Iot Hack Day Hyderabad | July 2016

        This is the first 24 hours Iot Hackathon event in Hyderabad which happened on 23 and 24 of july as usual again one of the productive hackathons ever had this time we volunteered, played hacked and had fun . Event is held at Progress software office one of the best work places and software company in Hyderabad . It started with the presentation of Iot and its Future also security related issues for Iot by Kalyan .

After the presentation we were supposed to work on our ideas or the basic theme provided is Smart Cities so we started working on Raspberrry Pi as am very new to the Pi i learned how to install Os

 

 and setup GUI for Raspberry we did it very quickly and started working on our idea basically we are volunteering too so what we did is we played with Pi rather than our idea during this process me and other Mozillians sudharshan and Deepak started experimenting with Pi these are the things we did initially

• Setting up  a Raspberry Pi
• Display LED light (ON/OFF)
•  Displayed with Mozilla Hyderabad on LCD
• Worked with Twitter Api

we done live tweeting using Twitter APi  and the reference hashtag is #MozillaHyd when ever some tweet with that Hashtag the tweet gets displayed in the console with the profile name too we also worked with Re-tweets too . below is the video live tweeting

             The whole community is actively involved in helping out the participants by fixing their problems and learning from them. Kalyan and Harsha Bandaru helped few of them and we helped others this way the whole community shared their knowledge with the participants.

 At the end we announced the winners and runners of the event. And the Winner is awarded with the Mozilla Flame Device and awarded by Managing director of Progress Software this is followed by  speeches from the guests of the event .

Photos Coming soon the above were taken using our Mobiles

Participation Goals George Roter | May 2016

 As part of his tour to most active communities in the country, George Roter visited Hyderabad recently, providing updates form the participation team and the programs that they are working on.The agenda includes the steps and actions to be taken to refresh and break the ice while providing clarity on the goals of Participation team, clarity on where Mozilla is heading.

Roter provided with us where Mozilla is heading and how to be part of it what are the major ares to be concentrated in coming days the insights include

• Rust/servo
• Campus Campaign
• Innovation through connected devices

After a brief discussion of participation goals George made us to innovate our ideas through Design Thinking . We were divided into groups and started stating our daily life problems and have to solve those using Design Thinking .

 

We stated our problems stick to the wall and later we started solving them in a way that what are the deep causes for the problems and what lead to that problem and how can we solve those.After that we were asked to align

those problems with Mozilla made us to think in that way how these problems are related to Mozilla . We made it got clear approach on how to move forward to design and innovate .At the end of the session we took out traditional Foxy style Picture

Link to Event page Click Here

Events Photos Click Here

 

 

Firefox OS-Connected Devices | April 2016

With the recent updates on the new project that Mozilla has initiated, to focus on ‘Internet of Things’ ( ‘Connected Devices’), Collab House in association with Mozilla Hyderabad community has held an event focusing on Developer boards like Raspberry Pi and Arduino and also the advantages of using Firefox OS to run these programmable boards.

     The session was took by Ram ( Mozilla representative ) and prasan datt  and started off with the intro to Internet of things and how the technology is changing by IOT also future of Iot .Later ram explained how Mozilla has initiated with Connected devices and future goals and participation areas regarding the connected devices  Then the demo of programmable devices had been shown to the participants by prasan dutt .

   Then there was this fun project made by prasan dutt where he wrote a code for raspberry such that when ever you put your hand near the sensor it sends email to the name mentioned in the code so for fun we put ram’s mail in code we continuously  sending the mails keeping the fun fact aside the code will used as a home automation project like when ever the water level increases certain point then we will get a message saying tank is in overflow.

 

    

The demonstrations of various makes by Prasan Dutt using Raspberry Pi and Arduino has made the session more interesting and engaging. The demonstrations included projects like:

• Raspberry Pi enabled mobile phone.
• Bluetooth enabled switch to trigger a signal( Using Arduino).
• # tag detection using Twitter API
• Calling Web APIs
• An Arduino Mouse .etc

 

Service workers |Web APis | March 2016

     That was one of the productive evenings of that month santosh thought to take a session on Apps, Web API’s, Service workers, Offline web apps, Firefox OS TV’s, Spacial navigation and a lot more.We as a part of Mozilla Hyderbad do always something different this time we played with service workers and Apis .

