#AskRaghav 

More to come!

Most welcome Zuzana

As soon as possible Pramod

Sure, thanks for watching

Most welcome Biswajit

Most welcome Umer

Always welcome

thanks for watching

Most welcome Amiya

Sure I will add more

Most welcome

Always welcome Trupti

Hi Vinod, can check here under API Testing section - automationstepbystep.com/

Noted Jayanta

Thanks for watching Saqlain

Hi Purna, as of now this is the only session, I will plan to have more sessions on this topic

@@RaghavPal Thank You for the response. I found the session useful and asked!

Hi Nero, The job prospects for a pentester and an automation engineer both vary depending on several factors, including the specific industry, location, and the current demand for each role. In general, pentesting (or penetration testing) is a specialized field within cybersecurity that involves simulating a real-world attack on a system to identify vulnerabilities. As the number of cyber threats continues to grow, the demand for skilled pentesters is likely to increase. On the other hand, automation engineers are responsible for developing and maintaining automation systems to improve efficiency and reduce manual work. With the growing demand for automation and digital transformation across various industries, the demand for automation engineers is also expected to increase. Both pentesters and automation engineers have good job prospects, but the specific demand for each role can vary depending on various factors. It's important to consider your skills, interests, and experience when deciding between the two fields

@@RaghavPal it’s amazing how you make time to give clear and detailed replies. Thanks a lot

Yes, definitely

Hi Saiteja, Security testing has good scope, If you can develop yourself as an expert in this field and can provide real world solutions, there will be a lot of opportunities

Thanks Anum

Hi Jagdish, it comes under non-functional testing, in case you are following DevSecOps, it will be a part of the process

Hi Shijon, we usually take help from code coverage tools that have the option for instrumentation. Not very sure if that works the same way for security testing, Will check on this

@@RaghavPal thanks

Hi Sai, if you need to learn specific on Postman, can check this - www.optiv.com/explore-optiv-insights/blog/getting-started-postman-api-security-testing-part-1

Not as of now, can find all my courses here - automationstepbystep.com/

Hi, in what ways do you feel this, Do you think your work is not considered important or is there any communication challenges

@@RaghavPal Thank you so much for replying , So, I have automated UI tests and also implemented API and Load testing,I have also integrated it to the build pipelines, Those build pipelines are created by me only so currently in the project they are not following proper CI and CD, and when I raise my concern of implementing the new things into CI and CD , First thing they are not at all interested they are used to work like they were working earlier.

Okay, you can showcase them how the new system will help, try to convince, If you feel there is no use, can try for a switch

@@RaghavPal thanks you for the advice

Not strictly required, but can help

I will plan on this, but can take some time. Meanwhile can let me know the specific topics you need

CSFR and XSS of security testing

okay I will plan on this

Hi Balaji, I will plan to do a session

Thanks for watching Kaloyan

Hi Harmeet, can depend on factors like Free or Paid What all integrations do you need Community support etc

@@RaghavPal just require test case management and export and import feature with community edition

CAn check this www.codeinwp.com/blog/free-jira-alternatives/

can get help here - www.newtonschool.co/

@@RaghavPal sir , it is for full stack developer course

No, they just help in placements

Nirali While it doesn't always require coding, having some coding skills can significantly enhance your effectiveness as a security tester. Let's explore this further: 1. Manual Security Testing: - Manual security testing involves analyzing an application for vulnerabilities without using automated tools. - It doesn't necessarily require coding skills, but understanding security concepts and attack vectors is essential. - Examples of manual security testing include: - Threat modeling: Identifying potential threats and risks. - Code review: Analyzing source code for security flaws. - Penetration testing: Actively probing an application for vulnerabilities. 2. Automated Security Testing: - Automated tools play a vital role in security testing. These tools help identify vulnerabilities efficiently. - Some popular security testing tools include: - OWASP ZAP: An open-source web application security scanner. - Nessus: A vulnerability scanner. - Burp Suite: Used for web application security testing. - While using these tools, you'll need to understand their configuration, interpret results, and possibly customize scripts or rules. 3. Coding Skills for Security Testing: - Having coding skills allows you to: - Write custom scripts: For specific security tests or scenarios. - Automate repetitive tasks: Such as sending payloads, analyzing responses, or fuzzing inputs. - Integrate security testing into CI/CD pipelines: By writing scripts or using existing tools. - Understand security libraries and frameworks: For secure coding practices. - Common languages for security testing include Python, JavaScript, and Bash. 4. Examples of Coding in Security Testing: - SQL Injection Testing: - You'll need to craft malicious SQL queries to test if an application is vulnerable. - Example (Python): ```python payload = "' OR '1'='1" # Send payload to input fields and check for SQL errors ``` - Cross-Site Scripting (XSS) Testing: - Writing JavaScript payloads to inject into input fields or URLs. - Example (JavaScript): ```javascript alert('XSS!'); ``` 5. Learning Resources: - Explore online tutorials, blogs, and courses related to security testing. - Practice on intentionally vulnerable applications (e.g., OWASP Juice Shop). - Join security communities and forums to learn from others. In summary, while coding isn't always mandatory for security testing, having coding skills empowers you to perform more comprehensive and efficient security assessments --

I will plan