Hackers of India

πŸ§ͺ Experimental Feature

Focus Areas are an experimental feature that groups related content by tags. This page and its functionality may change as we refine the categorization system.

🌐 Web Application Security

Security for web applications, APIs, and web services

148
Contributors
174
Talks
43
Tool Demos
4
Panels
5
Awards

Top Contributors

Shreeraj Shah(20) Ajin Abraham(9) Gursev Singh Kalra(9) Saumil Shah(9) Lavakumar Kuppan(7)

Related Tags (24)

#Web Security(93) #API Security(39) #Xss(38) #Owasp(30) #Authentication(26) #Csrf(19) #Browser Security(17) #Web Pentesting(17) #Appsec(13) #Ajax(12)
Show all 24 tags...
#Authorization(11) #Rest API(10) #SQL Injection(9) #Clickjacking(8) #Cors(5) #Ssrf(3) #Apache Tomcat(2) #.Net(1) #Apache Myfaces(1) #Asp.net(1) #Csrfguard(1) #Drupal(1) #Sun Mojarra(1) #Web Scraping(1)

All Entries (226 total, sorted by date)

DateTypeConferenceTitleSpeaker(s)Tags
2025-08-07Tool demoBlackhat Frogy 2.0 - Automated external attack surface analysis toolkit Source Code Chintan Gurjar#attack-surface#vulnerability-assessment#asset-management+2
2025-08-07Tool demoBlackhat Q-TIP (QR Code Threat Inspection Platform) Rushikesh D Nandedkar#incident-management#web-security#architecture+1
2025-08-06Tool demoBlackhat Open-Source API Firewall by Wallarm - Advanced Protection for REST and GraphQL APIs Source Code Satinder Khasriya#api-security#web-security#owasp+1
2025-08-06Tool demoBlackhat SmuggleShield - Protection Against HTML Smuggling Source Code Dhiraj Mishra#web-security#malware-detection#browser-security+2
2025-08-06Tool demoBlackhat Damn Vulnerable Browser Extension (DVBE): Unmask the risks of your Browser Supplements Source Code Abhinav Khanna, Krishna Chaganti#web-security#secure-coding#security-assessment+2
2025-06-27TalkLehack From HTML Injection to Full AWS Account Takeover: Discovering Critical Risks in PDF Generation Video Raunak Parmar#ssrf#aws#web-security+2
2025-03-02TalkNullcon eKYC Crisis: Securing the Lockers Video Kartik Lalan#risk-management#architecture#data-leak+4
2024-12-12Tool demoBlackhat Damn Vulnerable Browser Extension (DVBE) - Knowing the risks of your Browser Supplements Source Code Abhinav Khanna, Krishna Chaganti#browser-security#web-security#web-pentesting
2024-11-21TalkSecurityfest UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities Video Priyank Nigam#web-security#appsec#iam
2024-11-15TalkC0c0n PCI 4.0, Javascript Security for product security teams Video Anand Kumar Ganesan, Mohammad Arif#web-security#secure-coding#application-pentesting+2
2024-09-20Talk44con Unveiling the ghosts of mobile networks: When will old bugs die? Video Altaf Shaik#5g#authentication#encryption+3
2024-08-30TalkHitbsecconf Exploiting the In-Vehicle Browser: A Novel Attack Vector in Autonomous Vehicles Presentation Video Ravi Rajput#web-security#security-assessment#exploitation+2
2024-08-10TalkDefcon Sneaky Extensions: The MV3 Escape Artists Video Vivek Ramachandran, Shourya Pratap Singh#web-security#security-assessment#application-pentesting+4
2024-06-27TalkTroopers The Hidden Dangers Lurking in Your Pocket – Pwning Apple Wallet ecosystem and its apps Presentation Priyank Nigam#security-assessment#api-security#secure-development
2024-04-18Tool demoBlackhat BinderAPI Scanner & BASS Source Code Krishnaprasad Subramaniam, Jeffrey Gaor, Valen Sai, Eric Tee Hock Nian#api-security#application-pentesting#dynamic-analysis+3
2024-04-18TalkBlackhat Breaking Managed Identity Barriers In Azure Services Presentation Nitesh Surana, David Fiser#azure#cloud-pentesting#access-management+3
2024-04-18Tool demoBlackhat Damn Vulnerable Browser Extension (DVBE) - Unfold the risks for your Browser Supplements Source Code Abhinav Khanna#browser-security#web-security#vulnerability-assessment
2024-03-12TalkNullcon Secure Web Gateways are dead. What’s next? Vivek Ramachandran#browser-security#application-hardening#security-strategy+2
2023-12-07Tool demoBlackhat Akto - Open Source API Security Tool Source Code Ankush Jain#api-security#secure-development#security-testing+3
2023-09-23TalkNullcon Secure Your Angular App Using JWT And GraphQL Presentation Ankit Sharma#blueteam#api-security#secure-development+1
