How to become a successful web penetration tester

[mozfest-bot]

[ UUID ] 2ce1ab01-aa85-4944-afe6-fba72d85ce18

[ Session Name ] How to become a successful web penetration tester [ Primary Space ] Privacy and Security

[ Submitter's Name ] Mehidia Tania [ Submitter's Affiliated Organisation ] BugBountyPOC [ Submitter's Github ] @Afrinrahman15

[ Additional facilitators ] Behroz Alam

What will happen in your session?

My primary teaching in the sessions includes: 1) High level knowledge regarding web penetration testing and why it is essential in today's world 2) Introduction of OWASP Top 10 and description of each current Top 10 vulnerability 3) Example of client side and server side vulnerabilities 4) Layers associated with the security of web server 5) Injection attacks (primary focus on SQL Injection) 6) Ways to find bug's in bounty programs and where to start 7) Explanation of what is bug bounty programs and why it is center of attention nowadays 8) Example of own bug bounty rewards and my experience regarding whic vulnerabilities i found

What is the goal or outcome of your session?

The outcome of my session would be to let audience know regarding the change of trend in computer's world and the essential need of computer security. the audience will understand the importance, pros and cons associated with computer security. The audience will hae a deeper understanding of bug bounty programs, web security , OWASP TOP 10 and how to get involved with bug bounty programs. The goal is to increase the knowledge of audience regarding bug bounties and take there knowledge to brand new level so that they can think out of the box while trying to penetrate web applications for bug bounty programs

If your session requires additional materials or electronic equipment, please outline your needs.

Well me and my partner will bring our personal smartphone and laptop all we need a projector and office supplies (paper, pens, post it notes)

Time needed

less than 60 mins

[afrinrahman15]

any update please ? @bunnybooboo

[bunnybooboo]

Thanks for reaching out @afrinrahman15 👋

Good news is that your proposal is currently in consideration. I liked this a lot actually. We still have WAY too many being deliberated upon. Around 100. It's really frustrating as what we have left are all so good! Yours too.

Anyway a couple of questions:

• the team felt your session might be a little ambitious. Have you tested this talk already? When you hold a session you will also not have the option of amplification with a microphone, and all of us together can make Ravensbourne acoustically noisy. I've got a voice like a foghorn for starters!
• Also the audience can't be assumed to be highly technical. Is this a factor you've considered? Would someone totally new to Privacy and Security on the day itself be engaged by your content?
• We tend to shy away from traditional talks at Mozfest, and this absolutely a challenge in the Privacy and Security space. The challenge of technology education and simultaneously: participatory, purposeful, and productive. It's the participatory factor in this session that currently is not there. Do you have ideas of how you could bring in some element of interactivity with participants? Mozfest can be huge fun and creative!
• on to stipends.. still around half of the sessions we're considering have asked for access to the stipend. Unfortunately it looks like some will be refused on this element alone. Is this the only way you can consider coming? If you have any other routes of funding available to you, now's the time to call on them.

[afrinrahman15]

Thanks for your reply ! @bunnybooboo Extremely sorry for late reply i was little bit sick! anywys here is your questions reply ...

• I’ve experience in conducting sessions in the field of computer science though I am conducting a session in the field of information security and privacy for the first time. I have into this field for more than 5 years and have experience in bug bounty programs as well. As I told you I’ve experience in conducting different sessions therefore noises and sounds can be handled properly in the session.

  • I am assuming there might be three types of audience. Non technical, partially technical (software developer not having knowledge about information security), technical (experience in information security). I am targeting all of these audiences. As my lecture is not super-technical and I’m starting my session from the very basics of information security and privacy therefore none of these audiences will face any confusion regarding my session. It is necessary nowadays to know about information security and privacy because world is moving towards IoT (Internet of things).

• I will try to make my session as interactive as possible and would take experiences from the audiences as well. I’m also planning to conduct Catch-the-flag (CTF) in the end of my session, which will make this overall session interactive and interesting for my audience.

• The only way I can attend Mozfest is through the access to stipend, I would like to have this opportunity given to me as I want to be a part of Mozfest. I am looking forward to it, Thank-you

[bunnybooboo]

Ugh I hope you're feeling stronger every day @afrinrahman15!

Thank you so much for that additional information. We'll loop it into our considerations. Some of our team are unavailable this week, so please excuse any sense of extended waiting before we provide further news. We're in the home stretch!

[afrinrahman15]

Yeah I am ok now :) and thank you for your reply also hoping for a positive reply @bunnybooboo .

[afrinrahman15]

any update please @bunnybooboo

[bunnybooboo]

I'm sorry to have to inform you, your proposal did not make it to our draft P&S space schedule. Unlocking for consideration from other teams.

[afrinrahman15]

ok thank you :)

[mozfest-bot]

Thank you for taking the time to submit a session to MozFest. Due to the high level of submissions, we’re unable to accept all proposals and unfortunately, your session was not part of the final group.

Thank you for taking the time to submit and we will follow up on email very soon.