Chronicles Of Testing

WINJA - An all women’s Capture The Flag (CTF) event arranged at NULLCON 2015 by Sneha Rajguru, Apoorva Giri and Shruthi Kamath was a well organized and well run event. The event attracted enthusiastic participants from across India, some of them were already regulars at the null chapters in their respective cities. Wondering what or who a WINJA is? It is an on-site hacking simulated competition at nullcon where individuals attempt to attack and defend computers and networks using certain software and network structures. http://nullcon.net/website/goa-15/ctf.php#winja Women Ninja at NullCon 3 groups were distributed with vulnerable systems and asked to crack the challenges. Below are some of the challenges presented to the participants. Missing function level Command execution SQL Injection IDOR Spoofing Referer Reflective XSS Sensitive data exposure File upload Stored XSS CSRF Participants were grouped into three teams consisting o...

Venue - HasGeek Date - 17th January 2015 Apoorva Giri and Shruthi Kamath, two Information security enthusiasts conducted a workshop on Web Application Security and Network Security at the HasGeek house recently. It was a woman only event held as an initiative to introduce more women to the InfoSec arena. This event was held in association with HasGeek , at the HasGeek house, Bengaluru. The workshop covered basics of Web App Security and Network Security. The participants worked along with the instructors in the hands-on session alongside Apoorva and Shruthi. Normally the webinars and the talks that I had attended earlier dived right into hacking, ransack a web app and put the network team to shame in public by showcasing the vulnerabilities. The experience at this workshop was refreshingly different. And how? The organizers guided the participants in the following activities: → downloading and installing Kali Linux and metasploitable on Oracle VM VirtualBo...