2023-09-23TalkNullcon Uncovering Azure’s Silent Threats: A Journey Into Cloud Vulnerabilities Presentation Video Nitesh Surana#azure#cloud-pentesting#application-hardening+4
2023-08-12Tool demoDefcon Open Source API Security for devsecops Source Code Ankush Jain, Ankita Gupta 1#api-security#devsecops#ci-cd+2
2023-08-12PanelDefcon Not All Alerts Are Born Equal: Insights from AppSec Experts on Prioritizing Security Alert Trupti Shiralkar, Kiran Shirali#appsec#alert-fatigue#vulnerability-assessment
2023-08-11Tool demoDefcon vAPI : Vulnerable Adversely Programmed Interface Source Code Tushar Kulkarni#api-security#owasp#authorization
2023-08-11TalkDefcon Generative Adversarial Network (GAN) based autonomous penetration testing for Web Applications Video Ankur Chowdhary#web-security#xss#application-pentesting+3
2023-08-10Tool demoBlackhat vAPI: Vulnerable Adversely Programmed Interface Source Code Tushar Kulkarni#api-security#authorization#security-testing+3
2023-08-09Tool demoBlackhat Akto - Open Source API Security Tool Source Code Ankush Jain, Ankita Gupta 1#api-security#application-pentesting#security-testing+3
2023-08-06TalkC0c0n Mitigating SSRF at scale the right way with IMDSv2! Video Ayush Priya#web-security#api-security#aws+2
2023-08-06TalkC0c0n A Secure Privacy-Preserving Lightweight Authentication Scheme for Internet of Medical Things Video Panchami V, Mahima Mary Mathews#authentication#data-protection#embedded-security
2023-06-01TalkSecurityfest Bypassing Anti-Cheats & Hacking Competitive Games Video Rohan Aggarwal#reverse-engineering#appsec#endpoint-protection+4
2023-05-12TalkBlackhat Engaging the Next Generation of Cybersecurity Professionals: The Power of Security Zines Video Rohit Sehgal#digital-learning#security-training#cybersecurity-education+1
2023-05-11Tool demoBlackhat APKHunt | OWASP MASVS Static Analyzer Source Code Mrunal Chawda, Sumit Kalaria#owasp#application-pentesting#code-review+4
2023-03-23TalkInsomnihack How to have visibility and security OF CICD ecosystem Video Pramod Rana#ci-cd#devsecops#supply-chain-security+3
2022-12-07Tool demoBlackhat vAPI: Vulnerable Adversely Programmed Interface Source Code Tushar Kulkarni#api-security#application-pentesting#secure-development+4
2022-09-24TalkC0c0n Raining CVEs on Wordpress plugins with Semgrep Shreya Pohekar, Syed Sheeraz Ali#web-security#static-analysis#sast+1
2022-09-24TalkC0c0n Web3 Security - Security in MetaVerse, and the new world of web3 Rohit Srivastwa#web3#decentralized-systems#smart-contracts+2
2022-09-23TalkC0c0n Securing your APIs for a cloud native future Navendu Pottekkat#api-security#secure-development#devsecops
2022-09-23TalkC0c0n Threats Landscape and Intelligence of API & Shield to protect Navaneethan M#api-security#threat-landscape#threat-hunting+1
2022-09-08Tool demoNullcon ZaaS: [OWASP] ZAP As A Service - Continous Security For 20K+ APIs Presentation Rohit Sehgal, Varun Kakumani#owasp#api-security#cloud-workload-protection+3
2022-09-08TalkNullcon Raining CVEs On WordPress Plugins With Semgrep Presentation Video Shreya Pohekar, Syed Sheeraz Ali#static-analysis#code-review#secure-coding+3
2022-09-07TalkNullcon Hacking 5G Is No Rocket Science Presentation Video Altaf Shaik, Matteo Strada#api-security#application-pentesting#security-testing
2022-09-06PanelNullcon PAM Maturity From Zero Trust To Least Privilege Video Ajay Bongirwar, Charanjit Bhatia, Bala Ramanan#security-strategy#zero-trust#access-management+2
2022-08-12TalkDefcon Stop worrying about Nation-States and Zero-Days; let’s fix things that have been known for years Video Vivek Ponnada#secure-coding#devsecops#owasp
2022-08-10TalkBlackhat Attacks From a New Front Door in 4G & 5G Mobile Networks Presentation Video Altaf Shaik, Shinjo Park, Matteo Strada#api-security#access-management#identity-theft+4
2022-04-08TalkNullcon Attack Surfaces for 5G Networks Video Altaf Shaik#application-pentesting#security-development-lifecycle#api-security
2022-04-08PanelNullcon Digital Identity In The Age Of Fintech Video Sheetal Joseph, Alessandro Avagliano, Guido Reismueller, Benoit Flippen, Travis Carelock#identity-management#access-management#authentication+4
2022-03-25TalkInsomnihack Hook, Line and Sinker - Pillaging API Webhooks Video Abhay Bhargav#web-security#api-security#ssrf+1
