Hackers of India

πŸ§ͺ Experimental Feature

Focus Areas are an experimental feature that groups related content by tags. This page and its functionality may change as we refine the categorization system.

Web Application Security

Security for web applications, APIs, and web services

137
Total Entries
103
Contributors
134
Unique Tags
115
Related Tags

Top Contributors

Shreeraj Shah(18) Ajin Abraham(9) Devdatta Akhawe(5) Ahamed Nafeez(4) Bishan Singh(4)

Related Tags (21)

Web Security(39) Xss(36) Web Application Security(33) Owasp(28) Csrf(15) API Security(13) Authentication(12) Ajax(12) Rest API(10) Web Pentesting(7)
Show all 21 tags...
Clickjacking(6) Cors(5) Appsec(4) SQL Injection(3) Authorization(3) Browser Security(1) Firefox Os(1) Browser Security(1) Csrfguard(1) Web App Sec(1) Web Appsec(1)

All Entries (137 total, sorted by date)

DateTypeConferenceTitleSpeaker(s)Tags
2025-08-07Tool demoBlackhat Frogy 2.0 - Automated external attack surface analysis toolkit Source Code Chintan Gurjarattack-surfacevulnerability-assessmentasset-management+2
2025-08-07Tool demoBlackhat Q-TIP (QR Code Threat Inspection Platform) Rushikesh D Nandedkarincident-responseweb-securityvulnerability-management+2
2025-08-06Tool demoBlackhat Damn Vulnerable Browser Extension (DVBE): Unmask the risks of your Browser Supplements Source Code Abhinav Khanna, Krishna Chagantiweb-securitysecure-codingpentesting+3
2025-08-06Tool demoBlackhat Open-Source API Firewall by Wallarm - Advanced Protection for REST and GraphQL APIs Source Code Satinder Khasriyaapi-securityweb-securityowasp+1
2025-08-06Tool demoBlackhat SmuggleShield - Protection Against HTML Smuggling Source Code Dhiraj Mishraweb-securitymalware-detectionbrowser-security+2
2024-11-26TalkBlackhat Critical Exposures: Lessons from a Decade of Vulnerability Research Nikhil Shrivastavavulnerability-managementsql-injectionpentesting+2
2024-11-15TalkC0c0n PCI 4.0, Javascript Security for product security teams Anand Kumar Ganesan, Mohammad Arifweb-application-security
2024-08-30TalkHitb Sec Conf Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles Presentation Video Ravi Rajputweb-securitypentestingexploitation+4
2024-08-10TalkDefcon Sneaky Extensions: The MV3 Escape Artists Vivek Ramachandran, Shourya Pratap Singhweb-securitypentestingvulnerability-management
2024-06-27TalkTroopers The Hidden Dangers Lurking in Your Pocket – Pwning Apple Wallet ecosystem and its apps Presentation Priyank Nigammobile-securitypentestingapi-security+2
2023-08-12Tool demoDefcon Open Source API Security for devsecops Source Code Ankush Jain, Ankita Gupta 1api-securitydevsecopsci-cd+3
2023-08-11TalkDefcon Generative Adversarial Network (GAN) based autonomous penetration testing for Web Applications Ankur Chowdharyweb-securityxssapplication-pentesting+3
2023-08-11Tool demoDefcon vAPI : Vulnerable Adversely Programmed Interface Source Code Tushar Kulkarniapi-securityowaspauthorization+1
2023-08-06TalkC0c0n Mitigating SSRF at scale the right way with IMDSv2! Video Ayush Priyaweb-securityapi-securityaws+3
2023-08-06TalkC0c0n A Secure Privacy-Preserving Lightweight Authentication Scheme for Internet of Medical Things Video Panchami V, Mahima Mary Mathewsauthenticationprivacyembedded-security+1
2023-05-11Tool demoBlackhat APKHunt | OWASP MASVS Static Analyzer Source Code Mrunal Chawda, Sumit Kalariaowasp
2022-09-24TalkC0c0n Raining CVEs on Wordpress plugins with Semgrep Shreya Pohekar, Syed Sheeraz Aliweb-securitystatic-analysissast+2
2022-09-24TalkC0c0n Web3 Security - Security in MetaVerse, and the new world of web3 Rohit Srivastwablockchain-securityweb3decentralized-systems+3
2022-09-23TalkC0c0n Securing your APIs for a cloud native future Navendu Pottekkatapi-securitysecure-developmentdevsecops
2022-09-23TalkC0c0n Threats Landscape and Intelligence of API & Shield to protect Navaneethan Mapi-securitythreat-landscapethreat-hunting+1