Its me in white

 

     Santosh explained about the service workers and accessed the service worker cookbook created by Mozilla  and had a demo while switching between offline and online mode.And the participants are showed their keen interest in showing their demos they find across the internet and later we have a quick discussion about the progressive web apps.

We always end our session with our traditional group picture ;).

Mozilla India and My experince @MakerFest 2016

STOP LOOKING…..START MAKING…..

                                         

                            I would like to share my journey, i call it as a Journey  rather than experinece because the entire experience i had at MakerFest taught me what a journey does .Every Year Volunteers from Mozilla India represent Mozilla  at MakerFest this year myself  and  bunch of 7 other voIunteers from different parts of India represented Mozilla at MakerFest 2016(Ahmedabad) .

This is how We reached the venue by taking selfies on our way with our awesome swag .The fest is for 3 days everyday was  challenging and exciting .

DAY1

The entire space was filled with creative stalls and awesome makers from different verticals which includes Mozilla stall too,

Mozilla Stall

as the time passes away students ,makers and creators are turning out to know more about Privacy as our entire stall was filled with boards saying

1.”Privacy matters use Firefox “

2. Know who is tracking you online ?

3. Save the Internet

we started asking questions like, are you safe online ?  do you know who is tracking you ?  many of them surprised and  asked in return do they really track us  ? of course why not and  we used LIGHT BEAM add-on

LightBeam

to show them who is tracking online and we also taught them to use private browsing to be safe online ,many of them are not aware of keeping their data safe and private online , now after showing them LIGHT BEAM they realised that not every site is trustworthy and asked more about LightBeam , how to install it and how to use it ,we cleared everything and they were so happy that no one can track them now .

DAY 2

 

               The best thing about this day was students from local schools visited the fest and with lot of excitement they came to our stall to know more about  Privacy and LightBeam intially they thought that internt is only for  facebook and social networking sites ,we as a open source lovers explained them .

 

what actually you can do in internet  later they realised that there is lot to do with internet one can learn lot of things right from education to creative arts anything you name it internet has it . I went around the other stalls and had a glance the things which attracted me more is art woks, 3D printing , Automated Chess ,  skating board using remote and

6 year old kid who writes code for arduino

 I saw this 6 year old kid who writes  code for Ardunio and  that made my day .

DAY 3

                    As this is the last day of makerfest mixed feeelings are rolling in my mind one is am going to miss the MakerFest and other is I am very satisfied that we Educated around 3000+ audience which include students , creators , teachers and Commom people about privacy and Mozilla Mission .

At the end of the Fest the only feeling i got is am very proud that am part of Mozilla Mission . If Anything i could take back from this event is lot of inspiration from small children who started changing the world .Thanks Trishul , Kumaresan , Ankit , Aman , Prathmesh , Mehul , Ashish and Kamlesh specially for capturing those awesome pics .  Special thanks to Santosh Vishwanatham for  helping out in every way possible and making sure everything went well.

Securing Web @ZAP Day-6

On the this Day of ZAP workshop we had discussions about fields of contribution for the ZAP tool. I explained about the contribution areas like localization and ZAP Projects .

localization is one of the main area where we need to concentrate so that the Application can be used by users of different regional languages. ZAP has different languages so the names of components and all the documentation data must be translated into different regional languages.

There is a project on Crowdin where we can actually contribute to ZAP by translating the content.

 

 

So finally we are translating ZAP into our regional languages too .

Securing Web @ZAP Day-5

5th day of workshop We explained about the ZAP Extensions and ZAP addons.  As ZAP is a powerful tool and we can add more features to make it more powerful.  Add ons and extensions adds some features to the present version of the ZAP tool.

 

 

 

While creating a new ZAP extension we explained following steps to create a new extension

Steps for building up Extension

Step 1:- Setting up the whole source on your IDE like Eclipse

Step 2:- Creating a new folder with the extension name in the ZAP Extensions folder. This folder consists of all the Java files and Message.properties file.

Step 3:-  Defining the Message.properties file with all the required text which is present in the extension.

Step 4:-  Refreshing the code and running our new extension.

In the ZAP source we need to convert an Extension into an Addon. So once the development of the Extension is complete then you can convert it into an addon.

 

For addon we need to generate a “ZapAddOn.xml” file which lies are the root folder of the source and it consists of contents about the addon and allows it to be loaded and unloaded dynamically.