2021-11-13TalkC0c0n Enhancing An Multi-Factor Authentication (MFA) through Behavioural Biometrics Kiran Kumar Pg#authentication#mfa#architecture
2021-11-13TalkC0c0n Exploiting 2A(Authentication and Authorization) Vulnerabilities of Web Application Gayatri Nayak#web-security#authentication#authorization+2
2021-11-13TalkC0c0n Server-side javascript Injection Presentation Kavisha Sheth#web-security#secure-coding#web-pentesting
2021-11-11Tool demoBlackhat vAPI: Vulnerable Adversely Programmed Interface (OWASP API Top 10) Source Code Tushar Kulkarni#api-security#application-pentesting#security-testing+4
2020-11-21TalkAppsecindonesia Learn how to find and exploit race conditions in web apps with OWASP TimeGap Theory Abhi M Balakrishnan#web-security#owasp#application-pentesting+1
2020-11-11TalkPowerofcommunity My Hacking Adventures With Safari Reader Mode Presentation Nikhil Mittal 1#browser-security#ios-security#vulnerability-assessment+1
2020-10-01Tool demoBlackhat OWASP Python Honeypot Source Code Sri Harsha Gajavalli, Ali Razmjoo#web-security#owasp#security-assessment+1
2020-09-18TalkC0c0n Introducing SniperPhish: A Web-Email Spear Phishing Toolkit Source Code Video Sreehari Haridas, Gem George#phishing#application-pentesting#security-development-lifecycle+4
2020-09-18TalkC0c0n Broken Cryptography & Account Takeover Harsh Bothra#encryption#ssl#security-testing+2
2020-09-18TalkC0c0n Web Application hacking with WebZGround Video Parveen Yadav, Narendra Kumar#web-security#web-pentesting#security-assessment+3
2020-09-16TalkAuscert Modern Browser Security - The First line of Defense Video Prateek Gianchandani#browser-security#exploit-development#fuzzing+1
2020-08-09TalkDefcon Running an appsec program with open source projects Presentation Video Vandana Verma Sehgal#owasp#secure-development#devsecops+3
2020-03-06Tool demoNullcon FRISPY Source Code Tejas Girme, Parmanand Mishra#spyware#red-teaming#api-security+3
2020-03-06Tool demoNullcon Hachi Source Code Parmanand Mishra#att&ck#blueteam#rest-api+1
2020-03-06Tool demoNullcon spike2kill Source Code Manish Singh#web-scraping#ai-security#nlp+4
2020-03-06Tool demoNullcon Wolverine Source Code Furqan Khan, Siddharth Anbalahan#linux#secure-coding#web-security+3
2019-10-11TalkTexascybersummit Exploit The State of Embedded Web Security in IoT Devices ! Aditya K Sood#iot-security-testing#web-security#embedded-security
2019-09-28TalkRomhack Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it Presentation Video Samit Anwer#oauth#phishing#csrf+2
2019-09-27TalkC0c0n Stepping into Password Less Economy Ajit Hatti#authentication#identity-management#secure-development+1
2019-09-23TalkRootcon Identity crisis: war stories from authentication failures Presentation Video Vishal Chauhan#authentication#identity-management#vulnerability-assessment+3
2019-08-11TalkDefcon Exploiting and Securing iOS Apps using OWASP iGoat Swaroop Yermalkar#ios-security#application-pentesting#security-assessment+3
2019-08-08TalkDefcon Phishing in the cloud era Presentation Ashwin Vamshi, Abhinav Singh#phishing#api-security#web-security+2
2019-08-08TalkBlackhat Preventing Authentication Bypass: A Tale of Two Researchers Presentation Ravi Jaiswal, Terry Zhang, Ron Chan#security-development-lifecycle#identity-management#authentication+4
2019-08-08Tool demoDefcon Hachi: An Intelligent threat mapper Source Code Parmanand Mishra#att&ck#blueteam#rest-api+1
2019-05-28TalkSecurityfest Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it Video Samit Anwer#web-security#iam#appsec
2019-05-21TalkPhdays GDALR: an efficient model duplication attack on black-box machine learning models Presentation Rewanth Tammana, Nikhil Joshi#red-teaming#machine-learning#api-security+3
2019-05-09TalkHitbsecconf GDALR: Duplicating Black Box Machine Learning Models Presentation Video Rewanth Tammana, Nikhil Joshi#machine-learning#red-teaming#api-security+2
2019-03-28Tool demoBlackhat OWASP Nettacker: Automated Penetration Testing Framework Source Code Sri Harsha Gajavalli, Ali Razmjoo Qalaei, Ehsan Nezami#network-pentesting#vulnerability-assessment#firewall+3
2018-12-06Tool demoBlackhat Astra: Automated Security Testing For REST APIs Source Code Sagar Popat, Harsh Grover#security-assessment#rest-api#ci-cd
