Daily Learning - 63

Date: 27th July 2017

Follow Hashtag: #SKC100DaysofLearning

Topic: API Testing

  1. PayLoads

  • What is a Payload
  • What is a Payload in Web Page
  • What is a Payload in Web APIs
      2. JSON / XML Formats 
  • What is JSON.
  • What is the representation of JSON Code.
  • What is XML.
  • What is the representation of XML Code.

Posted in | Leave a comment Location: Mysuru, Karnataka, India

Daily Learning - Day 62

Date: 26th July 2017

Follow Hashtag: #SKC100DaysofLearning

Topic: Security Testing

Webinar Notes:  Create a custom security strategy for your organisation by PluralSight

Access the Risk:

  2. DREAD
  3. Third Party Assessments

Prioritize the Risk:
1. Penetration and Vulnerability


2. Indepedent Certification

3. Training & Awareness

  • Basic training is important for members in organisation.
  • Basic security courses needs to be provided to team members as awareness.

4. Focus

  • As organisation, OPS Team should be developed as a team to focus only on security.
  • And aligns with company culture, business strategy. [CSO - Chief Security Officer]
  • Is your Executive team focus on security.


  • ISO 
  • NIST
  • ITIL
  • TOGAF - Total Group Architecture Foundation 

Security Risk Score:

  • Risk Management & Oversight
  • Security Monitoring
  • Threat & Vulnerability Management
  • Security Controls
This helps to focus on a Security Road Map. Continue to evaluate and make adjustments to plan.

Things to look for in your systems:

1. Changes to state events

  •  CPU Usage
  •  Disk Space
  •  Network Utilisation
  •  Log events and size

2.  Customer Support Issues

  • Have basic training on customer issues and whom they need to redirect the issues to

3. Malicious Traffic

4. Acceptable Use Violations

5. Intrusion Detection Systems



  • Information Security Team
  • Legal 
  • Support
  • Communications /Marketing Team


  • Detection and Discovery
  • Analysis and Assessment
  • Risk Mitigation Strategy
  • Escalation Process, Communication within the team/rest of team.

3. Communication Process

  • What Constitutes a breach that requires external communication
  • Who should be Notified - Customers/Public
  • Who communicates Externally 
  • What channels to communicate by
  • Communications

4. Maintain Incident Response Records

  • What 
  • When
  • Where
  • Who detected, escalated and responded

Finally Some Advice:

  • Disclose Early, Leverage Social Media
  • Protect Accounts Immediately
  • Be clear, Honest, Lead with the Facts
  • Be Specific.
  • Explain what actually happened
  • Keep Customers Updated.
  • Apologise

1. SSCP : Jason Helmick
2. Web security & OWASP - Troy hunt
3. Enterprise Security: Policies, Practices & Procedures - Dale Meredith
4. Tesla Security Vulnerability Reporting Policy
5. Owasp.org

Posted in | Leave a comment Location: Mysuru, Karnataka, India

Daily Learning - Day 61

Date: 22nd July 2017

Follow Hashtag: #SKC100DaysofLearning

Topic: API Testing

■ HTTP Status Codes.
■ HTTP Response Format

♤ New Version of Postman v5 - solved the Bug reported exporting the result to json format.

Posted in | Leave a comment Location: Mysuru, Karnataka, India