2022-09-08Tool demoNullcon ZaaS: [OWASP] ZAP As A Service - Continous Security For 20K+ APIs Presentation Rohit Sehgal, Varun Kakumaniowasp
2022-08-12TalkDefcon Stop worrying about Nation-States and Zero-Days; let’s fix things that have been known for years Video Vivek Ponnadasecure-codingvulnerability-managementdevsecops+1
2021-11-13TalkC0c0n Exploiting 2A(Authentication and Authorization) Vulnerabilities of Web Application Gayatri Nayakweb-securityauthenticationauthorization+2
2021-11-13TalkC0c0n Server-side javascript Injection Presentation Kavisha Shethweb-securitysecure-codingweb-pentesting
2021-11-13TalkC0c0n Enhancing An Multi-Factor Authentication (MFA) through Behavioural Biometrics Kiran Kumar Pgauthenticationmfasecurity-architecture
2021-08-05Tool demoBlackhat reNgine: An Automated Reconnaissance Framework Source Code Yogesh Ojhaweb-app-sec
2020-12-10Tool demoBlackhat reNgine: an automated reconnaissance Framework Source Code Yogesh Ojhaweb-appsec
2020-11-21TalkApp Sec Indonesia Learn how to find and exploit race conditions in web apps with OWASP TimeGap Theory Abhi M Balakrishnanweb-securityowaspapplication-pentesting+2
2020-10-01Tool demoBlackhat OWASP Python Honeypot Source Code Sri Harsha Gajavalliweb-securityowasppentesting+1
2020-09-18TalkC0c0n Web Application hacking with WebZGround Video Parveen Yadav, Narendra Kumarweb-securityweb-pentestingpentesting+3
2020-08-09TalkDefcon Running an appsec program with open source projects Presentation Video Vandana Verma Sehgalowaspsecure-developmentdevsecops+3
2020-03-06Tool demoNullcon Wolverine Source Code Furqan Khan, Siddharth Anbalahanlinuxsecure-codingweb-application-security+3
2020-03-06Tool demoNullcon Hachi Source Code Parmanand Mishraatt&ckblueteamrest-api+1
2019-09-27TalkC0c0n Stepping into Password Less Economy Ajit Hattiauthenticationidentity-managementsecure-development+1
2019-09-23TalkRootcon Identity crisis: war stories from authentication failures Presentation Video Vishal Chauhanauthenticationidentity-managementvulnerability-assessment+3
2019-08-11TalkDefcon Exploiting and Securing iOS Apps using OWASP iGoat Swaroop Yermalkarmobile-securityios-securityapplication-pentesting+4
2019-08-08TalkDefcon Phishing in the cloud era Presentation Ashwin Vamshi, Abhinav Singhphishingapi-securityweb-security+2
2019-08-08Tool demoDefcon Hachi: An Intelligent threat mapper Source Code Parmanand Mishraatt&ckblueteamrest-api+1
2019-03-28Tool demoBlackhat OWASP Nettacker: Automated Penetration Testing Framework Source Code Sri Harsha Gajavallinetwork-pentestingvulnerability-assessmentfirewall+3
2018-12-06Tool demoBlackhat Astra: Automated Security Testing For REST APIs Source Code Sagar Popat, Harsh Groverapipentestrest-api+1
2018-10-05TalkC0c0n DomGoat - the DOM Security Playground Source Code Lavakumar Kuppanxssweb-application-security
2018-09-27TalkRootcon Defending cloud Infrastructures with Cloud Security Suite Presentation Source Code Video Shivankar Madaancloudawsinfrastructure+5
2018-08-12TalkDefcon Last mile authentication problem: Exploiting the missing link in end-to-end secure communication Presentation Video Siddharth Raocryptographywebauthentication+2
2018-08-11Tool demoDefcon Sh00tβ€”An open platform for manual security testers & bug hunters Source Code Pavan Mohanpentestbug-huntingopensource+3
2018-08-09Tool demoBlackhat OWASP Offensive Web Testing Framework Source Code Viyat Bhalodiaowasppentestweb+1
2018-08-09Tool demoBlackhat rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style Presentation Source Code Sudheendra Bhatopensourceincident-responserest-api+1
2018-08-08Tool demoBlackhat Astra: Automated Security Testing For REST APIs Source Code Ankur Bhargava, Prajal Kulkarni, Sagar Popatpentestapirest-api+2