2018-11-27TalkHitbsecconf BSIDES: Creating Browser Extensions to Hunt for Low-Hanging Fruit Presentation Source Code Video Rewanth Tammana#red-teaming#application-pentesting#browser-security+2
2018-10-05TalkC0c0n Pentesting GraphQL Applications Presentation Source Code Neelu Tripathy#security-assessment#application-pentesting#dynamic-analysis+4
2018-10-05TalkC0c0n DomGoat - the DOM Security Playground Source Code Lavakumar Kuppan#xss#web-security#input-validation+4
2018-10-04TalkConfidence Hacking 50 Million users using 123456 Aman Sachdev, Himanshu Sharma#web-security#authentication#ethical-hacking+2
2018-09-27TalkRootcon Defending cloud Infrastructures with Cloud Security Suite Presentation Source Code Video Shivankar Madaan#aws#secure-coding#web-security+2
2018-08-12TalkDefcon Last mile authentication problem: Exploiting the missing link in end-to-end secure communication Presentation Video Siddharth Rao, Thanh Bui#encryption#authentication#ipc+1
2018-08-11Tool demoDefcon Sh00tβ€”An open platform for manual security testers & bug hunters Source Code Pavan Mohan#security-assessment#bug-hunting#secure-coding+1
2018-08-09Tool demoBlackhat OWASP Offensive Web Testing Framework Source Code Viyat Bhalodia#owasp#security-assessment#red-teaming
2018-08-09Tool demoBlackhat rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style Presentation Source Code Sudheendra Bhat, Ismael Valenzuela#incident-management#rest-api#forensics
2018-08-08Tool demoBlackhat Astra: Automated Security Testing For REST APIs Source Code Ankur Bhargava, Prajal Kulkarni, Sagar Popat#security-assessment#rest-api#api-security+4
2018-06-04TalkConfidence From 123456 on a staging to compromising a multi-million dollar VC - The journey of us Red Teamers of a hack spanning over 200 days Himanshu Sharma, Aman Sachdev#red-teaming#ethical-hacking#security-assessment+2
2018-05-30TalkAuscert How to Bypass Authentication & Authorization Presentation Sarwar Jahan#authentication#authorization#web-security+1
2018-05-29Award Data Exfiltration via Formula Injection #Part1 Source Code Ajay Prashar, Balaji Gopal#data-leak#exploitation#web-security+1
2018-03-01TalkNullcon Looting your bank savings using Digital India Presentation Video Indrajeet Bhuyan#red-teaming#application-pentesting#api-security+4
2017-09-13Talk44con Red Team Revenge : Attacking Microsoft ATA Presentation Video Nikhil Mittal#windows#red-teaming#active-directory+4
2017-08-19TalkC0c0n Trust, the foundation of Digital Mastery Sunil Varkey#identity-management#authentication#risk-management+2
2017-08-18TalkC0c0n Case study: Security of Digital Wallet apps in India Ashwath Kumar, Sandesh Mysore Anand#appsec#mobile-pentesting#application-hardening+4
2017-08-18TalkC0c0n Mobile Banking (In)Security Sneha Rajguru#appsec#purpleteam#red-teaming+1
2017-07-30Tool demoBlackhat Yasuo Source Code Saurabh Harit#secure-coding#red-teaming#blueteam+3
2017-07-29Tool demoDefcon Fuzzapi Source Code Video Abhijeth Dugginapeddi, Lalith Rallabhandi, Srinivas Rao#fuzzing#rest-api#security-assessment
2017-07-27Tool demoBlackhat Fuzzapi - Fuzzing Your RESTAPIs Since Yesterday Source Code Lalith Rallabhandi, Abhijeth Dugginapeddi, Srinivas Rao#fuzzing#rest-api#security-assessment+1
2017-06-26Tool demoBlackhat DiffDroid Source Code Anto Joseph#android#security-assessment#web-security
2017-06-23TalkHackinparis Injecting Security into Web apps with Runtime Patching and Context Learning Presentation Video Ajin Abraham#blueteam#secure-development#sqli+4
2017-05-23TalkPhdays Injecting security into web apps in the runtime Presentation Ajin Abraham#blueteam#secure-development#sqli+4
2017-03-03TalkNullcon Injecting Security into Web apps with Runtime Patching and Context Learning Presentation Video Ajin Abraham#blueteam#secure-development#sqli+4
2017-01-25TalkOwaspappseccalifornia DASTProxy: Don’t let your automated security testing program stall on crawlInstead focus on business context Presentation Video Kiran Shirali, Srinivasa Rao Chirathanagandla#dynamic-analysis#dast#devsecops+2
2017-01-25TalkOwaspappseccalifornia OCSP Stapling in the Wild Video Devdatta Akhawe, Emily Stark#web-security#architecture#devsecops