Click here for Complete Documentation of ZAP Addons and Extensions

That was an totally an hands on  session

Securing Web @ZAP Day-4

           Sudarshan Started the session of 4th day by introducing new technical terms and discussed about the previous worksheet he had given in day 3. Apparently, the worksheet is based on Web Application security as well as ZAP source code.

In this session we introduced the main functions in ZAP as well as the package located in and gave a little talk on  ZAP API  how to access it. ” Curl ” , a tool which helps to transfer the data to or from a server and “HttpOnlyFlag”, which is used to prevent the malicious code from sending the data from our website to attackers website.

Later we introduced about ” Saros “plugin , which is a Collaborating tool for Eclipse IDE, It’s actually essential for a team of members who work on a single project so that they can be on sync with the modifications done during the project real-time working process.

Saros is very useful application which includes features like chat option with the team members, current view of other users who are working on the project.

Sumanth later, started sharing some knowledge about the User interface modules of ZAP tool. He explained about, the way the packages are split in the ZAP source, instead of researching for those packages from all the files. It’s a heck long procedure by the way!

Later myself and sudarshan explained about Swing Explorer which is an open source tool used on any Swing based applications to explore swing elements like Windows, Frames, Buttons and a few other elements visually. Actually, we can browse all the hierarchy of the components. We also taught them about  how to add new tabs in different positions of ZAP User interface like ” Left “, ” Right ” , ” Footer “, etc..

                                          

“The Bodgeit Store ” which is a vulnerable application actually developed for newbies to work on penetration testing.
Bodgeit Store is made of few vulnerabilities like :

1. Cross Site Scripting
2. SQL injection
3. Unprotected content ( hidden )
4. Cross Site Request Forgery
5. Debug Code
6. Insecure Object References
7. Application Logic vulnerabilities

Securing Web @ZAP Day-3

          3rd Day ZAP workshop started at time in the Collab House and I started taking pics as I was feeling little bored. Then after some time Sumanth Damarla started the workshop, starting with Day-2 Worksheet discussion where he briefly explained about the important key terms that are present in the worksheet.

 

Key Terms:

-> Clickjacking
-> X-Frame Options
-> Port 80 & Port 443
-> HTTP & HTTPS
-> Privilege HTTPS
-> Third-Party API function
-> Input Validation
-> Blocklisting
-> Whitelisting

 

       After that we all had a 10 minutes break and we started tweeting about the ZAP event in the twitter. Then Sudarshan started talking about ZAP API UI and OWASP Summer Code Sprint 2015.

 

 

  Setting-up ZAP environment setting in the Eclipse.

ZAP Environment Setting:  

 

 Myself,Sudarshan and Sumanth helped out the Participants in installing ZAP in their Laptops.Ofcourse we faced few technical problems but at the end we successfully Installed the ZAP environment in all the laptops.

 

 

 

Again break for half an hour and had a palyed   OWASP Snakes & Ladders.

About it: Snakes & Ladders is an educational project. It uses gamification to promote awareness of application security controls and risks, and in particular knowledge of other OWASP documents and tools.

 

Game Time:

Started with six players all of them throwing dice one by one to decide who should start the game first. There is also a crazy thing going over their when we were playing the game that’s tweeting tweets in the twitter. So its a Game with a tweet.

 

 

After that we all had a group pic with Snakes & Ladders.

Securing Web @ZAP Day-2

             On the second day of workshop we installed the ZAP software and taught them  about the User Interface of ZAP software. After Installing ZAP  we have taken a session about generating a Dynamic SSL certificate and installing on Firefox browser. This SSL certificate is installed on browser for testing the websites using the browser plugin tool as a manual testing of vulnerabilities.

Later Sumanth explained them about the modes of ZAP tool which are used for finding out the vulnerabilities i.e Safe mode, Protected Mode, Standard Mode and Attack Mode.

                                  

with a demo on using the ZAP in standard mode and attacking on a test site and showed them the vulnerabilities like XSS Cross Site scripting and other vulnerabilities.
and also explained about many features of  ZAP tool like Intercepting, Fuzzing, Spiders and scanners.

                                

In day two we covered many important concepts like :

• UI
  
• Intercepting
• Fuzzing concepts
• Proxy concepts
• Testing web application