https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Narayan+KoiralaOWASP - User contributions [en]2026-05-09T13:03:21ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Talk:Nepal&diff=134941Talk:Nepal2012-08-28T15:27:07Z<p>Narayan Koirala: /* Importance of Dedicated QA Team for ensuring Web App Security */ new section</p>
<hr />
<div>== Tools and techniques that we use for checking the security level of web apps that we build. ==<br />
<br />
Lets share what we use<br />
<br />
Code Inspector<br />
Vulnerability Scanner<br />
<br />
== Importance of Dedicated QA Team for ensuring Web App Security ==<br />
<br />
I have raised this topic as there are few companies that are comited to ensuring the security of their web applications<br />
<br />
What are the problems in Nepal regarding setup of security sqard<br />
Training houses<br />
idea about security threats</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=Talk:Nepal&diff=134940Talk:Nepal2012-08-28T15:18:41Z<p>Narayan Koirala: </p>
<hr />
<div>== Tools and techniques that we use for checking the security level of web apps that we build. ==<br />
<br />
Lets share what we use<br />
<br />
Code Inspector<br />
Vulnerability Scanner</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=Nepal&diff=134939Nepal2012-08-28T15:15:24Z<p>Narayan Koirala: </p>
<hr />
<div>OWASP Nepal a local chapter of OWASP for Nepal. Here we can discuss on any topic , share tools and techniques related to web app security. Another purpose of creating this page is to bring the people working in web app security together.<br />
<br />
So lets get together and move for securing web applications..<br />
<br />
We have created a group and page in facebook for better communication and better knowledge sharing<br />
facebook group :- https://www.facebook.com/groups/owasp.nepal <br />
and a facebook page :- https://www.facebook.com/OWASPNepal<br />
<br />
<br />
{{Chapter Template|chaptername=Nepal|extra=The chapter leader is [mailto:Bhupal.sapkota@owasp.org Bhupal Sapkota]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Nepal|emailarchives=http://lists.owasp.org/pipermail/owasp-Nepal}}<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category: Asia]]</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=Nepal&diff=134938Nepal2012-08-28T15:13:33Z<p>Narayan Koirala: </p>
<hr />
<div>OWASP Nepal a local chapter of OWASP for Nepal. Here we can discuss on any topic , share tools and techniques related to web app security. Another purpose of creating this page is to bring the people working in web app security together.<br />
<br />
So lets get together and move for securing web applications..<br />
<br />
We have created a facebook group :- https://www.facebook.com/groups/owasp.nepal<br />
and a facebook page :- https://www.facebook.com/OWASPNepal<br />
<br />
<br />
{{Chapter Template|chaptername=Nepal|extra=The chapter leader is [mailto:Bhupal.sapkota@owasp.org Bhupal Sapkota]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Nepal|emailarchives=http://lists.owasp.org/pipermail/owasp-Nepal}}<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category: Asia]]</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=Talk:Nepal&diff=134773Talk:Nepal2012-08-27T05:20:43Z<p>Narayan Koirala: Tools and techniques that we use for checking the security level of web apps that we build.</p>
<hr />
<div>== Tools and techniques that we use for checking the security level of web apps that we build. ==<br />
<br />
Lets share what we use</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=Nepal&diff=134772Nepal2012-08-27T05:11:44Z<p>Narayan Koirala: </p>
<hr />
<div>OWASP Nepal a local chapter of OWASP for Nepal. Here we can discuss on any topic , share tools and techniques related to web app security. Another purpose of creating this page is to bring the people working in web app security together.<br />
<br />
So lets get together and move for securing web applications..<br />
<br />
<br />
{{Chapter Template|chaptername=Nepal|extra=The chapter leader is [mailto:Bhupal.sapkota@owasp.org Bhupal Sapkota]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Nepal|emailarchives=http://lists.owasp.org/pipermail/owasp-Nepal}}<br />
<br />
== Local News ==<br />
<br />
'''Meeting Location'''<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category: Asia]]</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=User:Narayan_Koirala&diff=134771User:Narayan Koirala2012-08-27T04:23:13Z<p>Narayan Koirala: </p>
<hr />
<div>Software Engineer and Software Quality Assurance Enthusiast. I am working as Software Quality Assurance Incharge at Braindigit IT Solutions Pvt. Ltd. Nepal<br />
