Security testing-What can we do - Trinh Minh Hien

•

2 likes•2,308 views

At Security Testing, Web applications are complex and face a massive amount of sophisticated attacks as well as Web applications are a major target of attackers. Security testing is considered an art; the success of a security tester in detecting vulnerabilities hence mainly depends on his skills we use advanced testing techniques, experienced testing specialists and a process driven approach to security testing to ensure we deliver a highly effective security testing service with fewer resources and in a shorter period of time. OWASP TOP 10 dedicated to security analysis has proved their ability to identify complex attacks on web-based or mobile application security. However, the gap between an abstract attack traces output by an OWASP and a penetration test on the real web application is still an open issue. We present here an approach for “What We Can Do” on security testing web applications starting from a secure model.

Software

1
Security Testing: What Can
We Do?
Hien Trinh Minh
Harvey Nash Vietnam

Presenter : Hien Trinh Minh
Background & Work experience:
 Harvey Nash Vietnam : Testing Solution Architect
 More than 2 years of experience in Web Application Security Testing, Mobile Application Security Testing,
security analysis.
 More than 12 years of experience in software testing for Telecom application and networking.
 More than 7 years of experience in software testing for UMTS : Inter-Operability Test, Functional Network
Element Test, Field testing activities at 3G lab with live network.
Contact info:
Hien.trinhminh@harveynash.vn
2

Tech Agenda
• Introduction to Security Testing
• Open Web Application Security Project Top 10
• Security testing on OWASP Web Top 10
• Security Testing Tools
• Demo
3

Introduction to Security Testing
4
Security Testing Network
Security
Testing
Application
Security
Testing
Web App
Security
Testing
Mobile App
Security
Testing

Introduction to Security Testing (cont.)
5
• High Risks
– Allows an attacker to read or modify confidential data
belonging to other web sites. If exploited would compromise
data security, potentially allowing access to confidential
data, or could compromise processing resources in a user's
computer.
• Medium Risks
– Allows an attacker to obtain limited amounts of information.
That is limited to a significant degree by factors such as
default configuration, auditing, or is difficult to exploit.
• Low Risks
– Allows an attacker temporary control over non-critical
browser features. That has minimal impact and is extremely
difficult to exploit.
• Information
– Just provide information
High
Medium
Low
Information
Severity

A2 : Broken Authentication and
Session Management
• Password not hashed/encrypted in
database
• No wrong password limit (Brute
force attack)
• Session id exposed in URL
• No session timeout
• Session id vulnerable to session
fixation.
9

A2 : Broken Authentication and
Session Management (cont.)
10

A3 : Cross Site Scripting- XSS (cont.)
12

A4 : Insecure Direct Object References
• A direct object reference occurs when a developer exposes a reference to an
internal implementation object, such as a file, directory, database record, or
key, as a URL or form parameter.
13

A4 : Insecure Direct Object
References (cont.)
14

A5 : Security Misconfiguration
• Directories are listed and PHPinfo page has been found in this directory
15

A6 : Sensitive Data Exposure
16
Examples:
• Transmitting data in the clear text
e.g. non-SSL, URLs, login forms
over http
• Unencrypted credit card info
• Incorrect encryption
• Logging

A7 : Missing Function Level Access
Control
• Attacker notices the URL indicates his role
/user/Accounts
• He modifies it to another directory (role) /admin/Accounts
or /manager/Accounts
• Attacker views more accounts than just their own
17

A8 : Cross-Site Request Forgery
(CSRF)
18

A9 : Using Components with Known
Vulnerabilities
19

A10 : Unvalidated Redirects and
Forwards
20

References
• https://www.owasp.org
• http://projects.webappsec.org
• http://code.google.com/p/owaspbwa
• https://www.hacking-lab.com/
• http://www.acunetix.com/
• https://portswigger.net/burp/
• https://www.mavensecurity.com/resources/web-security-dojo/
• https://sourceforge.net/projects/samurai/files/
• http://www.bonsai-sec.com/en/research/moth.php
• Books:
The_Basics_of_Hacking_and_Penetration_Testing__Ethical_Hacking_and_Penetration_Testing_Made_
Easy
• -the-web-application-hackers-handbook
• -HowtoBreak
• -Hacking attacks and Examples Test
23

© 2014 HCMC Software Testing Club
THANK YOU

What's hot

5 Important Secure Coding Practices

Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²

OctaviusWaltonResume

Octavius Walton

Security Services and Approach by Nazar Tymoshyk

SoftServe

The development world has come to realize that the way we build applications opens the door to hackers. We are starting to realize that it is the code itself that is enabling the attacks. It’s the responsibility of the development team to build software that is inherently impervious to attack. Catching and dealing with security defects earlier in the development lifecycle is much more economical than dealing with them once the applications have been deployed.

A Successful SAST Tool Implementation

Checkmarx

What is penetration testing and career path

Vikram Khanna

Most effective QA & testing types

BairesDev

In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.

