jump to navigation

An amazing tool to test penetration on your application called Metasploit Framework July 21, 2011

Posted by shripal shah in Automation Testing, Software Testing.
Tags: , , , , , ,
add a comment

The Metasploit Framework (Msf) is a free, open source penetration testing solution developed by the open source community and Rapid7. I used this recently and found it very interesting to use. I also found a very good post by Karthik R who is a member of the NULL community. Karthik completed his training for EC-council CEH in December 2010, and is at present pursuing his final year of B.Tech in Information Technology, from National Institute of Technology, Surathkal.

Some of the useful terms you should be knowing before thinking of similar tool are; Vulnerability: A weakness in the target system, through which penetration can successfully occur.

Exploit: Once a vulnerability is known, an attacker takes advantage of it, and breaks into the system using a code/script known as an exploit.

Payload: This is a set of tasks initiated by the attacker subsequent to an exploit, in order to maintain access to the compromised system.

I am sure that in current world, its highly important to keep your product secure. I have faced hackers on one of my associates sites recently and Metasploit really helped me to understand the issues.

Thanks to Karthik on this post which will help many users around.

Few important tips on communication April 30, 2010

Posted by shripal shah in Day to Day life & learnings.
Tags: , , , , ,
add a comment

I learn few important tips on communication during a presales with one of my client and would love to share the incident with you all.

Leader has to be listener – We had a long chat/call on few occasions understanding the requirements, I kept on listening/acknowledging the inputs from client while noting down the important points as and when needed. I started asking questions at the end of the sessions only. This was applaud by my Client a big way, we benefited by saving on time as 30% of my initial questions were any way answered by further inputs from client. I kept on understanding the deepest part till the last moment and finally asked question which gave a solid impression about my understanding. Have I been asking questions on every instance of doubt created during conversion, I would have failed to gain the respect which I acclaimed well before conversation ended.

Showing up on time and fulfilling the commitments – for all the meetings I was up online at-least 3-5 minutes before the meeting time, stayed well prepared. It helped me in ensuring that we value time of all participants.

In one of the instance I was supposed to provide an online demo of existing application, however the demo was not ready. I recorded a video of existing application, did tweaks on the name of products, hiding certain images (as the application was under NDA) and posted over to my site’s video player for client to watch.

I committed to show up an online application – though I failed there -  I ensured that client gets feel of what we had developed via Video. It tool almost 3 hours to generate this video to ensure that all legal matters are taken care along with facilitating this new client. This investment was highly welcomed by client and they were impressed with

1. Arranging the video in time 2. Our sense of Data security.

Client’s team started being so opened to us that we discussed various other business topics along with this project, including their hosting plan.

There are many things to share but would take over to next post.

Meanwhile there are few more tips from some one whom I read regularly, might be helpful;

11 Things Project Managers & Leaders Should Never Do by Tanmay Vora @ QAspire.com/blog

What NOT to do in Customer Service 7 Tanmay Vora @ QAspire.com/blog

The Listening Leader by Cris Witt

Follow

Get every new post delivered to your Inbox.