2016-11-04Tool demoBlackhat Yasuo Source Code Saurabh Harit#secure-coding#red-teaming#blueteam+3
2016-10-14TalkAppsecusa Automating API Penetration Testing using fuzzapi Source Code Video Abhijeth Dugginapeddi, Lalith Rallabhandi#fuzzing#api-security#application-pentesting+4
2016-10-07TalkDeepsec Inside Stegosploit Presentation Video Saumil Shah#web-security#exploitation#security-assessment
2016-08-19TalkC0c0n Kill the password - A new era of authentication Tamaghna Basu#authentication#iam#architecture+1
2016-08-19TalkC0c0n Esoteric XSS Payloads Presentation Riyaz Walikar#xss#red-teaming#code-injection+3
2016-07-01TalkHackinparis DIFFDroid - Dynamic Analysis Made Easier for Android Source Code Video Anto Joseph#android#security-assessment#web-security
2016-03-15TalkGroundzerosummit Web App Security Harpreet Singh, Himanshu Sharma, Nipun Jaswal#web-security#api-security#secure-coding+3
2015-11-05TalkGroundzerosummit Authentication flaw in Automatic Bank Passbook printing machine. Indrajeet Bhuyan#authentication#identity-management#application-pentesting+3
2015-11-05TalkGroundzerosummit Sanctioned to Hack: Your SCADA HMIs Belong to Us! Aditya K Sood#ics-security#web-security#firmware-analysis+2
2015-11-05TalkGroundzerosummit XSS - The art of evading web application filters! Anirudh Anand#xss#application-pentesting#input-validation+2
2015-10-25TalkToorcon PixelCAPTCHA – A Unicode Based CAPTCHA Scheme Gursev Singh Kalra#web-security#authentication#bypassing
2015-09-25TalkAppsecusa The State of Web Application Security in SCADA Web Human Machine Interfaces (HMIs)! Aditya K Sood#scada#hmi#web-security+1
2015-09-11Talk44con Stegosploit – Drive-by Browser Exploits using only Images Presentation Source Code Video Saumil Shah#steganography#red-teaming#web-security+1
2015-08-07TalkDefcon Hacker’s Practice Ground Video Lokesh Pidawekar#security-assessment#ethical-hacking#vulnerability-assessment+2
2015-08-01TalkC0c0n Understanding the known : A deep look at OWASP A9 : Using Components with Known Vulnerabilities Presentation Source Code Anant Shrivastava#owasp#blueteam#security-testing+4
2015-07-06TalkBlackhat DOM FLOW - UNTANGLING THE DOM FOR MORE EASY-JUICY BUGS Presentation Video Ahamed Nafeez#red-teaming#xss#application-pentesting+2
2015-05-28TalkHitbsecconf Stegosploit: Hacking With Pictures Presentation Saumil Shah#red-teaming#steganography#web-security
2015-03-27TalkSyscan Stegosploit - Hacking with Pictures Presentation Video Saumil Shah#steganography#red-teaming#web-security+1
2015-03-26Tool demoBlackhat OWASP Xenotix XSS Exploit Framework Presentation Source Code Ajin Abraham#owasp#xss#blueteam+3
2015-02-06TalkNullcon Pentesting a website with million lines of Javascript Presentation Lavakumar Kuppan, Ahamed Nafeez#web-security#security-assessment#application-pentesting+2
2015-01-27TalkOwaspappseccalifornia The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers Video Devdatta Akhawe#web-security#xss#csrf+2
2014-10-23TalkHacklu Hacking with Images - Evil Pictures Presentation Saumil Shah#red-teaming#steganography#application-pentesting+3
2014-10-23TalkHacklu WiHawk - Router Vulnerability Scanner Presentation Source Code Anamika Singh#wifi#red-teaming#csrf+1
2014-09-25TalkVirusbulletin Optimized mal-ops. Hack the ad network like a boss Presentation Video Rahul Kashyap, Vadim Kotov#browser-security#web-security#malware-distribution+1
2014-09-24TalkBrucon OWASP: OWTF Source Code Video Bharadwaj Machiraju#security-assessment#application-pentesting#dynamic-analysis+2
2014-09-12Talk44con Pentesting NoSQL DB’s Using NoSQL Exploitation Framework Video Francis Alexander#exploitation#web-pentesting#penetration-testing-tools
2014-08-21TalkUsenix The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers Presentation Whitepaper Devdatta Akhawe, Zhiwei Li, Warren He, Dawn Song#web-security#xss#csrf+2
2014-06-23TalkHackinparis Pentesting NoSQL DB’s with NoSQL Exploitation Framework Presentation Video Francis Alexander#secure-coding#security-assessment#application-pentesting+4
2014-05-29TalkHitbsecconf Exploiting NoSQL Like Never Before Presentation Francis Alexander#exploitation#web-pentesting#code-injection
