OWASP Top 10 2017 RC2 Final has been published

A second release candidate for the list of Most Critical types of vulnerabilities/risks for Web Apps by version of OWASP, has been published recently on their GitHub space.

There was significant changes since the previous OWASP Top 10 2013 list: some threats are not so actual these days, but another ones arose (such as XML External Entity (XXE), Insecure Deserealization, and Insufficient Logging & Monitoring).

The RC2 has Final postfix in its name meaning the document is ready to review and investigation.

Читать далее

Kali Linux 2017.2 Release

A state-of-art Linux build for all those who interested in security testing has been upgraded. For more details, including what’s new and upgrade instructions please proceed the link https://www.kali.org/news/kali-linux-2017-2-release/

Microservice Testing. Introduction.

A good intro by Nathan Peck into Understanding an architecture and quality processes within the projects for microservice apps development.


Another good article is a «Testing Strategies in a Microservice Architecture»:

GUI тесты на Python: Win32 API, MS UI Automation, и немного о будущем

Один из разработчиков Pywinauto рассказывает как с помощью Python и этого фреймворка можно автоматизировать администрирование/тестирование приложений на примере Windows.

Также стоит обратить внимание на YouTube-канал Академии Яндекса «Тестирование«, там много интересных и полезных видео по теме.

Quick start with Jupyter Notebook

Jupyter Notebook is an open-source web application that allows you to create and share documents that contain live code, equations, visualizations and explanations. In fact, it’s an interactive IDE, allowing you to share your work with anyone, collaborate and review your Python code.

It’s a web-based tool, though you can run it on your local machine (just as I do). You could check how it works by opening and running through any so called notebook (a page file with .ipynb extension, at the Jupyter Project site https://try.jupyter.org/

Running your local Jupyter instance is pretty simple. After installation, just open command line in directory were you’d like to store/open your .ipynb files and hit command:

jupyter notebook

That’s it! A browser page «http://localhost:8888/tree» will shortly pop up displaying your own Jupyter local instance and you’re ready to rock.

Jupyter is widely used in Machine Learning and Data Science areas as it has not only great UI and store your computations as if you’d have in paper notebook, but also data cleaning and transformation, numerical simulation, statistical modeling, etc.

I use it to run scikit-learn, pandas, numpy and matplotlib libraries, all great for the Data Mining/Analysis and Machine Learning tasks.

Here is also «A gallery of interesting Jupyter Notebooks«, worth to visit and check it out to see loads of the examples where Jupyter Notebook can be useful.

Pluralsight — получаем бесплатный аккаунт и скачиваем видео

Pluralsight — отличный видеосервис для изучения программирования, разных связанных с ИТ и не только направлений. Его отличает от других площадок большое количество качественного контента, удобный интерфейс и даже возможность получения консультаций от тренеров.

Но есть проблема — доступ платный, подписка на год стоит 299$, для многих это серьёзная сумма!

К счастью, можно получить доступ бесплатно на 3 месяца. А далее вы сами решите, нужно ли оно вам.

Читать далее

Announce for OnlineTestConf Spring 2017

Yet another interesting free online conference is upcoming! Here is some details about. It’s 2 day online-only conf which has some of the topics to discuss. You may overview the schedule at the following page: http://www.onlinetestconf.com/program/ It’s worthwhile to make some list of the classes you want to visit, so not hang on whilst boring ones is going on.

Some of the topics I’m going to visit:

  • 101 For Building The Right Mobile Test Lab For Your Business
  • Contributing to GitHub is for Everyone
  • Opening Keynote: Testing and AI
  • Crowd Testing Magic
  • Testing Challenges in the Highly Interconnected World of IOT

Event Time: Tue, June 13 (10:00am–3:00pm) and Wed, June 14 (10:00am–3:00pm).
Times presented are in (EDT) Eastern US timezone.
Event Registration: Free. Use this link to register

Announce for online StarEast Virtual Conf 2017

STAREAST Virtual conference on software testing and QA will be streaming live on Wednesday, May 10 and Thursday, May 11 straight to your computer or mobile device from the live event in Orlando, Florida.

Your virtual conference registration is completely free and streams keynote presentations, live interviews, and industry technical presentations, so you’ll get a taste of what it’s like at the actual event. Plus, you can learn about top industry testing solutions all from the comfort of your home or office. See full schedule here.

Event Time: Wed, May 10 (8:30am–5:30pm ET) and Thur, May 11 (8:30am–5:30pm ET)
Event Registration: Free. Use this link to register

dirsearch — поиск скрытых директорий

Тип: python-скрипт
Назначение: веб-кроулер, поиск скрытых директорий и файлов​
Страница проекта: https://github.com/maurosoria/dirsearch
Входит в Kali Linux: нет (в 4.8.0, возможно в будущих редакциях включат)

Плюсы: легко поставить, простой в использовании, мультиплатформенный в силу того что это Python. Кроме того, автором заявлено:
— Multithreaded
— Keep alive connections
— Support for multiple extensions (-e|—extensions asp,php)
— Reporting (plain text, JSON)
— Heuristically detects invalid web pages
— Recursive brute forcing
— HTTP proxy support
— User agent randomization
— Batch processing
Минусы: результат сильно зависит от словарей, по которым работает сканер (словари в Kali лежат в /usr/share/dirb/wordlists/)

Читать далее