Tuesday, 15 May 2018

On Hacking and Being Hacked

TLDR; If you self-host a Wordpress site, make sure you can restore from backups and check your site using wpscan and other tools regularly.

Is it irony or synchronicity when you learn hacking in more detail and end up being hacked.

Lessons learned from a WordPress hacking challenge and having your WordPress site hacked.


Wednesday, 9 May 2018

Protect The Square and Buggy Games

TLDR; Some games are not meant to be played, they are meant to be played with.

I recently released “Protect The Square”, which according to my version control system I wrote on 2nd May 2016. I had forgotten about it.

I found it again a few days ago and decided to release it as the technical exploration exercise it was intended for.



Tuesday, 8 May 2018

On CounterString Algorithms

TLDR; Reverse counterstrings are easier to generate. Creating same output forward is harder but might be useful for streaming or files.

I assume everyone has heard of and used CounterStrings. I came across them because James Bach wrote about them and created the perlclip tool to generate them.

*3*5*7*9*12*15*

Over the years I’ve written a few utilities for generating CounterStrings for a variety of platforms. I had to implement them in Excel once because we weren’t allowed to install any test tools.

Fortunately, with Excel we had VBA and could write anything we wanted.

I’ll describe the steps I’ve taken to create a Predictive Forward CounterString Algorithm.

Friday, 4 May 2018

When Management Systems Restrict Testing - Crowdsourced Functional and Security Testing Mismatch

TLDR; Too many scope and reporting restrictions on testing attenuates both noise and signal.

I’ve tried a few crowdsourced testing environments - as a tester.

And I’ve tried a few crowdsourced security testing bug bounty environments - as a security researcher.

Unfortunately, both of these environments create a management system that limits the defects that can be raised.

i.e.
  • when taking part in a BugBounty - functional defects are out of scope.
  • When taking part in a crowdsource testing project - so many defect categories are out of scope
If I was a company outsourcing to these programs, I would view that as a risk.

Thursday, 3 May 2018

The Evil Tester Show - Episode 005 - Rejection

TLDR; Everyone experiences rejection. We need strategies for how we respond to it.

The Evil Tester Show Episode 005 covers the topic of Rejection and strategies of how you can cope with it.

Thursday, 26 April 2018

A Compendium of Testing Apps

TLDR; A Compendium of Testing Apps rebadged, re-packaged, new repository, more apps, including REST API testing.

I bundled up a bunch of web pages into a testing app. I have now restructured the code for that application and added in a REST API Test application as well.

I’ve also moved the code to a new repo to make it easier to download. You can find the “Evil Tester’s Compendium of Testing Apps” at
And download from the releases page

Thursday, 12 April 2018

How to use the Source Code for the Book Automating and Testing a REST API

TLDR; download the source from github, open in IntelliJ and amend the IP address, username and password of the VM installed admin user.

I recently realised that I didn’t have a video showing how to download and use the source code for the book Automating and Testing a REST API

Rectified. Now I do.


>