2017-08-19TalkC0c0n Trust, the foundation of Digital Mastery Sunil Varkeyidentity-managementauthenticationrisk-management+2
2017-08-18TalkC0c0n Cloud_Security Suite - One stop tool for auditing cloud infrastructure Source Code Shivankar Madaan, Jayesh Chauhancloudawsinfrastructure+5
2017-07-29Tool demoDefcon Fuzzapi Source Code Video Abhijeth Dugginapeddi, Lalith Rallabhandi, Srinivas Raofuzzingrest-apipentest+3
2017-07-27Tool demoBlackhat Fuzzapi - Fuzzing Your RESTAPIs Since Yesterday Source Code Lalith Rallabhandi, Abhijeth Dugginapeddi, Srinivas Raofuzzingapirest-api+3
2017-06-26Tool demoBlackhat DiffDroid Source Code Anto Josephandroidpentestweb-application-security+1
2017-06-23TalkHackinparis Injecting Security into Web apps with Runtime Patching and Context Learning Presentation Video Ajin Abrahamwebblueteamsecure-development+6
2017-05-23TalkPhdays Injecting security into web apps in the runtime Presentation Ajin Abrahamwebblueteamsecure-development+6
2017-03-03TalkNullcon Injecting Security into Web apps with Runtime Patching and Context Learning Presentation Video Ajin Abrahamwebblueteamsecure-development+6
2017-01-25TalkOwasp App Sec California DASTProxy: Don’t let your automated security testing program stall on crawlInstead focus on business context Presentation Video Kiran Shiralidynamic-analysisdastdevsecops+3
2017-01-25TalkOwasp App Sec California OCSP Stapling in the Wild Devdatta Akhaweweb-securityvulnerability-managementsecurity-architecture+1
2016-10-07TalkDeepsec Inside Stegosploit Presentation Video Saumil Shahweb-securityexploitationpentesting+1
2016-08-19TalkC0c0n Esoteric XSS Payloads Presentation Riyaz Walikarxssredteam
2016-08-19TalkC0c0n Kill the password - A new era of authentication Tamaghna Basuauthenticationiamsecurity-architecture+1
2016-07-01TalkHackinparis DIFFDroid - Dynamic Analysis Made Easier for Android Source Code Video Anto Josephandroidpentestweb-application-security+1
2016-03-15TalkGroundzerosummit Web App Security Harpreet Singh, Himanshu Sharma, Nipun Jaswalweb-securityapi-securitysecure-coding+3
2015-11-05TalkGround Zero Summit Sanctioned to Hack: Your SCADA HMIs Belong to Us! Aditya K Soodics-securityweb-securityvulnerability-management+3
2015-11-05TalkGround Zero Summit XSS - The art of evading web application filters! Anirudh Anandxssweb
2015-09-11Talk44 Con Stegosploit – Drive-by Browser Exploits using only Images Presentation Source Code Video Saumil Shahwebstrganographyredteam+2
2015-08-07TalkDefcon Hacker’s Practice Ground Video Lokesh Pidawekarpentestingethical-hackingvulnerability-assessment+2
2015-08-01TalkC0c0n Understanding the known : A deep look at OWASP A9 : Using Components with Known Vulnerabilities Presentation Source Code Anant Shrivastavawebowaspblueteam
2015-05-28TalkHitb Sec Conf Stegosploit: Hacking With Pictures Presentation Saumil Shahredteamsteganographyweb+1
2015-03-27TalkSyscan Stegosploit - Hacking with Pictures Presentation Video Saumil Shahwebstrganographyredteam+2
2015-03-26Tool demoBlackhat OWASP Xenotix XSS Exploit Framework Presentation Source Code Ajin Abrahamowaspxssblueteam+3
2015-02-06TalkNullcon Pentesting a website with million lines of Javascript Presentation Lavakumar Kuppan, Ahamed Nafeezweb-application-securitypentestweb+1
2015-01-27TalkOwasp App Sec California The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers Video Devdatta Akhaweweb-securityxsscsrf+3
2014-08-21TalkUsenix The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers Presentation Whitepaper Devdatta Akhaweweb-securityxsscsrf+3
2014-03-27TalkBlackhat JS Suicide: Using JavaScript Security Features to Kill JS Security Presentation Video Ahamed Nafeezweb-application-securityredteamcsrfguard+1
2014-03-15TalkHitb Sec Conf JS Suicide: Using Javascript Security Features to Kill Itself Presentation Ahamed Nafeezweb-application-security
