Security Testing Tips: Enhancing your security testing skills

Security Testing Tips
Security Testing Tips

Often, to most of the security testers, it is very easy to feel that they have been expert now and can find bugs in the application. However, there is so much to learn in security testing and it is an endless journey. It is important for security testers to be aware of such journey in order to enhance their skills and perform better at work or their passion.

Deep dive for learning more
If you have been web application tester, it will not be wrong to say I am sure that you would do XSS, SQL injection, Re-direction attacks and others in OWASP Top 10 attacks. You have been doing this for ages and this is the time to move on. So, deep dive into other aspects of learning security testing which could be packet level analysis, desktop security, WireShark data analysis, disassemblers, understanding the code.

Subscribe to security testing groups
We know what other people up-to be only when we mingle with them or be connected with such worlds. There are many credible groups where people share the information of trending topics, news and lot more. You could subscribe via e-mails too. However, in my personal experience I have seen some of the groups not welcoming other person’s opinion; I am referring to something where people have formed their group internally and have superior feeling which is not good. Be careful about how you choose the groups.

Learn to write code
There might be an idea with you and you need some program to be developed in order to help you to execute that idea. By learning to write code, you could get additional powers to write your programs and use the same in your security testing activity. Power to you! If you ask for my suggestion, then I would say; “Python Programming Language” would be a better choice to start writing the code. Note that it would be easy to give up learning to code, but if you hold on to it and have the hope that you will make it; then you are going to be there. Consistent practice is what you need and you got to develop love for Python (Not the snake, but programming language). And last but not least, python programming language is a good choice for writing programs which help in security testing of web applications. Or else, do your own research and pick a programming language of your choice.

Get involved in community
I personally have attended local meet-up(s) in Bengaluru (India) and some conferences in different places including Delhi (India) Ground Zero Summit. I have seen two types of people here, in local meet-up; there were people who did not value or encourage the new members. They always had their own group and looked like, why the hell are you inviting other people when you do not want to talk to them or make them feel part of the community. If you are not comfortable with the existing community, go ahead and build your own. I am a person who would build a community even if the members in it are very few. In this context, I prefer quality over quantity. I am giving a tip to get involved because, there is a different level of learning when you meet people and talk to them in person.

https://i2.wp.com/www.testingcircus.com/wp-content/uploads/Security-Testing-5.gif?fit=396%2C237&ssl=1https://i2.wp.com/www.testingcircus.com/wp-content/uploads/Security-Testing-5.gif?resize=150%2C119&ssl=1Santhosh TuppadSecurity Testing TipsSecurity Testing TipsSecurity Testing Tips: Enhancing your security testing skills Often, to most of the security testers, it is very easy to feel that they have been expert now and can find bugs in the application. However, there is so much to learn in security testing and it is an endless journey. It...
The following two tabs change content below.
Santhosh Tuppad is the Cofounder & Software Tester of Moolya Software Testing Private Limited (www.moolya.com). He also won the uTest Top Tester of the Year 2010 apart from winning several testing competitions from uTest and Zappers. Santhosh specializes in exploratory testing approach and his core interests are security, usability and accessibility amidst other quality criteria. Santhosh loves writing and he has a blog http://tuppad.com/blog. He has also authored several articles and crash courses in the past. He attends conferences and confers with testers he meets. Santhosh is known for his skills in testing and you should get in touch with him if you are passionate about testing.