30 Days of Security Testing

30 Days of Security Testing

30 Days of security testing related challenges.

New year, new challenge!

Below is an image with the list of challenges for each day of the month.  Save it somewhere. Print it out. Stick it on your wall. Let’s do this?

What are the rules?

We have a list of 30 challenges, plus a bonus one   Each one has a number. The goal is to tick off as many of the challenges as you can within your own specified timeframe.

You can do this in your own time, or you can join us as a community and share your results or progress.  You may have an image to share, a blog post, a video, status update, whatever it is!  Come and participate!

Here is how you can join in and share your progress:

WARNING: Hacking is illegal. Ministry of Testing does not advocate or condone illegal hacking. Some of these suggestions should be done in safe environments or with the express permission of the websites or applications under test. Try: Hack Yourself First if you need a safe environment to test with.


30 Days Of Security Testing, the text version:

  1. Read a security blog
  2. Select and read a book related to security testing.
  3. Use a security tool - Examples:  ZAP or BurpSuite.
  4. Learn anything about Vulnerability Scanning.
  5. Learn about Threat Modelling (ie like the STRIDE Model).
  6. Explore these sites: Google gruyere; HackYourself First; Ticket Magpie; The BodgeIt store. 
  7. Learn one or more things about Penetration testing.
  8. Use a proxy tool to observe web traffic in a web or mobile application.
  9. Discover the process and procedures around Security Auditing.
  10. Read and Learn about Ethical hacking.
  11. Try to figure out the Posture Assessment for an application.
  12. Read about security testing and discuss where it best fits in an SDLC. 
  13. Perform a Security analysis for requirements in a story.
  14. Develop a test plan including security tests.
  15. Write and share ideas for security testing via twitter or a blog
  16. Research how to build a Tiger Box.
  17. Research a recent hack/security breach
  18. Learn about Security Headers.
  19. Research Script Kiddies and/or packet monkeys. 
  20. Read about DOS/DDOS attacks. Share examples/stories via social media. 
  21. Read about network vulnerability and apply it to your tech stack. 
  22. Read about System Software Security and apply it to your tech stack.
  23. What are the top 10 security threats of 2016?
  24. Use a suggestion from the OWASP Web Application Security Checklist
  25. Find and use a mobile security tool.
  26. Compare and contrast, on social media, web and mobile security testing. 
  27. How could BYOA (bring your own application) play a part in security? 
  28. Share security testing ideas for specific domains 
  29. Research security regulations regarding a specific domain. 
  30. Discover the difference between White, Grey, and Black Hat Hacking.
  31. BONUS: Take part in a bug bounty.
Daniel Billing's profile
Daniel Billing

Senior Software Engineer

Dan has been a tester for 20 years, working within a diverse range of development organisations, mostly in London and the south-west of England. He is now freelance test consultant, coach and trainer, but has worked within some complex industries and contexts. His skills include mentoring, supporting and training members of the team to develop their security skills also. Dan’s love of testing drives him to become an active member of the testing community. He has organised international events and workshops in the testing community, and is a speaker at various international Agile, technology and testing conferences. He is also a co-host of the Screen Testing podcast, alongside Neil Studd.

Melissa Eaden's profile
Melissa Eaden

Senior Technologist

Melissa Eaden has worked for more than a decade with tech companies such as Security Benefit, HomeAway, ThoughtWorks, and now Unity Technologies. Melissa’s previous career in mass media continues to lend itself to her current career endeavors. She can be found on Twitter @melthetechie

Claire Reckless's profile
Claire Reckless

Test Lead

Claire is a Test Lead at MoneySuperMarket in Manchester, with prior experience in testing Financial and Security software.

A tester for over 10 years, she is active within the testing community, contributing articles, speaking at conferences including Testbash Manchester and Nordic Testing Days.

Explore MoT
Managing Distributed QA Teams: Strategies for Success
In an era where remote teams have become the norm, mastering the art of managing hybrid and distributed QA teams is more crucial than ever
MoT Foundation Certificate in Test Automation
Unlock the essential skills to transition into Test Automation through interactive, community-driven learning, backed by industry expertise
This Week in Testing
Debrief the week in Testing via a community radio show hosted by Simon Tomes and members of the community