So this was our first AMA session and how awesome it was! We were hosting Santhosh Tuppad wherein He was answering questions on the Topic “Learning about ‘Learning Security Testing'” and our Tribe simply loved it.

It was a Facebook Live AMA within The Test Tribe group and as promised we are making it available to everyone.

Before you start watching the video, you may want to have a look at most of the questions which Santhosh answered during the AMA:

-Do we need to inform the organization before attempting an Ethical Hack? Is it risk-free to do so without their consent?

-Which is the safest encryption/encoding technique to safeguard your password? Is there anything better than SALT or base64 which can prevent the hack.

-Which open source security testing tools would you recommend based on your experience and ease of usage.

-How does one proclaim himself be a white hat or grey hat hacker? Are there some certification or conditions that ones need to qualify to?

-As a manual tester, from where I can start to learn security testing.?

-As a beginner, if someone wants to practice individual attacks they are learning, where can they practice those? Apart from OWASP released apps like webgoat.

-What should be the roadmap to learn Security Testing?

-How did you start with Security Testing and what are your crucial lessons learned during the journey?

-What certification can we do for Security Testing and how much will it help?

-What books do you recommend to read at different levels of becoming a Security Tester?

-What are the key factors to consider while choosing between #OWASPZAP and #BurpSuite for Automating Security Tests based on Selenium?

-How far does it help when we know a programming language and start learning security testing? Does it really help?

-I have read that being a bug bounty Hunter and being a security researcher are two different things… How different it is ?? If it is really different then how can we choose between the two, given that I’m a newbie and looking forward to making my career in it?

-Practically in today’s Industry, there is a lot of hype of security testing, automation etc and not that of a human tester (manual tester).
So on a career side, is it safe to be a human tester? And also can you share some basic tips to catch security threats in a web application, which can be covered in our day to day testing.

-What level of programming expertise is required for a beginner who is looking forward to starting security testing?

-Do you have a preferred MOOC(s) to kick off learning Security Testing?

-Which are the tools to test the security of an application?

There were questions asked during a Live session as well which we are not documenting here.

Hope you enjoy the session. Cheers!


The Test Tribe Team