Sunday, October 4, 2020

Workshop Experience: Web Application Security Testing

 

This writing is my experience report of the workshop Web Application Security Testing conducted by Verity Software with Rahul Verma as a trainer. I had attended this workshop in November 2011. I registered for it again and was part of the workshop for the second time in September 2020. I thank Vinay Baid and Anil Nahata of Verity Software for coordinating and helping me to attend this workshop.



I and Web Testing for Security


I started testing for web applications in 2008 by learning what the browser is, its internals, and by understanding the web technologies. While doing this, I was working on projects which built web systems for -- SalesForce, Healthcare - Insurance, Reporting, and BI Reporting systems.  


One of the projects was supporting only for IE (IE6 & 7). The other projects web was supposed to support desktop Firefox, Chrome, and Safari. In the project, my task was to test for functionality.


In parallel, I picked testing for the security of these web applications. I referred to OWASP and its contents. I was building my mindset for security testing; I tested for web application security. I found the security bugs!



Disclaimer


I'm not paid by anyone to write this post and no one asked me to write one. I'm writing it has my workshop experience and learning I made out of it. I'm writing it to document my experience from this workshop.



About the workshop


I saw the post in 2011 from Rahul Verma about his workshop -- Web Application Security Testing, two days workshop. I registered for it in 2011; it helped me. In 2020 September, I did attend the same two days workshop from Rahul Verma and conducted by Verity Software this time. The detail of this hands-on workshop is available in the Verity Software's website.

  

I did not feel it is a repetition. In these eight years, my thought process has changed. I see that I have progressed in my learning in these eight years. Yet, I did not experience it as a repetition. 


The only differences that I could see are:


  • In 2011, it was in a hotel at Kormangala; 2020's workshop was online as an effect of the COVID19 pandemic.
  • In the physical workshop, the trainer moved around each table and looked into the trainee's practicing; in an online format, he helped by asking how we are doing the hands-on exercises.
  • In the physical workshop then, the trainer had given a laptop if needed with software that needs to be used and installed; in an online format, we trainees had our laptop and seated at home, and accessed the practice system hosted on a cloud via remote desktop.
  • In the physical workshop, he could see us, our eyes and our face, and understand what's happening with us; in an online format, he had turned on his camera, and trainees had turned off their camera.
  • In the physical workshop, there was networking between the trainees; in an online format, no networking, and sharing between the trainees.
  • In the physical workshop, he wrote on whiteboard and in a projected text editor and explained; in an online format, he used the Sublime editor to write and explained his thoughts on the shared screen.
  • In the physical workshop, there was silence, we trainees listened to him; in an online format, at times we had trainees microphone turned on and could hear the background sound (I don't call it as noise!).
  • In the physical, we did not see any break or lag in the trainer's voice; in an online format, we could see the lag in the trainer's and trainee's video and voice (latency, bandwidth, streaming & internet!).


Otherwise, I made my notes as I listened to him then and today. It was the first online workshop for the trainer Rahul Verma.



Why did I attend this workshop?


Here are my reasons why I attended this workshop:

  • To check on my fundamentals, thought process, and mindset in Web Application Security Testing.
  • To see the difference in me and my practice after I attended the previous workshop.
  • To learn certain concepts better from a practitioner who practices web application security testing.
  • To listen to Rahul Verma:
    • He doesn't do sugar coat.
    • Says what he knows and what he practices.
    • His way of explanations and the way he looks at the fundamentals before security.
    • His experiences and what kind of security information he finds and how.
      • I did not connect to it well in 2011 as I connected to it today.  I was grasping slowly and thinking about what I do as Rahul Verma spoke.  I did not repeat this mistake in the 2020's workshop.
      • Today, I received it better as I'm practicing it, and I could relate my work when he discussed subjects and topics in the workshop.



What I made out of this workshop?


I said to myself to unlearn and not to think with what I know as I listened to the trainer. I went with an open and listening mind to this workshop. I did make sure to keep myself attentive in the workshop. I share a few of my learning here:

  • My fundamentals got revisited; registered it better in my thought and mind.
  • Understanding and the way I see what I see is with more clarity and observations.
  • The topics which look buzzy and complicated have become much simpler now to understand and work on it.
  • My mindset is realigning with the unlearning I had in the workshop.
  • I wanted to re-arrange my thinking here if I had to, and I did it listening to Rahul Verma for the second time.
  • Before learning security testing, the fundamentals of the web were taken seriously and discussed it.
  • I cannot write in detail about it here. Probably if I do that, it may impact the trainer and organization conducting the workshop.
  • The fundamentals he discusses here are needed -- stepping stones.
  • As we know, tools assist in testing better, but it does not test on behalf of a tester. Yet using the tool in security testing is helpful in context up to a limit, and later it is human who has to test for security. 
  • I did not see anything I listened to as a repeat for me.


I got what I wanted from this workshop. It is on me now how I practice and lead myself ahead.



