do share your thoughts in comments.

You can find more post about tech here.

Advertisements

6 thoughts on “Insight into Software Security – Workshop

  1. Pingback: Software Security workshop happened in Islamabad | Knowledge Tester

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s