Open Source Libraries - Managing Risk in Cloud

Suman Sourav

24may 1200 valday eric anklesaria 'secure sdlc – core banking'

Positive Hack Days

Devops security-An Insight into Secure-SDLC

Suman Sourav

Software security testing

nehabsairam

Testing Tools and Tips

SoftServe

Application Security and PA DSS Certification

Digital Security

Introduction to Penetration testing and tools

Vikram Khanna

Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation

Obika Gellineau

DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations

iAppSecure Solutions

Even though many organizations claim that security is a priority, that claim doesn’t always translate into supporting security initiatives in software development or test. Security code reviews often are overlooked or avoided, and when development schedules fall behind, security testing may be dropped to help the team “catch up.” Everyone wants more secure development; they just don’t want to spend time or money to get it. Gene Gotimer describes his experiences with implementing a continuous delivery process in the cloud and how he integrated security testing into that process. Gene discusses how to take advantage of the automated provisioning and automated deploys already being implemented to give more opportunities along the way for security testing without schedule disruption. Learn how you can incrementally mature a practice to build security into the process—without a large-scale, time-consuming, or costly effort.

Better Security Testing: Using the Cloud and Continuous Delivery

Gene Gotimer

Static Analysis of software refers to examining source code and other software artifacts without executing them. This presentation looks at how these techniques can be used to identify security defects in applications. Approaches examined will range from simple keyword search methods used to identify calls to banned functions through more sophisticated data flow analysis used to identify more complicated issues such as injection flaws. In addition, a demonstration will be given of two freely-available static analysis tools: FXCop and the beta version of Microsoft’s XSSDetect tool. Finally, some approaches will be presented on how organizations can start using static analysis tools as part of their development and quality assurance processes.

Static Analysis Techniques For Testing Application Security - Houston Tech Fest

Denim Group

Agile & Secure SDLC

Paul Yang

Software engineering 23 software reliability

Vaibhav Khanna

What is penetration testing

sakshisoni076

What's hot (20)

5 Important Secure Coding Practices

OctaviusWaltonResume

Security Services and Approach by Nazar Tymoshyk

A Successful SAST Tool Implementation

What is penetration testing and career path

Most effective QA & testing types

Open Source Libraries - Managing Risk in Cloud

24may 1200 valday eric anklesaria 'secure sdlc – core banking'

Devops security-An Insight into Secure-SDLC

Software security testing

Testing Tools and Tips

Application Security and PA DSS Certification

Introduction to Penetration testing and tools

Introduction to Penetration testing - GDG DevFest Caribbean 2021 presentation

DAST, SAST, Hybrid, Hybrid 2.0 & IAST - Methodology & Limitations

Better Security Testing: Using the Cloud and Continuous Delivery

Static Analysis Techniques For Testing Application Security - Houston Tech Fest

Agile & Secure SDLC

Software engineering 23 software reliability

What is penetration testing

Viewers also liked

When a test manager receives a project to work with, he would like to comprehend the scope of the project, the test objectives such as project timeline, project resources and budget. The Test Manager then needs to think about the test strategy. Selecting an appropriate test strategy is crucial for his project success. There are several test strategies for the Test Manager to select such as analytical, model-based, methodical, process or standard-compliant, dynamic, consultative or directed, and regression-averse. One of the most common and important test strategy is the analytical one that includes risk-based and specification-based testing. Comprehending analytical strategy and its methodologies will help the test manager guide software testing activities to reach the right targets to fulfill the testing objectives. That will make the customers happy and accept his company products. Then he and his company will get paid and great compensation from the customers. From there, his company business will continue to expand and everybody will be happy. The talk will bring ideas about the analytical strategy and how to run risk-based and specification-based testing activities. Definitely the talk will bring good value to software testing audiences especially test managers. Testers, developers, project managers and higher management can benefit from the talk in the way that they understand and facilitate software testing methodologies in software development life cycle.

Analytical Risk-based and Specification-based Testing - Bui Duy Tam

Ho Chi Minh City Software Testing Club

We need a QA team that works with development teams to help ship features quickly and safely. Traditional testers help to ship safely by doing the testing, but this can have the side-effect of slowing the team down. When bugs are found during the testing stage, they take longer to fix because they requires rework of existing code. The team is then put in a position where they have to decide between shipping quickly or safely. To ship features both quickly and safely we need to find defects as early in the development process as possible to prevent bugs instead of detecting them. In Son's presentation, he will share how to apply agile quality process to achieve this for product-centric teams.

Deliver Fast, Break Nothing Via Effective Building Developer and Tester Colla...

Ho Chi Minh City Software Testing Club

Automation test is an interesting research problem in recent years. There are many reasons why we use automation test in the software development. In the traditional approach, automation test has been used for regression test, functional test, performance test… in order to find or prevent bugs and software quality assurance. In this research, we have a novel approach using automation test to build software monitoring solution. The purpose of automation scripts use as monitoring software to capture images and write logs. The architecture pattern of automation for monitoring based on automation test tool, cloud service, and scheduler. The proposed architecture pattern has been applied for online advertisement monitoring. Instead of reporting passed/failed, automation scripts will monitor whether the advertisement is display or not, and how often it was display on multiple platforms. The proposed architecture pattern can also apply for video advertisement monitoring solution.

A Novel Approach of Automation Test for Software Monitoring Solution - Tran S...