2014-03-27TalkBlackhat JS Suicide: Using JavaScript Security Features to Kill JS Security Presentation Video Ahamed Nafeez#web-security#red-teaming#csrfguard+1
2014-03-15TalkHitbsecconf JS Suicide: Using Javascript Security Features to Kill Itself Presentation Ahamed Nafeez#web-security#application-pentesting#code-review+3
2014-02-15Tool demoNullcon DrupSnipe Ranjeet Sengar, Sukesh Pappu#drupal#security-assessment#application-pentesting+2
2014-02-15Tool demoNullcon OWASP OWTF - The Offensive (Web) Testing Framework Source Code Bharadwaj Machiraju, Abraham Aranguren#security-assessment#application-pentesting#security-tools+3
2014-02-15Tool demoNullcon OWASP Xenotix XSS Exploit Framerwork Source Code Ajin Abraham#owasp#xss#blueteam+3
2014-02-15Tool demoNullcon XMLChor Source Code Harshal Jamdade#exploitation#web-pentesting#security-tools
2014-02-14TalkNullcon o’Dea Assertions - Untwining the Security of the SAML Protocol Video Achin Kulshrestha#authentication#saml#sso+2
2014-02-14TalkNullcon A security analysis of Browser Extensions Presentation Abhay Rana#browser-security#web-security#vulnerability-assessment
2014-02-14TalkNullcon phoneypdf: A Virtual PDF Analysis Framework Presentation Video Kiran Bandla#pdf#web-security#red-teaming+2
2013-11-21TalkAppsecusa Wassup MOM? Owning the Message Oriented Middleware Video Gursev Singh Kalra#api-security#secure-coding#application-pentesting
2013-11-20PanelAppsecusa Aim-Ready-Fire Pravir Chandra, Ajoy Kumar, Suprotik Ghose, Jason Rottaupt, Ramin Safai, Sean Barnum, Wendy Nather#appsec#secure-development#security-strategy
2013-09-27TalkC0c0n Lets Play - Applanting on new Grounds Ajit Hatti#android#red-teaming#csrf+1
2013-09-27TalkC0c0n SSRF / XSPA - Real World Attacks and Mitigations Riyaz Walikar#ssrf#xspa#red-teaming
2013-09-27TalkC0c0n Snake Bites Presentation Anant Shrivastava#secure-coding#security-assessment#xss
2013-08-15TalkUsenix Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness Presentation Whitepaper Devdatta Akhawe, Adrienne Felt#web-security#security-training#architecture+2
2013-08-01Tool demoBlackhat OWASP Xenotix XSS Exploit Framework Source Code Ajin Abraham#owasp#xss#blueteam+3
2013-07-31TalkBlackhat Clickjacking revisited: A perceptual view of UI security Presentation Video Devdatta Akhawe#clickjacking#blueteam#red-teaming
2013-07-31TalkBlackhat Javascript static security analysis made easy with JSPrime Presentation Whitepaper Source Code Video Nishant Das Patnaik, Sarathi Sabyasachi Sahoo#web-security#blueteam#application-hardening+4
2013-03-15Tool demoBlackhat OWASP Xenotix XSS Exploit Framework Source Code Ajin Abraham#owasp#xss#blueteam+3
2013-03-14TalkBlackhat Lets play - Applanting Presentation Whitepaper Video Ajit Hatti#red-teaming#csrf#clickjacking+1
2013-03-01TalkNullcon Inception of graphical passwords Video Rishi Narang#authentication#application-pentesting#secure-development+3
2013-03-01TalkNullcon CSRF Finder as a Mozilla Addon Video Piyush Pattanayak#csrf#blueteam#application-pentesting+4
2013-03-01TalkNullcon Automating JavaScript Static Analysis Lavakumar Kuppan#web-security#security-assessment#blueteam
2013-03-01TalkNullcon Detecting and Exploiting XSS Vulnerabilities and Xenotix XSS Exploitation Framework Presentation Video Ajin Abraham#xss#red-teaming#application-pentesting+3
2012-12-06TalkBlackhat Attacking ODATA Presentation Whitepaper Source Code Gursev Singh Kalra#red-teaming#api-security#application-pentesting+2
2012-12-01TalkClubhack FatCat Web Based SQL Injector Presentation Source Code Video Sandeep Kamble#sqli#red-teaming#input-validation+4
2012-12-01TalkClubhack Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Presentation Video Ajin Abraham#xss#red-teaming#application-pentesting+4
2012-12-01TalkClubhack XSSshell Presentation Video Vandan Joshi#xss#application-pentesting#code-review+4
2012-10-26TalkAppsecusa XSS & CSRF with HTML5 - Attack, Exploit and Defense Video Shreeraj Shah#xss#csrf#dynamic-analysis+3
2012-10-25TalkAppsecusa Cross Site Port Scanning Video Riyaz Walikar#web-security#owasp#api-security
2012-10-11TalkHitbsecconf XSS & CSRF strike back – Powered by HTML5 Presentation Shreeraj Shah#red-teaming#csrf#cors+1
2012-10-10TalkHitbsecconf Innovative Approaches to Exploit Delivery Video Saumil Shah#red-teaming#exploit-delivery#browser-security