2014-02-15Tool demoNullcon OWASP Xenotix XSS Exploit Framerwork Source Code Ajin Abrahamowaspxssblueteam+3
2014-02-14TalkNullcon o’Dea Assertions - Untwining the Security of the SAML Protocol Video Achin Kulshresthaauthenticationwebbrowser+4
2014-02-14TalkNullcon phoneypdf: A Virtual PDF Analysis Framework Presentation Video Kiran Bandlapdfanalysisweb-application-security+4
2013-11-21TalkAppsec Usa Wassup MOM? Owning the Message Oriented Middleware Video Gursev Singh Kalraapi-securityvulnerability-managementsecure-coding+1
2013-11-07TalkGround Zero Summit Malware for Firefox Mobile OS Shantanu Gawdefirefox-osmobile
2013-09-27TalkC0c0n Lets Play - Applanting on new Grounds Ajit Hattiandroidredteamcsrf+1
2013-09-27TalkC0c0n Snake Bites Presentation Anant Shrivastavasecure-codingwebpentest+1
2013-08-15TalkUsenix Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness Presentation Whitepaper Devdatta Akhaweweb-securitysecurity-awarenesssecurity-architecture+3
2013-08-01Tool demoBlackhat OWASP Xenotix XSS Exploit Framework Source Code Ajin Abrahamowaspxssblueteam+3
2013-07-31TalkBlackhat Clickjacking revisited: A perceptual view of UI security Presentation Video Devdatta Akhaweclickjackinguiblueteam+1
2013-07-31TalkBlackhat Javascript static security analysis made easy with JSPrime Presentation Whitepaper Source Code Video Nishant Das Patnaik, Sarathi Sabyasachi Sahooweb-application-securityanalysisblueteam
2013-03-15Tool demoBlackhat OWASP Xenotix XSS Exploit Framework Source Code Ajin Abrahamowaspxssblueteam+3
2013-03-14TalkBlackhat Lets play - Applanting Presentation Whitepaper Video Ajit Hattimobileredteamcsrf+2
2013-03-01TalkNullcon Detecting and Exploiting XSS Vulnerabilities and Xenotix XSS Exploitation Framework Presentation Video Ajin Abrahamxssredteamweb
2013-03-01TalkNullcon CSRF Finder as a Mozilla Addon Video Piyush Pattanayakcsrfwebblueteam
2013-03-01TalkNullcon Inception of graphical passwords Video Rishi Naranginfrastructureauthentication
2013-03-01TalkNullcon Automating JavaScript Static Analysis Lavakumar Kuppanweb-application-securitywebpentest+1
2012-12-01TalkClubhack Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Presentation Video Ajin Abrahamxssredteamweb
2012-12-01TalkClubhack XSSshell Presentation Video Vandan Joshixsswebshell
2012-10-26TalkApp Sec Usa XSS & CSRF with HTML5 - Attack, Exploit and Defense Shreeraj Shahxsscsrf
2012-10-25TalkApp Sec Usa Cross Site Port Scanning Video Riyaz Walikarweb-securityvulnerability-managementowasp+1
2012-10-11TalkHitb Sec Conf XSS & CSRF strike back – Powered by HTML5 Presentation Shreeraj Shahredteamcsrfweb+5
2012-09-28TalkNullcon Alert(/xss/) - How to catch an XSS before someone exploits / reports it? Ahamed Nafeezweb-securityxsssecure-coding+2
2012-08-03TalkC0c0n Evil JavaScript Bishan Singhredteamweb-application-security
2012-07-26TalkBlackhat HTML5 top 10 threats – Stealth Attack and Silent Exploits Presentation Whitepaper Video Shreeraj Shahwebredteamcors+6
2012-07-14TalkHope Advancements in Botnet Attacks and Malware Distribution Video Aditya K Soodmalwarebotnetweb-security+2
2012-03-15TalkNullcon An App(le) a day keeps the wallet away Antriksh Shahpentestingweb-securityapi-security+1
2012-03-14TalkBlackhat HTML5 top 10 threats – Stealth Attack and Silent Exploits Presentation Whitepaper Video Shreeraj Shahwebredteamcors+6
2012-02-15TalkNullcon Content sniffing Algorithm bypassing techniques and possible attack vectors Video Anil Aphale, Chaitany Kambleredteamwebxss+3
2012-02-15TalkNullcon Ra.2 Blackbox DOM-based XSS scanner Presentation Source Code Video Nishant Das Patnaik, Sarathi Sabyasachi Sahooxsswebblueteam+1
2012-02-15TalkNullcon Javascript static analysis with IronWASP Presentation Video Lavakumar Kuppanweb-application-securitywebpentest+1
2012-02-15TalkNullcon Node.js: The good, bad and ugly Video Bishan Singhweb-application-securityredteamblueteam+1