Ho Chi Minh City Software Testing Club

Agile Testing - Not Just Tester’s Story _ Dang Thanh Long

Ho Chi Minh City Software Testing Club

You want to integrate skilled testing and development work. But how do you accomplish this without developers accidentally subverting the testing process or testers becoming an obstruction? Efficient, deep testing requires “critical distance” from the development process, commitment and planning to build a testable product, dedication to uncovering the truth, responsiveness among team members, and often a skill set that developers alone—or testers alone—do not ordinarily possess. James Bach presents a model—a redesign of the famous Agile Testing Quadrants that distinguished between business vs. technical facing tests and supporting vs. critiquing―that frames these dynamics and helps teams think through the nature of development and testing roles and how they might blend, conflict, or support each other on an Agile project. James includes a brief discussion of the original Agile Testing Quadrants model, which the presenters believe has created much confusion about the role of testing in Agile.

The New Agile Testing Quadrants: Bringing Skilled Testers and Developers Toge...

Ho Chi Minh City Software Testing Club

“Can we integrate mobile, web and API testing into a single open-source automation framework? And, we only want all the test scripts to be written in human-readable language, we want them to be easily integrated to CI system. It’s quite a hard question, isn’t it?” If you or your organization also have the same question and still on trying to find solution for that. Then, we believe that this seminar is for you! At the seminar, we will cover the following topics: The Need of Automation Testing Nowadays How BDD Cuke and Ruby on Rails can help A Universal Automation Framework: Mobile, Web, API and CI Integration

A Universal Automation Framework based on BDD Cucumber and Ruby on Rails - Ph...

Ho Chi Minh City Software Testing Club

Nowadays in IT market, most of enterprises are trying to adopt agile and DevOps methodology to meet the time-to-market expectations and continue satisfying their customers. As the result, continue deploying new applications are become challenges for any software development teams. During the development cycles, several questions has been identified and one of the most interesting questions is How to fit automated tests into agile projects because within agile sprints, there is simply not enough time to automate the set of tests? Action Based Testing (ABT) methodology is becoming a solution to help you achieve your expectations on automated test coverage within the Agile iterations/sprints. ABT uses a modular keyword-driven approach which tests are organized in test modules and are built up of sequences of actions. Well-defined test modules can provide a healthy framework for teams to work with, in particular if modules have a clear and unambiguous scope, the scope is well-differentiated from other test modules, and all test cases …within the test module reflect the scope. A key differentiation is between business tests and interaction tests. Business tests have a business-oriented scope and should not contain UI details. Interaction tests focus on the interaction between the user (or another system) and the application. This topic is about how to apply ABT methodologies into SDLC with some discussions on the three Holy Grail of test design approaches from Hans Buwalda.

Test Design with Action-based Testing Methodology - Ngo Hoang Minh

Ho Chi Minh City Software Testing Club

Back-end testing is an unfamiliar testing area to many testers, especially when the Back-end adopts web services technologies and has gigabytes of data need to be verified. The presentation will outlines numbers of testing activities that need to be done to deal with challenges. Services/Domain Testing Introduction: We have been providing automation test service for Back-end system which has web services, web application technologies and meta-data processing. The domain we has worked on is about Communication Media and Entertainment. Challenges: Complex business logic inside layer of data storage and processing to provide services. Different platforms under test. Defragmented testing result so it is difficult to make decision. Must align testing with development life cycle. Solutions: Apply automation testing to Continuous Integration. Design automation test framework to deal with Shell, Web Service, Web Application, gigabytes of XML Data on Windows and Linux. Select proper technology stack to centralize the testing result from both manual and automation teams. Jenkins is continuous integration and continuous delivery application, as start point, run its job to build source code from development team. When unit testing for source code is passed, automated system test written by LISA is launched as flow controller for automation test framework. The LISA’s core functionalities are to verify middleware layer, web services based on SOAP/RESTful and database. Extending LISA’ capabilities are also applied in practice to test different technologies under test such as web application by integrating with Selenium, Shell Script by JCraft and processing big data file by Xstream/JAXB.

Introduction to Back End Automation Testing - Nguyen Vu Hoang, Hoang Phi

Ho Chi Minh City Software Testing Club

As one of the biggest multinational companies in the worldwide video game industry since 1999, Gameloft records around 2.8 million new games downloaded every day, distributed in over 100 countries. We will see how the Quality Assurance (QA) department manages to ensure the best quality standard for all those mobile applications. After mentioning what software and video game have in common, the speech will focus on video game main testing challenges with their actual solutions (performance, optimization, automation). It will also deal about the testing techniques used for the in-game ads currently growing fast on the market.

Mobile Video Games Testing Principles - Benjamin Poirrier

Ho Chi Minh City Software Testing Club

Automation testing requires specific techniques to handle errors differently to manual testing. There shouldn't be "procedure processing" problem that prevents you from perform your steps as you are well aware when to stop or continue the test flow, when to capture screenshot or to report failed step. With automation testing, things are different. There are numerous obstacles and errors will fail your test cases because of processing problems. Below are some of the tips and trick that can help you improve the thoroughness of your scripts. Improve compliance regulation easily with automation. 1) How to deal with IFrame? 2) How to deal with Popup? 3) Manage Xpath nesting? ...