2012-09-28TalkNullcon Alert(/xss/) - How to catch an XSS before someone exploits / reports it? Ahamed Nafeez#web-security#xss#secure-coding+2
2012-09-26TalkNullcon How secure is internet banking in India Video Ajit Hatti#web-security#authentication#financial-institutions+1
2012-08-15Award Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select) Source Code Gursev Singh Kalra#api-security#web-pentesting#security-tools
2012-08-03TalkC0c0n Evil JavaScript Bishan Singh#red-teaming#web-security#application-pentesting+4
2012-07-26TalkBlackhat HTML5 top 10 threats – Stealth Attack and Silent Exploits Presentation Whitepaper Video Shreeraj Shah#red-teaming#cors#csrf+3
2012-07-26Tool demoBlackhat Bypassing Every CAPTCHA provider with clipcaptcha Source Code Gursev Singh Kalra#web-security#bypassing#security-tools
2012-07-25Tool demoBlackhat Oyedata for OData Assessments Source Code Gursev Singh Kalra#api-security#web-pentesting#security-tools
2012-07-14TalkHope Advancements in Botnet Attacks and Malware Distribution Video Aditya K Sood#botnet#web-security#reverse-engineering+1
2012-05-13TalkCarolinacon Attacking CAPTCHAs for Fun and Profit Gursev Singh Kalra#web-security#bypassing#exploitation
2012-03-15TalkNullcon An App(le) a day keeps the wallet away Antriksh Shah#security-assessment#web-security#api-security+1
2012-03-15TalkGrrcon SCADA Security: Why is it so hard? Video Amol Sarwate#scada#ics-security#authentication+2
2012-03-14TalkBlackhat HTML5 top 10 threats – Stealth Attack and Silent Exploits Presentation Whitepaper Video Shreeraj Shah#red-teaming#cors#csrf+3
2012-03-02Award CAPTCHA Re-Riding Attack Source Code Gursev Singh Kalra#web-security#bypassing#authentication
2012-02-15TalkNullcon Content sniffing Algorithm bypassing techniques and possible attack vectors Video Anil Aphale, Chaitany Kamble#red-teaming#xss#web-security+2
2012-02-15TalkNullcon Javascript static analysis with IronWASP Presentation Video Lavakumar Kuppan#web-security#security-assessment#blueteam
2012-02-15TalkNullcon Node.js: The good, bad and ugly Video Bishan Singh#web-security#red-teaming#blueteam+1
2012-02-15TalkNullcon Ra.2 Blackbox DOM-based XSS scanner Presentation Source Code Video Nishant Das Patnaik, Sarathi Sabyasachi Sahoo#xss#blueteam#security-assessment
2011-12-04TalkClubhack DOM XSS – Encounters of the 3rd Kind Presentation Video Bishan Singh#xss#red-teaming#secure-coding+4
2011-11-17Award CAPTCHA Hax With TesserCap Source Code Gursev Singh Kalra#web-security#bypassing#authentication
2011-10-07TalkC0c0n Password Less Authentication, Authorization Whitepaper Srikar Sagi#authentication#authorization#iam
2011-10-07TalkVirusbulletin Browser exploit packs - exploitation paradigm Presentation Whitepaper Aditya K Sood, Richard J Enbody#exploit-kit#malware-research#browser-security+1
2011-09-19TalkBrucon Step-by-Step for Software Security (that anyone can follow) Pravir Chandra#software-security#secure-development#devsecops+4
2011-09-07TalkSecuritybyte Social Web & Privacy – An evolving world Bala Sathiamurthy, Aridaman Tripathi#data-protection#api-security#security-compliance+2
2011-09-06TalkSecuritybyte Application Security Strategies Presentation K K Mookhey#secure-coding#secure-development#web-security+3
2011-09-06TalkSecuritybyte Enabling Un-trusted Mashups Presentation Bishan Singh#web-security#xss#csrf+4
2011-09-06TalkSecuritybyte Security Threats on Social Networks Presentation Nithya Raman#social-engineering#web-security#security-training+1
2011-08-03TalkBlackhat Reverse Engineering Browser Components: Dissecting and Hacking Silverlight, HTML 5 and Flex Presentation Whitepaper Video Shreeraj Shah#reverse-engineering#ajax#web-security+1
2011-05-20TalkHitbsecconf Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2) Presentation Shreeraj Shah#red-teaming#cors#csrf+3
2011-02-25TalkNullcon Lessons Learned From 2010 Presentation Video Saumil Shah#red-teaming#exploit-delivery#social-engineering+2
2011-02-25TalkNullcon (secure) SiteHoster – Disable XSS & SQL Injection Presentation Whitepaper Source Code Abhishek Kumar#xss#sqli#blueteam+1
2010-11-11TalkBlackhat Attacking with HTML5 Presentation Lavakumar Kuppan#web-security#xss#web-pentesting+1
