I didn’t get the chance to see it, but if pressed to make my own, it would be things like a stapler, a salt shaker, and a hard boiled egg. I would hand these to my student and say something like:
(This also, by the way, is my general litmus test for a tester. When it comes to actually talking about the real work of testing a thing – If the person is utterly confused, or smiles genially and changes the subject, or asks me what _I_ think – well, that tells me something. If they roll up their sleeves and dive in, that tells me something …)
But I’ve been thinking about a different testing toolkit lately.
I keep my source materials, some tools, and a copy of my website on a USB Drive. The drive has recently been pushing its limits, so I just bought a replacement – a 4 GB drive, for thirty bucks from BestBuy.
4 GB is a lot of space. A lot.
This got me thinking about what I do when I come into a new company. The first thing I do is download a bunch of free tools – Putty, WinSCP3, Tasker, SnagIt, TextPad, ActivePerl, Dia, GVim, Audacity. I also have a bunch of PDF and Word documents that I read and re-read every year. With 4GB of space, I could put all of those on a memory stick, and more.
These are testing tools, but there are also security testing tools – and tutorials – that would fit easily on the stick. Snort, Crack, intrusion detection, SQL injection, and other tools come to mind.
With 4GB of space, I could put all these tools and more on a stick. If they were good enough, I could sell the stick as a value-added tool or, more likely, just have an interesting howto list on a website. Yes, getting a booth at DefCon and selling security tools has occurred to me, but for the time being, I’ll keep my hat white, thank you very much.
So here’s my two questions, take your pick:
1) If you developed a testing tool on a stick, what free (or cheap-ware) tools would you include? What is missing from my list? What entire categories are missing? If there a different kind of stick to develop? Yes, I could do a developer stick with apache, php, mysql, but most of those come with Linux Anyway.
2) If you don’t like that, here’s another one: The stapler, the hard-boiled egg, or the salt shaker. I’ve asked you to test it. What do you do?