Common Web UI Problems Transforming Manual to Automation

Ho Chi Minh City Software Testing Club

Web API Test Automation Using Frisby & Node.js

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Richard Taylor Agile teams don’t need traditional metrics: we do everything so quickly that we only need to know our velocity and cycle time". Is this an extreme claim, or is it realistic? When it's possible to implement a completely pure and simple Agile methodology, and react to all feedback almost immediately, it might be true. It's certainly true that some of the metrics which work well in other types of project lifecycle aren't useful in an Agile one. But are test metrics irrelevant in a large Agile project, with multiple teams and a formal release mechanism? What happens when an Agile project has to comply with standards, or with regulatory requirements, to produce proof of product quality? And even if those things aren’t true, aren't there some things we can measure that will tell us how good our Agile testing is, and how it might get better? This presentation should be helpful to anybody who is, or will be, testing in or managing an Agile project team. In it, Richard Taylor explains how to make some of his favourite test metrics useful in an Agile environment and why some others might better be avoided. Various types of coverage, effectiveness and weighted defect measures are explained and demonstrated. Richard shows how we can present both product and process metrics in a way that gives their message clearly to all interested people, including those from the business and from management who aren’t IT specialists.

[HCMC STC Jan 2015] Making IT Count – Agile Test Metrics

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Tam Bui Do you have an understanding of software automation testing? Have you often faced challenges when implementing automation testing on your projects? Have successfully achieved the cost and time targets for your automation testing projects? Joining the talk, you will a better understanding of automation testing practices and its benefits. In this presentation, I will share my experiences in applying test automation on my projects. My experiences are concentrated in areas such as team collaboration and selecting suitable test cases for automation. Software testers, automation testers and test managers can get great benefits from the talk. Developers can join to understand how to collaborate with the automation testing team. Senior managers will get more understanding about automation testing principles and then help their automation test teams implement automation testing effectively.

[HCMC STC Jan 2015] Practical Experiences In Test Automation

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Tho Thanh Quang As testing is increasingly incurring a substantial cost in software development, there are many attempts made to automate the testing process. One notable approach is automatic generation of test cases. Recent research has suggested generating test cases from UML-based diagrams, which are over-formal to be applied effectively in industry. In this talk we introduce a framework, known as FATS (Framework for Automated Testing Scenarios), to counter this problem. In FATS, we suggest representing user-defined use-cases by a markup language, therefore activity graphs and test scenarios can be developed accordingly in an automatic manner.

[HCMC STC Jan 2015] FATS: A Framework For Automated Testing Scenarios

Ho Chi Minh City Software Testing Club

Learn about automation tools and approaches for mobile automation testing using cloud-based infrastructure to improve the test coverage and minimize the cost. During this meetup, we will address key considerations for a successful mobile quality control strategy for startups & SMEs including: 1) Overcoming the challenges of mobile app testing 2) How to replace your emulator based mobile app testing with scalable and secure mobile testing environment, using the Mobile Cloud platform 3) How to utilize your In-House devices with Mobile Cloud devices for your manual/automation testing purposes? 4) Key consideration while choosing a mobile cloud service

Building an effective mobile testing strategy

Ho Chi Minh City Software Testing Club

[HCMC STC Jan 2015] Risk-Based Software Testing Approaches

Ho Chi Minh City Software Testing Club

Why a Mobile Test Strategy is just Test Strategy

Ho Chi Minh City Software Testing Club

Key Factors To Ensure Test Automation Framework Success

Ho Chi Minh City Software Testing Club

Test design techniques: Structured and Experienced-based techniques

Khuong Nguyen

Pyunit

Ikuru Kanuma

Viewers also liked (20)

Analytical Risk-based and Specification-based Testing - Bui Duy Tam

Deliver Fast, Break Nothing Via Effective Building Developer and Tester Colla...

A Novel Approach of Automation Test for Software Monitoring Solution - Tran S...

Agile Testing - Not Just Tester’s Story _ Dang Thanh Long

The New Agile Testing Quadrants: Bringing Skilled Testers and Developers Toge...

A Universal Automation Framework based on BDD Cucumber and Ruby on Rails - Ph...

Test Design with Action-based Testing Methodology - Ngo Hoang Minh

Introduction to Back End Automation Testing - Nguyen Vu Hoang, Hoang Phi

Mobile Video Games Testing Principles - Benjamin Poirrier

Common Web UI Problems Transforming Manual to Automation

Web API Test Automation Using Frisby & Node.js

[HCMC STC Jan 2015] Making IT Count – Agile Test Metrics

[HCMC STC Jan 2015] Practical Experiences In Test Automation

[HCMC STC Jan 2015] FATS: A Framework For Automated Testing Scenarios

Building an effective mobile testing strategy

[HCMC STC Jan 2015] Risk-Based Software Testing Approaches

Why a Mobile Test Strategy is just Test Strategy

Key Factors To Ensure Test Automation Framework Success

Test design techniques: Structured and Experienced-based techniques

Pyunit

Similar to Security testing-What can we do - Trinh Minh Hien

Web and Mobile Application Security

Prateek Jain

Application Security Vulnerabilities: OWASP Top 10 -2007

Vaibhav Gupta

The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack. This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security. How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down: • Vulnerability anatomy – how they present themselves • Analysis of vulnerability root cause and protection schemas • Test procedures to validate susceptibility (or not) for each threat

How to Test for The OWASP Top Ten

Security Innovation

Web Application Security 101

Cybersecurity Education and Research Centre

Andrews whitakrer lecture18-security.ppt

SilverGold16

Owasp top 10 web application security risks 2017

Sampath Bhargav Pinnam

00. introduction to app sec v3

Eoin Keary

OWASP Top Ten in Practice

Security Innovation

Owasp top 10 Vulnerabilities by cyberops infosec

Cyberops Infosec LLP

The OWASP Top Ten is the de-facto web application security standard because it reflects the evolving threat landscape, providing organizations a framework to manage and mitigate application security risk. This presentation examines the critical newcomers and pesky incumbents from both an offensive and defensive perspective. Our experts share their insight on how to harden Web applications and align your program towards OWASP compliance.