2010-10-13TalkHitbsecconf Hacking a Browser’s DOM – Exploiting Ajax and RIA Presentation Video Shreeraj Shah#red-teaming#web-security#ajax+3
2010-07-30TalkDefcon Hacking Oracle From Web Apps Video Sumit Siddharth#sql-injection#application-pentesting#security-testing+2
2010-07-29TalkBlackhat Hacking Browser’s DOM - Exploiting Ajax and RIA Presentation Whitepaper Shreeraj Shah#red-teaming#ajax#application-pentesting+4
2010-07-29TalkBlackhat Hacking Oracle From Web Apps Presentation Whitepaper Video Sumit Siddharth#red-teaming#sql-injection#application-pentesting+3
2010-07-01TalkHitbsecconf Top 10 Web 2.0 Attacks and Exploits Presentation Shreeraj Shah#red-teaming#cors#csrf+3
2010-06-18TalkSyscan REVERSE ENGINEERING WEB 2.0 APPLICATIONS Shreeraj Shah#reverse-engineering#ajax#web-security+1
2010-03-15TalkBlackhat 400 Apps in 40 Days Presentation Video Nish Bhalla, Sahba Kazerooni#risk-management#application-pentesting#attack-surface+1
2010-03-02Award Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution Source Code Lavakumar Kuppan#clickjacking#application-hardening#security-testing+1
2010-02-03TalkBlackhat Beware of Serialized GUI Objects Bearing Data Presentation Rohini Sulatycki, David Byrne#apache-myfaces#sun-mojarra#red-teaming+1
2009-12-05TalkClubhack Lust 2.0 – Desire for free WiFi and the threat of the Imposter Presentation Lavakumar Kuppan#wifi#red-teaming#phishing+1
2009-12-05TalkClubhack Incident Handling and Log Analysis for Web Based Incidents Presentation Manindra Kishore#incident-management#forensics#application-pentesting+2
2009-11-18TalkSecuritybyte Hacking Oracle From Web Presentation Sumit Siddharth#red-teaming#sql-injection#application-hardening+1
2009-05-19TalkSyscan Securing Enterprise Applications Shreeraj Shah#web-security#ajax#xss+4
2008-10-29TalkHitbsecconf Top 10 Web 2.0 Attacks Presentation Video Shreeraj Shah#web-security#ajax#xss+4
2008-10-22TalkHacklu Browser Exploits - A new model for Browser security Presentation Saumil Shah#red-teaming#application-hardening#browser-security+4
2008-08-21TalkOwaspappsecindia AppSec For Managers Nish Bhalla#appsec#owasp#blueteam
2008-08-20TalkOwaspappsecindia Web 2.0 Attacks - Next Generation Threats on the Rise Presentation Shreeraj Shah#red-teaming#blueteam#purpleteam+3
2008-08-20TalkOwaspappsecindia Application Security Trends & Challenges Presentation Kamlesh Bajaj#owasp#appsec#secure-development+4
2008-08-20TalkOwaspappsecindia Building Enterprise AppSec Program Nish Bhalla#appsec#secure-development#security-testing+4
2008-08-20TalkOwaspappsecindia Web Application Security: Too Costly To Ignore Presentation Rajesh Nayak#appsec#blueteam#application-hardening+4
2008-04-16TalkHitbsecconf Securing Next Generation Applications Γ’β‚¬β€œ Scan, Detect and Mitigate Shreeraj Shah#web-security#ajax#xss+4
2008-02-20TalkBlackhat Scanning Applications 2.0 - Next Generation Scan, Attacks and Tools Presentation Shreeraj Shah#red-teaming#blueteam#purpleteam+3
2007-12-19TalkClubhack Backdoor 2.0: Hacking Firefox to steal his web secrets Presentation Sunil Arora#red-teaming#application-pentesting#browser-security+2
2007-11-20TalkDeepsec Web 2.0 Application Kung-Fu - Securing Ajax & Web Services Presentation Video Shreeraj Shah#ajax#web-security#blueteam
2007-09-06TalkHitbsecconf Hacking Ajax and Web Services Γ’β‚¬β€œ Next Generation Web Attacks on the Rise Presentation Video Shreeraj Shah#red-teaming#ajax#web-security
2007-04-05TalkHitbsecconf WEB 2.0 Hacking – Defending Ajax and Web Services Presentation Shreeraj Shah#red-teaming#blueteam#purpleteam+2
2007-03-15TalkBlackhat Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch Presentation Video Nish Bhalla, Rohit Sethi#web-security#xss#sql-injection+4
2006-08-02TalkBlackhat SQL Injections by Truncation Presentation Bala Neerumalla#web-security#sql-injection#secure-coding
2005-09-26TalkHitbsecconf Web hacking Kung-Fu and Art of Defense Presentation Shreeraj Shah#blueteam#application-pentesting#code-review+4
2005-06-10TalkSyscan .Net Web Security-Attack And Defense Shreeraj Shah#.net#web-security#web-pentesting
2001-11-21TalkBlackhat One-Way SQL Hacking : Futility of Firewalls in Web Hacking Presentation Video Saumil Shah#firewall#red-teaming#sql-injection+2