Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Web and mobile security workshop workbook v1 - by santhosh tuppad

The document consists of various exercises that also includes Social Engineering. These exercises will help you trigger the ideas in your brain and also use the power of imagination to get better at Security.

  • Soyez le premier à commenter

Web and mobile security workshop workbook v1 - by santhosh tuppad

  1. 1. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD SECURITY - WORKSHOP WORKBOOK Twitter: ​https://twitter.com/santhoshst/ LinkedIn: ​https://www.linkedin.com/in/santhosh-tuppad-338b7412/ These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  2. 2. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE01​​ → Your enemy resides in a different country and you want to spy on all his activities on his computer More context: // He connects to internet to check his email // He uses anti-virus that is a free edition // He is attracted to piracy and porn Write down your approach or your thoughts about gaining access to his every bit of data on his computer. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  3. 3. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE02 → You want to know the IP address of a target and you need to know this without the knowledge of the target. More context: // Target is available on social media platform. That’s twitter. // Target likes freebies These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  4. 4. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #SE03 ​​→ You need to get into a physical infrastructure of a multinational company. The company entrance has a security guard and if you bypass him through social engineering, you can accomplish your goal. What are your ideas to get through the security guard? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  5. 5. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX01​​ → Your job is to help the customer with the 5 good security questions and 5 bad security questions. Please list down. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  6. 6. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX02​​ → Identify the possible threats in your company. These can be notorious developers, rogue insiders, employees who hold grudge and so on. Also, list down reasons why you think they are threat to your company. Basically, identify ​threat agents or threat drivers​​. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  7. 7. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD #EX03 →→ Passive Reconnaissance →→ ​​You have been assigned a task to gather information or do a passive recon for ​http://tuppad.com/ Gather information as much as you can and list down the highlights about your exploration. These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  8. 8. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX04​​ → Develop a functional design / algorithm for ​forgot password​​ feature in web application. Your goal is to help the customer achieve secure enough forgot password feature. More context: // application type: food delivery / ecommerce // email address is used as a username These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  9. 9. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX05​​ → What’s the best password according to you and why? apple@123 aaaaaa@0 RomaniaIsBeautiful ILoveClujOnMilkyWay 19199919 0989 These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  10. 10. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX06​​ → Username enumeration attack → Which of the below error message is secure enough and why are others not good enough? Invalid username / password The username entered is incorrect. Please retry! Username and password are both incorrect. Try again! The password entered for username Santhosh is incorrect. (Wordpress way) Incorrect credentials These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.
  11. 11. WEB AND MOBILE SECURITY WORKSHOP BY SANTHOSH TUPPAD EX07​​ → Your task is to stop the bots from cracking the username and password in the login form. And also stop the human employed bots to stop manual brute-force attack. As a security consultant, what suggestions would you like to give in order to secure login form against brute force attacks? These exercises are crafted only for the participants of the workshop by Santhosh Tuppad. Kindly do not redistribute them without the permission.

×