Netsparker Web Application Security Scanner

Interviewing a Testing Expert - Ziyahan Albeniz

Yes I know, since long time I have not published any of my Testing Interview with professionals from around the globe. So I’m again back with the testing interview, and this time I’ll be interviewing Ziyahan Albeniz from Netsparker.


BIO:Ziyahan Albeniz

Ziyahan Albeniz is an experienced Security Researcher who started as a QA Engineer at Netsparker. At Netsparker he worked his way up to be the Security Team Lead. He graduated in Computer Programming from Sakarya University in Istanbul. He has reported security issues to large companies such as Yandex and Microsoft and has been listed in these companies’ hall of fame. He continues his security research work under the mentorship of Ferruh Mavituna. Ziyahan’s articles and research are published on the Netsparker web security blogs. Ziyahan also co-hosts a security podcast with Mustafa Yalcin on Klavye Delikanlıları (Turkish).


1. Did you do testing in other areas before diving into web application security testing?

Ziyahan Albeniz Testing Interview

Yes, I did. I started my career at Netsparker as a QA Engineer. After a while, I was assigned to the Security department. Now, I work as the Security Team Lead and continue my daily job here as a Security Researcher.


2. What led you to become a Security Researcher? And what was the number one reason that attracted you to the field of Testing?

I started my professional career in 2008 as a web developer, though Netsparker was always a fascinating company for me. I applied many times to work at Netsparker and after a few attempts, I was hired as a QA Tester. Bringing my experience from web development to the QA team, I examined how Netsparker evaluated sites and conducted release tests and new feature tests, among other things.

I find the whole area of Security and Testing a fascinating one. I’m intrigued by how deep it goes. It makes me feel good to be a few steps in front of normal users, and find bugs before they are found by others. Testing saves others time, and sometimes, it even saves (online) lives!


3. Tell me five unknown, or lesser-known, facts about you.

I am a curious person. I also consider myself to be a book-worm. I tend to love details and I am rigorous in my work. I think these things are already well-known to my colleagues. However, a lesser-known fact about me is that I am an obsessive man.


4. What one thing would you tell every newbie who is struggling in the early stages of building a Security Testing career?

I would advise them to read as much as they can, follow the work of others who work in this area, become a friend of white papers, experiment with tools such as web vulnerability scanners and buy a high-quality monitor 🙂 I know I’ve given more than one thing, but each is important.


5. How do you envisage Security Testing as a career, let’s say, after a decade?

As appliances become more digital, their security will become more important than ever before. I can see myself in a chaotic world after ten years – like a dystopia. Besides smart devices, we should prepare ourselves to see more and more smart homes and smart cars. But, only Security Testing can prevent the Internet of Things from turning into the Internet of Shit!


6. What would be the biggest challenges for the Security Testing field, and what would be the biggest advancements?

Both things are linked. The biggest challenge in the Security field is to catch up with advances as soon as they occur. Cloud and SaaS technologies promise a brilliant future. They change the way in which we work. Let me give you an example of our Netsparker Cloud web application security scanner. It promises whole scan scalability. You can start a scan for thousands of sites at the same time. You can see also results on a screen in real time. You can integrate it with your SDLC. As a company, we are the future!


7. Tell me about the most fascinating bug that you have encountered in your entire career.

If you had asked me about the most ‘frustrating’ bug I ever reported, I could have answered easily. On the other hand, each bug excites me, because you tend to see them at those points in which you have the most interest.

We all have some assumptions about companies, especially tech giants. We consider them innately secure. However, they can be vulnerable even to well-known issues. Seeing that inaction is really engaging, and a little amazing. After six months of ImageTragick vulnerability discoveries, the same issue was detected on and the bug bounty hunter who discovered it was awarded $40K. Isn’t that really thrilling?! So when I see that a trivial bug can have a huge impact on a tech giant, I’m totally absorbed by it. It shows what a mistake it is to underestimate any issue. It reminds me of a quote by the Dalai Lama: “If you think you are too small to make a difference, try sleeping with a mosquito.”

Each bug I find both thrills and engages me. It means that all the time I’ve spent detecting it has value. I’ve experienced this more than once.


8. Tell me about the most satisfying moment in your security testing career.

I remember it as if it were yesterday! I had been using both QA Tester and Security Researcher as my job titles. One day my boss – who is not only a boss but a veteran in the field of security – said to me, “You can omit ‘QA Tester’ from your title from now on and only use ‘Security Researcher’. You’ve earned your new name, like an Apache!”.


9. Is there anything else that you would like to say?

Working hard might sound boring or tiring to some people today. In order to fight these negative feelings, you must have a job that you love. In a sense, if you love your job, you don’t have to work at all!

Read a lot, and spend time practicing. Practice is very important, as Confucius said: “I hear and I forget. I see and I remember. I do and I understand.”.

Chase your dream! Don’t forget the inspirational example of Mandela: “I never lose, I either win or learn!“.


⇓  Stay Updated – Subscribe US  ⇓

If you are not a regular reader of this website then highly recommends you Sign up for our free email newsletter!! Sign up just providing your email address below:

Enter your email address:

Check email in your inbox for confirmation to get latest updates Software Testing for free.

Happy Testing!!!

4 comments to Interviewing a Testing Expert – Ziyahan Albeniz

  • Kruti

    Nice interview 🙂

  • Govardhan Reddy M

    Its very a good interview.

  • Yogesh

    Enjoyed reading interview a lot. He is absolutly amazing.

  • Rayan

    Cool interview…

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>