The New OWASP Top Ten: Let's Cut to the Chase

Security Innovation

View the on-demand recording: http://securityintelligence.com/events/avoiding-application-attacks/ Your organization is running fast to build your business. You are developing new applications faster than ever and utilizing new cloud-based development platforms. Your customers and employees expect applications that are powerful, highly usable, and secure. Yet this need for speed coupled with new development techniques is increasing the likelihood of security issues. How can you meet the needs of speed to market with security? Hear Paul Ionescu, IBM Security, Ethical Hacking Team Lead discuss: - How application attacks work - Open Web Application Security Project (OWASP) goals - How to build defenses into your applications - The 10 most common web application attacks, including demos of the infamous Shellshock and Heartbleed vulnerabilities - How to test for and prevent these types of threats

Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...

IBM Security

OWASP, Application Security

Dilip Sharma

Security workshop - Lets get our hands dirty!!

Manjyot Singh

Secure code practices

Hina Rawal

Solvay secure application layer v2015 seba

Sebastien Deleersnyder

Introduction to security testing raj

Rajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL

The technique of discovering vulnerabilities in a software, website, or agency’s structure that a hacker might exploit is known as ethical hacking. They employ this method to avoid cyberattacks and security breaches by legitimately hacking into systems and looking for flaws. CEH was designed to include a hands-on environment and a logical procedure across each ethical hacking area and technique. This is to provide you the opportunity to work towards proving the knowledge and skills to earn the CEH certificate and perform the tasks of an ethical hacker. Read more: https://www.infosectrain.com/blog/top-20-certified-ethical-hacker-interview-questions-and-answer/

Top 20 certified ethical hacker interview questions and answer

ShivamSharma909

Serverless architectures enable organizations to build and deploy software and services without having to maintain or provision any physical or virtual servers. Applications built using serverless architectures are suitable for a wide range of services, and can scale elastically as cloud workloads grow. From a software development perspective, organisations adopting serverless can focus on core product functionality, and completely disregard the underlying operating system, application server or software runtime environment. In essence, when you develop applications using serverless, you relieve yourself from the daunting task of having to constantly apply security patches for the underlying operating system and application servers – these tasks are now the responsibility of the serverless architecture provider. However, the comfort and elegance of serverless architectures is not without its drawbacks – serverless architectures introduce a new set of security concerns that must be taken into consideration when coming to secure such applications. In this talk, we will present an overview of serverless architectures, the challenge of securing serverless applications, and an overview of the top 10 most common security concerns that developers, DevSecOps and architects should consider when designing and developing such applications. We will also demonstrate a unique CI/CD tool for hardening serverless projects during deployment time.

DevSecCon Tel Aviv 2018 - Serverless Security

Avi Shulman

Vulnerabilidades en sitios web (english)

Miguel de la Cruz

OWASP -Top 5 Jagjit

Jagjit Singh Brar

Similar to Security testing-What can we do - Trinh Minh Hien (20)

Web and Mobile Application Security

Application Security Vulnerabilities: OWASP Top 10 -2007

How to Test for The OWASP Top Ten

Web Application Security 101

Andrews whitakrer lecture18-security.ppt

Owasp top 10 web application security risks 2017

00. introduction to app sec v3

OWASP Top Ten in Practice

Owasp top 10 Vulnerabilities by cyberops infosec

The New OWASP Top Ten: Let's Cut to the Chase

Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...

OWASP, Application Security

Security workshop - Lets get our hands dirty!!

Secure code practices

Solvay secure application layer v2015 seba

Introduction to security testing raj

Top 20 certified ethical hacker interview questions and answer

DevSecCon Tel Aviv 2018 - Serverless Security

Vulnerabilidades en sitios web (english)

OWASP -Top 5 Jagjit

More from Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Nhat Do, Vu Duong Context-Driven Testing (CDT) rejects the notion of generalized “best practices” that apply to all projects, and instead accepts that different practices work best under different circumstances. The third principle of the seven defined in CDT states that people are the most important part of any project’s context. Less of a focus on processes and tools, with more emphasis on people and their collaboration empowers testers with the freedom to make choices about how best to do their job without following a restrictive plan. In joining the game of workshop and some theory sharing in slides, you will a better understanding of Context-Driven Testing practices, principles and its benefits as well as know how is a nice Marriage of Agile and Context-Driven Testing.