<br />
Find discussions and topics i have shared. Hope to get feed backs and comments from you all.<br />
<br />
You can get me@<br />
<br />
Twitter :- https://twitter.com/narainko<br />
LinkedIn :- http://np.linkedin.com/pub/er-narayan-koirala/12/538/959<br />
Facebook :- https://www.facebook.com/narainko</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=User:Narayan_Koirala&diff=134763User:Narayan Koirala2012-08-26T09:36:56Z<p>Narayan Koirala: </p>
<hr />
<div>Software Engineer and Software Quality Assurance Enthusiast. I am working as Software Quality Assurance Incharge at Braindigit IT Solutions Pvt. Ltd. Nepal<br />
<br />
Find discussions and topics i have shared. Hope to get feed backs and comments from you all.</div>Narayan Koiralahttps://wiki.owasp.org/index.php?title=User_talk:Narayan_Koirala&diff=134762User talk:Narayan Koirala2012-08-26T09:35:16Z<p>Narayan Koirala: /* Understanding False Positive and False Negative */ new section</p>
<hr />
<div>'''Welcome to ''OWASP''!'''<br />
We hope you will contribute much and well.<br />
You will probably want to read the [[Help:Contents|help pages]].<br />
Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 19:12, 14 August 2012 (UTC)<br />
<br />
== Understanding False Positive and False Negative ==<br />
<br />
False positive and False negative are two terms that we should know and be careful about at all times during software testing. Basically <br />
Both of these are harmful but false negative is more dangerous.These both can be found in both Manual Testing or Automated testing. In brief<br />
<br />
'''False positive:-'''<br />
Test is marked as failed even in reality it is passed, or the functionality works properly<br />
<br />
[[How it can occur]] :-It occurs when a test engineer(during manual testing) reports a bug to correctly working function due to mistake or negligence. Similarly in case of automated testing the test tool may report an "SQL Injection vulnerability" where SQL injection is not possible at all.or a load testing tool may report the failure of loading sites even the hit is from just 50 virtual users(during a test on real users of 50 if it passes), which actually may be false. <br />
<br />
[[Problems due to false positive]]:- This can lead the Senior test engineer who is responsible for verification to confusion or adds a extra burden to check at different levels, or even if the bug is submitted to developer for fix, he/she may be irritated for reporting bug to the function that has no problem and works correctly. Which leads conflicts and may work as a barrier in healthy relation between test engineers or test engineers and developers which is never good for and organization.<br />
<br />
How to Handel False Positives:- In manual testing:- Verification of test system before submitting<br />
Ensure revision to test or verification by higher personal ( senior test engineer)<br />
In Automated Testing:-Review the report properly.<br />
Check each bugs reported by tool manually for conformation<br />
<br />
<br />
'''False Negative:-''' <br />
Test is marked as passed even in reality it is failed or there is some problem in functionality or there is a bug <br />
<br />
[[How it can occur]] :- In manual testing the function to be tested where there is a bug may be missed due to various reasons, or the function may be working correctly during first iteration and due to some other fixes the function may not be working correctly now.<br />
In case of automated testing the tool may miss the path to test the functionality, due to which a vulnerable system may be marked as passed, or in some cases it may not detect it in its test too.<br />
<br />
[[Problems due to false negatives]]:- False negatives are more dangerous than false positives because it can lead to sever problem after the software is released or in case of web apps the site may be hacked or user data may be compromised.<br />
<br />
<br />
<br />
How to Handel False Negatives:- In manual testing:- Ensure better test environment, test plan and cases for testing<br />
Add a process of verification by senior test engineer so he many find the hidden bugs.<br />
In Automated Testing:-Do not trust on every tool you use blindly<br />
Understand there may be some techniques to reduce the false negatives such as "[[Acusensor technology used by Acunetix]]"<br />
<br />
<br />
lastly do not trust manual testing alone or Automated testing alone, Go for both testing one after another so that you are petty sure there are no false positives or false negatives in the system.<br />
<br />
"Happy Testing !!!"</div>Narayan Koirala