2011-12-04TalkClubhack DOM XSS – Encounters of the 3rd Kind Presentation Video Bishan Singhxssdomredteam+1
2011-10-07TalkC0c0n Password Less Authentication, Authorization Whitepaper Srikar Sagiauthenticationauthorizationiam
2011-09-19TalkBrucon Step-by-Step for Software Security (that anyone can follow) Pravir Chandrasoftware-securitysecure-developmentdevsecops+4
2011-09-07TalkSecuritybyte Social Web & Privacy – An evolving world Bala Sathiamurthy, Aridaman Tripathiprivacydata-protectionapi-security+3
2011-09-06TalkSecuritybyte Application Security Strategies Presentation K K Mookheysecure-codingsecure-developmentweb-security+3
2011-09-06TalkSecuritybyte Enabling Un-trusted Mashups Presentation Bishan Singhweb-securityxsscsrf+4
2011-09-06TalkSecuritybyte Security Threats on Social Networks Presentation Nithya Ramansocial-engineeringweb-securitysecurity-awareness+2
2011-08-03TalkBlackhat Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex Presentation Whitepaper Video Shreeraj Shahreverse-engineeringwebajax+6
2011-05-20TalkHitb Sec Conf Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2) Presentation Shreeraj Shahwebredteamcors+6
2011-02-25TalkNullcon (secure) SiteHoster – Disable XSS & SQL Injection Presentation Whitepaper Source Code Abhishek Kumarxsssqliblueteam+2
2010-11-11TalkBlackhat Attacking with HTML5 Presentation Lavakumar Kuppanweb-securityxssweb-pentesting+1
2010-10-13TalkHitb Sec Conf Hacking a Browser’s DOM – Exploiting Ajax and RIA Presentation Video Shreeraj Shahwebredteamweb-application-security+5
2010-07-29TalkBlackhat Hacking Browser’s DOM - Exploiting Ajax and RIA Presentation Whitepaper Shreeraj Shahredteamwebdom+2
2010-07-01TalkHitb Sec Conf Top 10 Web 2.0 Attacks and Exploits Presentation Shreeraj Shahwebredteamcors+6
2010-06-18TalkSyscan REVERSE ENGINEERING WEB 2.0 APPLICATIONS Shreeraj Shahreverse-engineeringwebajax+6
2010-03-15TalkBlackhat 400 Apps in 40 Days Presentation Video Nish Bhallavulnerability-managementrisk-managementapplication-pentesting+2
2009-05-19TalkSyscan Securing Enterprise Applications Shreeraj Shahblueteamwebweb-application-security+13
2008-10-29TalkHitb Sec Conf Top 10 Web 2.0 Attacks Presentation Video Shreeraj Shahblueteamweb-application-securityajax+8
2008-08-21TalkOwasp App Sec India AppSec For Managers Nish Bhallaappsecowaspweb+1
2008-08-20TalkOwasp App Sec India Application Security Trends & Challenges Presentation Kamlesh Bajajwebowaspappsec
2008-08-20TalkOwasp App Sec India Web 2.0 Attacks - Next Generation Threats on the Rise Presentation Shreeraj Shahredteamblueteampurpleteam+4
2008-08-20TalkOwasp App Sec India Building Enterprise AppSec Program Nish Bhallawebappseccase-study
2008-08-20TalkOwasp App Sec India Web Application Security: Too Costly To Ignore Presentation Rajesh Nayakappsecwebblueteam
2008-04-16TalkHitb Sec Conf Securing Next Generation Applications Γ’β‚¬β€œ Scan, Detect and Mitigate Shreeraj Shahblueteamweb-application-securityajax+8
2008-02-20TalkBlackhat Scanning Applications 2.0 - Next Generation Scan, Attacks and Tools Presentation Shreeraj Shahredteamblueteampurpleteam+4
2007-11-20TalkDeepsec Web 2.0 Application Kung-Fu - Securing Ajax & Web Services Presentation Video Shreeraj Shahwebajaxweb-application-security+1
2007-09-06TalkHitb Sec Conf Hacking Ajax and Web Services Γ’β‚¬β€œ Next Generation Web Attacks on the Rise Presentation Video Shreeraj Shahwebredteamajax+1
2007-04-05TalkHitb Sec Conf WEB 2.0 Hacking – Defending Ajax and Web Services Presentation Shreeraj Shahwebredteamblueteam+3
2007-03-15TalkBlackhat Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch Presentation Video Nish Bhalla, Rohit Sethiweb-securityxsssql-injection+4
2006-08-02TalkBlackhat SQL Injections by Truncation Presentation Bala Neerumallaweb-securitysql-injectionsecure-coding+1