[HCMC STC Jan 2015] Workshop Of Context-Driven Testing In Agile

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Lee Hawkins With a growing product portfolio and limited capacity to expand in Melbourne, the opportunity arose to build a testing capability in the Dell office in Zhuhai, in the Guangdong province of China. He's been working closely with this growing team of young inexperienced testers for the last two years. Collaborating with this enthusiastic offshore team has been a three-way challenge: dealing with cultural differences, overcoming the language barrier, and challenging the traditional software testing status quo. In this presentation, he will share his personal experience of collaborating with these young testers to develop a performance & creative context-driven testing team - the first time this had been attempted within this office in China. By sharing this experience, he hopes to highlight areas where offshore teams themselves can help those working with them, particularly across significant cultural divides.

[HCMC STC Jan 2015] Developing an Offshore Context-Driven Testing Team

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Lee Copeland Over the years writers have defined testing as a process of finding, a process of evaluating, a process of measuring, a process of improving. For a quarter of a century we as testers have been focused on the internal process of testing, while generally disregarding its real purpose. The real purpose of testing is to create information. James Bach nailed it when he wrote, “The ultimate reason testers exist is to provide information that others on the project use to create things of value.” That is why testing exists — to provide information of value. So, when managers complain that testing “costs too much” perhaps they are really trying to say, “I’m not getting enough valuable information to justify the cost of testing.” When testers say “my management doesn’t see the value in our work” perhaps they are really trying to say, “My management doesn’t value the information I’m providing to them.” To prove our worth, to increase the value of testing, we must first focus on testing’s purpose — providing valuable information — not its process. Join Lee as he discusses why quantifying the value of testing is difficult work — perhaps that’s why we concentrate so much on testing process—that’s much easier. But until we do this difficult work, until we prove our worth through quantifying our contribution, we should expect the bombardments to continue.

[HCMC STC Jan 2015] Proving Our Worth Quantifying The Value Of Testing

Ho Chi Minh City Software Testing Club

[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Lee Copeland The IEEE 829 Test Documentation standard is thirty years old this year. Boris Beizer’s first book on software testing also turned thirty. Testing Computer Software, the best selling book on software testing, is twenty-five. During the last three decades, hardware platforms have evolved from mainframes to minis to desktops to laptops to tablets to smartphones. Development paradigms have shifted from waterfall to agile. Consumers expect more functionality, demand higher quality, and are less loyal to brands. The world has changed dramatically and testing must change to match it. Testing processes that helped us succeed in the past may prevent our success in the future. Lee Copeland shares his insights into the future of testing, sharing his Do’s and Don’ts in the areas of technology, organization, test processes, test plans, and automation. Join Lee for a thought provoking look at creating a better testing future.

[HCMC STC Jan 2015] Creating a Better Testing Future

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: An Tran Thien Le Many testers are not clear about their roles in their Agile teams, especially if they have been familiar with the traditional waterfall testing model. This presentation aims to clarify typical tester’s roles and responsibilities on Agile projects. It suggests useful testers’ mindset in working in Agile teams. The presentation also shares ways to collaborate with key stakeholders including customers (or product owners), developers, and other members in Agile teams. Having proper understanding of their roles and responsibilities together with applying their skillsets, testers would do a better job in Agile projects.

[HCMC STC Jan 2015] How To Work Effectively As a Tester in Agile Teams

Ho Chi Minh City Software Testing Club

Ho Chi Minh City Software Testing Conference January 2015 Software Testing in the Agile World Website: www.hcmc-stc.org Author: Hien Minh Trinh At Target Testing, we use advanced testing techniques, experienced testing specialists and a process driven approach to testing to ensure we deliver a highly effective testing service with fewer resources and in a shorter period of time. It is our firm belief that efficient and effective testing is not a matter of the number of testers you have but the quality of those testers and the tools they use. Network Element Integration Test verifies the functionality of the OneBTS Network Element at its defined interfaces within a simulated environment. Simulating the complete "outside world" of the Network Element reduces the complexity of testing, increases the speed of testing and simplifies the identification of errors within the Network Element. The tests executed by Network Element Integration Test will cover new features of the Network Element as well as features included in previous releases to ensure that feature enhancements have only the defined impact on an already stable system.

[HCMC STC Jan 2015] Performing Target Test in UMTS Network

Ho Chi Minh City Software Testing Club

HCMC Software Testing Club - The 1st Meetup By Thao Vo Selecting a most suitable automated testing tool is one of big challenges in software test automation. Choosing a test tool is as complicated as getting married to a person. If you marry with an inappropriate person, you tend to break up sooner or later. Similarly, without a suitable test tool, we will deadly end up with failed test automation effort. There are a variety of automated testing tools with different testing types and technologies. How to define a set of criteria of requirements to meet our goal, and making a right tool will help us prevent later problems from the executing of successful testing project. This topic is intended to share steps and criteria to select an appropriate automated testing tool.

Selecting the Right Automated Testing tool

Ho Chi Minh City Software Testing Club

HCMC Software Testing Club Conference is one of the premier meeting-places for software testers in HCMC. It covered current trends in software testing industry and offered the chance to meet with software testing experts around the world, such as Mr. Paul Holland and other local software testing experts in HCMC. Tied in well with the overall themes "Stay on the cutting-edge", the conference brought to audiences the practical knowledge and best practices in software testing through many great topics around Test management, Test techniques, Automation testing, Agile testing, Mobile testing, Performance testing and Personal Excellences.

