All decks Close
All decks 12

  • Prevent Dev from Committing Secrets into git repositories

    Sensitive information such as the AWS keys, access tokens, SSH keys etc. are often erroneously leaked via the public source code repositories due to accidental git commits. This can be avoided by using pre-commit hooks like “Talisman” which checks for sensitive information in the files before commits or push activity.

    Mar 24, 2020 1,532 0

  • Secure Development

    DevSecOps (Developer track)

    Jun 21, 2018 1,583 0

  • Demystify docker

    Presented at Accenture Brown Bag

    Sep 01, 2017 1,834 0

  • iOS Application Security

    Dec 03, 2015 2,216 0

  • Bangalore - Null Humla Android Mobile Application Offensive Security Workshop

    Our full day Humla session will cover the following topics: • Introduction to Android • Android Security Architecture • Android Permission model • Application Sandboxing • Setting up Android Emulator • Setting up a Mobile Pentest Environment • Reverse Engineering - Understanding, patching and debugging smali code • Investigating app permissions through manifest file • Bypassing Android Permissions • Introduction to Drozer • Using Drozer to find and exploit vulnerabilities • Dynamic and static analysis of the application • Classification of vulnerabilities based on “OWASP Top 10 Mobile Risks”

    Jul 02, 2015 6,318 5

  • Null Humla Android Mobile Application Offensive Security Workshop

    Introduction to Android • Android Architecture • Android Security Architecture • Android Permission model • Application Sandboxing • Setting up Android Emulator • Setting up a Mobile Pentest Environment • Bypassing Android Permissions · Application Analysis · Reverse Engineering · Introduction to Drozer · Using Drozer to find and exploit vulnerabilities · Traffic Interception (Active and Passive) of Android Applications · OWASP Top 10 for Android

    Apr 24, 2015 2,821 0

  • Aha, We Design Better, Cheaper, Faster And Vulnerable Mobile Apps!

    The growing consumer demand for smartphones applications, including banking, trading, e-commerce. Stakeholders needs to accept that forthcoming era will be mobile computing centric w.r.t corresponding hugh apps development. As per Gartner prediction, mobile app projects will outnumber PC projects 4-to-1 by middle of 2015. Hacker-Abhinav As we know mobile apps spreading faster than any other consumer technology in history. It’s not surprising that securing mobile apps, particularly around consumer privacy, is moving onto the front page. This needs to be done with highly disciplined mobile apps security expert with mature threat handling matrix, a great toolkits, and experienced mobile applications testers. The Mobile applications often deal with personal identifiable information, credit cards and other sensitive data including IMs & mail client from giant enterprises. I shall be talking pointers which denotes why mobile application hasty development suffering w.r.t security. Session difficulty level: In-depth talks

    Apr 18, 2015 2,529 1

  • OWASP Bangalore meet - Android Mobile Security

    OWASP Bangalore meet - 28th March 2015 10:00 AM - 2:00 PM Mobile Application Security Testing Overview The Building blocks of Android Apps Live demos w.r.t Android App : Demo 1 - Poor Authorization and Authentication (M5) Demo 2 - Sensitive Information Leakage (M4) Demo 3 – Insecure Data storage (M2) Test factory Arsenal

    Mar 27, 2015 4,088 1

  • Weekend Testing : BNT-13 ~ Cross-site request forgery ~

    Overview: Are you web developer / Tester / Architect, why don’t you stop sucking you web app against CSRF attacks? Mission :- This session is on detecting and exploiting CSRF / XSRF issues. At the end of this session, the participant will be able manually identify CSRF / XSRF vulnerabilities in web applications. URL :- http://weekendtesting.com/archives/3843 Agenda :- Introduction What is Cross Side Request Forgery CSRF check & How to test (Iron OWASP , CSRF Finders) Prevention of CSRF attacks Q & A Prerequisite knowledge: Basic Technical knowledge about web application

    Dec 06, 2014 3,400 3

  • Top 10 Web Application Security Hazards {Part 2}

    Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.

    Sep 21, 2014 4,276 8

  • Top 10 Web Application Security Hazards

    Mission :- Understand / Learn / Practice OWASP Web Security Vulnerabilities https://www.owasp.org/index.php/Top102013-Top_10 In this session, Attendees will perform hands-on exercises to get a better understanding of the OWASP top ten security threats.

    Aug 18, 2014 6,073 3

  • SQL Injection for Beginners

    Mission :- This session is on detecting and exploiting SQL Injection issues. At the end of this session, the participant will be able manually identify SQL Injection vulnerabilities in web applications.

    Jul 29, 2014 9,077 9