In Pakistan, testers meetup happen rarely and if it happens, it must be appreciated. Stella Technology organized workshop named as ‘Insight into Software Security’ last Saturday i.e. Sep 23, 2017 in their Islamabad office. Main objective of workshop was to provide testers community a space to share knowledge about Software Security.
Though workshop started 20 min late due to participants being late, however it was a time bound workshop so organizers executed the plan efficiently.
Workshop started with an interactive session of Mr. Amir Shahzad, QA Manager – Stella Technology who talked about Web application security testing. He discussed various vulnerabilities in detail that can affect web applications security, causes and precautions to avoid security issues. He also talked about areas which can be covered in security testing of web applications. Most importantly, he talked about identification of these vulnerabilities using add ons, tools and vulnerability scanners. He also gave chocolates to participants who were answering his questions which increased audience particpation.
Mr. Hassan Farooq, Test Automation Engineer at Stella Technology was second speaker of the day. He gave an introduction and configuration demo of OWASP ZAP (Zed Attack Proxy) tool. ZAP is an open source security testing tool developed by OWASP (Open Source Web Application Security Project) – an online community. This tool can be used for security scanning of web applications. ZAP tool provides users not only diverse data set but also gives option to create customized data set and use it for security scan. Live demonstration of the tool made the session interesting.
Next speaker to take on the stage was Mr. Abdul Hannan, another zealous QA Automation Engineer. He talked about security testing of android application and gave a live demonstration of APK tool – a tool for reverse engineering 3rd party, closed, binary Android apps. He also extracted code through APK file using APK tool. Here it is important to mention that he used a test APK file to perform these operations. Remember, if a tester uses any APK file to test it on APK tool, s/ he must take consent of the owner. Not to mention, the excitement all participants had to experience the reverse engineering concept. He also discussed the security gaps in code and precautionary measures and solutions to these security problems.
SKIPFISH & its benefits – This was the topic of session of Mr. Muhammad Zia. SKIPFISH is an active web application security reconnaissance tool that carries out recursive crawl and dictionary based probes in a way. This results a site map that provides security results at different check points. He specifically discussed usage of this tool.
In the last, Country Manager of Stella Technology, Mr. Shafik Baloch gave final talk about growth of testers in IT industry over the years. He talked about his team’s vision for QA Automation and its importance. Participants congratulated him and his team for successful testers meetup which provided testers a platform to share knowledge.
Refreshments were served which was a networking time for all participants as well. It was great to meet some IIUI students who aspire to be testers. I also met few old colleagues and like always, it was fun to meet them. Yes, getting up early on a saturday morning was worth it.
Here, I would like to thank my organization, Naxxa Consulting for sponsoring our team for the workshop.
Have you attended any testers meetup? How can make these meetups more effective? Do share your thoughts in comments.
You can find more post about tech here.