Ho Chi Minh City Software Testing Conference 2014 "Stay on the cutting-edge" ...

Ho Chi Minh City Software Testing Club

As a software tester, you may often face a situation in which your customer requires completing testing faster than you can handle given your effort and the amount of test. For example, in order to complete testing 2000 test cases for a build, you need at least 10 days to complete all testing. However, your customer needs to test and release the build within 5 days. You need to make a tough decision to handle this request. This presentation offers you one of the approaches that you can pursue. The presentation discusses an approach to prioritizing test cases using the principles of value-based software engineering. The approach is based on the principle that not every test case is equally importantly, e.g., not each of the 2000 test cases has the same value. A simple Excel tool will also be provided to allow you quickly prioritize test cases and select the ones that generate best value for your customer.

[Vu Van Nguyen] Value-based Software Testing an Approach to Prioritizing Tests

Ho Chi Minh City Software Testing Club

Software testing is an essential activity of the software development lifecycle. To ensure quality, applicability, and usefulness of a product, development teams must spend considerable time and resources testing, which makes the estimation of the software testing effort, a critical activity. This presentation presents a simple and useful method called qEstimation to estimate the size and effort of the software testing activities. The method measures the size of the test case in terms of test case points based on its checkpoints, preconditions and test data, as well as the type of testing. The testing effort is then computed using the size estimated in test case points. All calculations are embedded in a simple Excel tool, allowing estimators easily to estimate testing effort by providing test cases and their complexity.

[Vu Van Nguyen] Test Estimation in Practice

Ho Chi Minh City Software Testing Club

“How are business users assured that all features are built and tested?”. “Test cases written by the test teams are too technical for business users”. If you find yourself in the above situations, Behavior-Driven Development (BDD) may be a good choice for your team. In this presentation, we will discuss BDD as an agile development practice, automation testing using Cucumber as well as the advantages and disadvantages of BDD/Cucumber.

[Thong Nguyen & Trong Bui] Behavior Driven Development (BDD) and Automation T...

Ho Chi Minh City Software Testing Club

More from Ho Chi Minh City Software Testing Club (12)

[HCMC STC Jan 2015] Workshop Of Context-Driven Testing In Agile

[HCMC STC Jan 2015] Developing an Offshore Context-Driven Testing Team

[HCMC STC Jan 2015] Proving Our Worth Quantifying The Value Of Testing

[HCMC STC Jan 2015] Choosing The Best Of The Plan-Driven And Agile Developmen...

[HCMC STC Jan 2015] Creating a Better Testing Future

[HCMC STC Jan 2015] How To Work Effectively As a Tester in Agile Teams

[HCMC STC Jan 2015] Performing Target Test in UMTS Network

Selecting the Right Automated Testing tool

Ho Chi Minh City Software Testing Conference 2014 "Stay on the cutting-edge" ...

[Vu Van Nguyen] Value-based Software Testing an Approach to Prioritizing Tests

[Vu Van Nguyen] Test Estimation in Practice

[Thong Nguyen & Trong Bui] Behavior Driven Development (BDD) and Automation T...

Recently uploaded

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...

WSO2

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

masabamasaba

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

masabamasaba

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

masabamasaba

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic near me by a powerful astrologer and spell caster in Atlanta. Bring back your lover with Asaf's voodoo-love witchcraft. Psychic Reading | Astrologer | Spell Caster | Obsession Spells | Black Magic | Witchcraft | Protection spell | wiccan spells. Black magic expert and voodoo love spells that work overnight to retrieve that love | lost love spell caster with powerful love psychic reading. Best astrologer & psychic in Sandy Springs, GA to renew your relationship & make your relationship stronger. love spells to bring back the feelings of love for ex-lovers. Increase the intimacy, affection & love between you and your lover using voodoo relationship obsession spells in USA. Money spells, easy love spells with just words, think of me spell, powerful love spell, spells of love, spells that work, love potion to attract a man, easy love spells with just words, pink candle prayer, white magic spells, call me spell, manifestation spell, gay love spells, Commitment spells, business spells and, how to bring back lost love in a relationship, Witchcraft love spells that work immediately to increase love & intimacy in your relationship. Attraction love spells to attract someone, stop a divorce, prevent a breakup & get your ex back. When using love binding spells, there are several things you should know, particularly how to protect yourself from negative energies and how to use the powers of incantations for the good of all people involved. When the focus is love, the results are truly magical. It’s important to remember love is not manipulative, it is not forceful, and it does not bend another to its will. Love is free-flowing, accepting, kind, and generous. For your love spell to work as intended, you must have good intentions in your heart. Below, we share the top five love spells you can use today to shift the energies in your life and create a future filled with love and fulfilment. Obsession spells to Get Your Ex-Lover Back. All women want one thing the most in life to be love and love in return – not much to ask. A lady wants a good man who loves you unconditionally and loyally. You want a man who is honest, hardworking, and loyal – not a complainer or a weakling or a self-centred man. You are a strong, independent, sensual, caring, loving woman. And you don’t think it’s asking too much to want to be with a loving, intelligent man with a good sense of humour and daring, an upright and confident man – who knows who he is. No one wants a chauvinistic and macho man, but you do want someone who will be willing to protect and care for you. Who loves you for you and not some kind of imaginary. You have no doubt that when the right guy appears on your doorstep, you’ll never let him go. But sometimes a man doesn’t realize he has that good woman.