My experience and learning


What the trainer spoke is available in books and on the web. What's not available is the thought process and how to approach it by understanding. The demonstration of a practitioner has to be experienced in person if possible; it brings a different and unique value in the trainee. My peace is paced well and tuned. 


The value added by the security testing of a Test Engineer/SDET and Security Testing specialist is unique and needed. My idea of encouraging and assisting the Test Engineer/SDET to practice Security Testing is much strong and clear now. I will continue to practice Security Testing as a Test Engineer/SDET, and sure I will add my unique values early in the work I do.


I have got the confidence now that if I attend it another time, I won't experience it as repeated to me.  It will be new and unique.


If you can afford and attend this workshop from Rahul Verma, do attend.  It will help to build the fundamentals and mindset needed for the Security Testing and Web Application Security Testing.




Posted by Ravisuriya at 10/04/2020 09:20:00 PM 1 comments
Posted under Labels:

Thursday, October 1, 2020

Workshop Experience: Certified Selenium Engineer

 

This writing is my experience report of workshop Certified Selenium Engineer conducted by Verity Software and Rahul Verma as a trainer.  I could not attend the scheduled workshop, once.  Vinay Baid from Verify Software allowed me to attend the workshop on another date.  I thank him and Verity Software for the help.  In this, conversation, Anil Nahata helped me by coordination and I thank him as well.


Disclaimer

I have not been paid or asked to write this blog post.  I have decided to share my experience and take away from the workshop which I have attended.  I'm doing it, to have my learning experience recorded in brief.  As well, it can help the trainer in a way that her/his workshop will reach more people.


About the workshop

This workshop is on Selenium having the title "Certified Selenium Engineer".  More information about the workshop can be found on the website of Verity Software.  Per my experience, the Verity team is approachable and they coordinate learning the context of workshop attendee.

It was a three days workshop and it was conducted in a hotel at Koramangala, Bengaluru.  Following the workshop, there was a mock test and then a certification test on the third day.  The questions needed thinking to solve and to analyze and choose an answer  Not all questions were straight.

I did not feel the paper as tough.  It engaged me well and made me think.  On understanding the fundamentals well and with the practice that one does in the workshop, the test paper can be easily attempted.


Why did I attend the workshop?

Here are my reasons why I attended this workshop

  • Rahul Verma
  • I see Rahul Verma as a serious and thoughtful practitioner in the Software Testing space
  • Listening to what he has to share in the workshop
    • I know he will not just talk in and around Selenium topics that were mentioned in the workshop details
    • What can I unlearn and learn listening to him?
    • There will more and beyond Selenium, in using Selenium better for sure
      • I needed this; I wanted to listen to this; I wanted to see how he thinks and interprets
  • I said myself do not be biased with words and thoughts of Rahul Verma
    • Think about what he says
    • Interpret on what he says
    • Understand what he says
    • Think what you (Ravisuriya) think
      • I see whatever he spoke in the workshop, it makes very senseful


What I made out of this workshop?


I got what I wanted from the workshop.  I made sure, I make most of it and I was attentive to it.  I share a few of them here:
  • I said myself come with an open mind; forget whatever you know for a while; unlearn and look from a fresh mind
  • I did not open my mouth to talk except for asking questions; I had kept my mind open and attentive
  • I did not like missing any word spoken in the tutorial be it from trainer and attendees
  • Rahul Verma shared beyond Selenium's basics
  • Rahul Verma spoke about Programming in fact and how to use programming for making the best out of a Selenium library
  • Starting with
    • What is the web?
    • How the web works?
    • What the web page is?
    • What is DOM, HTML, CSS?
    • What is an element, tag, attribute, and value in the HTML?
    • What constitutes the browser?
    • What is Selenium?
    • The architecture of Selenium and JSON Wire Protocol
    • Design Patterns and Design Pattern used in Selenium library
    • What is said in the syllabus were covered with examples
      • Not just examples of automation using Selenium
      • But also with an example of what to do and not do - this is a treasure!
      • This is what I want to listen from the practitioner's experience
    • Framework and Test Authoring
  • If I did write everything in detail and how the topics were discussed, it might look like an exaggeration; but it is no exaggeration
  • It has to be experienced at least once from the practitioner's training


My experience and learning


Whatever Rahul Verma spoke it is available in books and web content that talks about Selenium.  The difference is
  • Concepts were said in simple terms
  • Examples shared for the topic spoken were from his work experience
  • Programming - do's and don'ts with each example and concepts
  • Keeping it simple, workable, and learnable
  • If want to be strong in the fundamentals of Selenium, this workshop helps

For the kind of my mindset of learning style and expectation, this workshop from the trainer gave me satisfaction.  I'm happy!


Posted by Ravisuriya at 10/01/2020 12:44:00 AM 0 comments
Posted under Labels:
Subscribe to: Comments (Atom)