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

chiefasafspells

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

Artyushina_Guest lecture_YorkU CS May 2024.pptx

AnnaArtyushina1

MakeMyPass" Online Bus Pass Management System illustrates the flow of activities and actions that occur within the system to accomplish specific tasks or use cases. This type of diagram focuses on representing the sequence of activities and decision points involved in a particular process. Below is an example outline and description of key elements that could be included in an Activity Diagram for the system:

BUS PASS MANGEMENT SYSTEM USING PHP.pptx

alwaysnagaraju26

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

masabamasaba

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

WSO2CON 2024 Slides - Open Source to SaaS

WSO2

WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...

WSO2

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in Tembisa ● Abortion Pills For Sale in Tembisa ● Tembisa 🏥🚑!! Abortion Clinic Near Me Cost, Price, Women's Clinic Near Me, Abortion Clinic Near, Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

WSO2

Recently uploaded (20)

WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

%in Soweto+277-882-255-28 abortion pills for sale in soweto

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

AI & Machine Learning Presentation Template

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

Artyushina_Guest lecture_YorkU CS May 2024.pptx

BUS PASS MANGEMENT SYSTEM USING PHP.pptx

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

Announcing Codolex 2.0 from GDK Software

WSO2CON 2024 Slides - Open Source to SaaS

WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...

Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...

Security testing-What can we do - Trinh Minh Hien

1. 1 Security Testing: What Can We Do? Hien Trinh Minh Harvey Nash Vietnam

2. Presenter : Hien Trinh Minh Background & Work experience:  Harvey Nash Vietnam : Testing Solution Architect  More than 2 years of experience in Web Application Security Testing, Mobile Application Security Testing, security analysis.  More than 12 years of experience in software testing for Telecom application and networking.  More than 7 years of experience in software testing for UMTS : Inter-Operability Test, Functional Network Element Test, Field testing activities at 3G lab with live network. Contact info: Hien.trinhminh@harveynash.vn 2

3. Tech Agenda • Introduction to Security Testing • Open Web Application Security Project Top 10 • Security testing on OWASP Web Top 10 • Security Testing Tools • Demo 3

4. Introduction to Security Testing 4 Security Testing Network Security Testing Application Security Testing Web App Security Testing Mobile App Security Testing

5. Introduction to Security Testing (cont.) 5 • High Risks – Allows an attacker to read or modify confidential data belonging to other web sites. If exploited would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. • Medium Risks – Allows an attacker to obtain limited amounts of information. That is limited to a significant degree by factors such as default configuration, auditing, or is difficult to exploit. • Low Risks – Allows an attacker temporary control over non-critical browser features. That has minimal impact and is extremely difficult to exploit. • Information – Just provide information High Medium Low Information Severity

6. OWASP TOP 10 6

7. A1: Injection 7

8. A1: Injection (cont.) 8

9. A2 : Broken Authentication and Session Management • Password not hashed/encrypted in database • No wrong password limit (Brute force attack) • Session id exposed in URL • No session timeout • Session id vulnerable to session fixation. 9

10. A2 : Broken Authentication and Session Management (cont.) 10

11. A3 : Cross Site Scripting (XSS) 11

12. A3 : Cross Site Scripting- XSS (cont.) 12

13. A4 : Insecure Direct Object References • A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. 13

14. A4 : Insecure Direct Object References (cont.) 14

15. A5 : Security Misconfiguration • Directories are listed and PHPinfo page has been found in this directory 15

16. A6 : Sensitive Data Exposure 16 Examples: • Transmitting data in the clear text e.g. non-SSL, URLs, login forms over http • Unencrypted credit card info • Incorrect encryption • Logging

17. A7 : Missing Function Level Access Control • Attacker notices the URL indicates his role /user/Accounts • He modifies it to another directory (role) /admin/Accounts or /manager/Accounts • Attacker views more accounts than just their own 17

18. A8 : Cross-Site Request Forgery (CSRF) 18

19. A9 : Using Components with Known Vulnerabilities 19

20. A10 : Unvalidated Redirects and Forwards 20

21. Security Testing Tools 21

22. Demo 22

23. References • https://www.owasp.org • http://projects.webappsec.org • http://code.google.com/p/owaspbwa • https://www.hacking-lab.com/ • http://www.acunetix.com/ • https://portswigger.net/burp/ • https://www.mavensecurity.com/resources/web-security-dojo/ • https://sourceforge.net/projects/samurai/files/ • http://www.bonsai-sec.com/en/research/moth.php • Books: The_Basics_of_Hacking_and_Penetration_Testing__Ethical_Hacking_and_Penetration_Testing_Made_ Easy • -the-web-application-hackers-handbook • -HowtoBreak • -Hacking attacks and Examples Test 23

24. Q & A

Security testing-What can we do - Trinh Minh Hien

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Security testing-What can we do - Trinh Minh Hien

Similar to Security testing-What can we do - Trinh Minh Hien (20)

More from Ho Chi Minh City Software Testing Club

More from Ho Chi Minh City Software Testing Club (12)

Recently uploaded

Recently uploaded (20)

Security testing-What can we do - Trinh Minh Hien