Presentations
Templates
Features
Teams
Pricing
Log in
Sign up

Log in
Sign up

Build. Break. Learn.

Riddhi Shree

A beginner with 10+ years of Software Industry experience

I Take Pride In

Work I've done in my free time!

Enjoyed giving talks, workshops, training, tool demo at conferences

Hack-In-The-Box (HITB), Abu Dhabi
Nullcon, Goa
c0c0n, Kochi
BSides, Delhi
ISC2, Bangalore

I Believe In

Dreaming big. Breaking rules. Creating awareness.

We're here for?

Injection Attacks
Cross-Site Scripting (XSS)
XML External Entities (XXE)
Broken Authentication & Authorization
Insecure Deserialization
Sensitive Data Exposure
Security Misconfigurations

Let's get started..

Injection Attacks

1st Order SQL Injection
2nd Order SQL Injection
OS Command Injection
Template Injection
CRLF Injection

Why does it work?

SQL Injection

OS Command Injection

Template Injection

Template Injection

CRLF Injection

How to Protect?

Proper usage of parameterised queries
Server-side input validation
Proper error handling

Cross Site Scripting (XSS)

Reflected XSS
Stored XSS
DOM-based XSS

Reflected XSS

Stored XSS

DOM Based XSS

How to protect?

Contextual output encoding

https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

XML Eternal Entities (XXE)

File Inclusion
Server-Side Request Forgery (SSRF)
Data Exfiltration
Remote Code Execution (RCE)

Broken Authn and Authz

JWT Validation Bypass
OAuth 2.0 Security Misconfigurations
Session Fixation via HTTP Header Injection
Cross-Site Request Forgery (CSRF)
Insecure Direct Object Reference (IDOR)
Parameter Tampering

JWT Validation Bypass

Brute-force JWT Secret
The None Algorithm
RS256 to HS256

https://jwt.io/

OAUTH 2.0 Authorization

https://tools.ietf.org/html/rfc6749

Typical Client-Server Model

Client authentication involves resource owner's credentials, i.e., resource owner's credentials are shared with third-party clients

OAUTH 2.0 Security Considerations

Unauthenticated Clients
Client Impersonation
Insecure Transmission of Access/Refresh Tokens
Access/Refresh Token Expiry
Open Redirection
Failure to Detect Authorization Code Compromise
Access Token's (Broad) Scope
Sensitive Plaitext Information in "state" and "scope"
Missing CSRF protection for redirection URI (via "state" parameter)
Injection via "state" and "redirect_uri" parameters

Session Fixation via HTTP

https://unsecured.nwebsec.com/SessionFixationAttacker

Cross-Site Request Forgery (CSRF)

Insecure Direct Object Reference (IDOR)

Parameter Tampering

We have been doing this all along, through all our demos.

Insecure Deserialization

Of Untrusted User Input

https://medium.com/blog-blog/insecure-deserialization-e5398e83defe

Sensitive Data Exposure

Missing/Broken Cryptography
Hardcoded Secrets in JavaScript Files
Verbose Error Messages
Verbose Server Responses

Insufficient Cryptography

Poor key management
Use of custom encryption protocols
Use of insecure algorithms

https://www.riddhishree.com/posts/breaking_hashes/

https://www.riddhishree.com/posts/appsec_demo_for_beginners/

https://www.riddhishree.com/posts/unlockme-apk-challenge-at-cocon12/

Security Misconfigurations

Missing Security Headers
Missing Rate Limiting
Weak Password Policy
Use of Default Credentials
Missing Server Side Validations
Permission Issue

Enable HTTP Strict Transport Security (HSTS) Policy

Prevent Cookie Hijacking
Prevent SSL/TLS downgrade attacks

https://tools.ietf.org/html/rfc6797

Content Security Policy (CSP)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

https://cspvalidator.org/#url=https://cspvalidator.org/

Prevent Click-jacking

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

https://apisyouwonthate.com/blog/what-is-api-rate-limiting-all-about

Amazon Cognito Misconfiguration

https://slides.com/riddhishreechaurasia/null-bangalore-vyapi#/4/9
https://github.com/riddhi-shree/knowledge-sharing/blob/master/Mobile/Android/amazon_cognito_authz_issue/README.md

https://aleksikistauri.medium.com/winja-ctf-quiz-3-writeup-98cc20801145

Test Your Skills

docker run --rm -p 3000:3000 bkimminich/juice-shop

Further Reading

https://github.com/riddhi-shree/knowledge-sharing/blob/master/Mobile/Android/amazon_cognito_authz_issue/README.md
https://riddhi-shree.medium.com/security-shepherd-broken-auth-and-session-management-challenge-5-d3044e25a784
https://www.youtube.com/watch?v=bRPpIdvSsJ4
https://blog.appsecco.com/server-side-request-forgery-via-html-injection-in-pdf-download-90ee4053e911
https://github.com/riddhi-shree/knowledge-sharing
https://github.com/riddhi-shree/web-app-pentesting-using-burp-suite
https://drive.google.com/file/d/1c92dHP_kbLlS53iRx_kLP7ht3Ayp7hZU/view?usp=sharing

Build. Break. Learn.

Build. Break. Learn.

By Riddhi Shree Chaurasia

Build. Break. Learn.

4 years ago
821

Riddhi Shree Chaurasia

riddhishree.com
_riddhishree

More from Riddhi Shree Chaurasia

Web3

Riddhi Shree Chaurasia

873
Automated Session HandlingUsing Burp Macros

Riddhi Shree Chaurasia

1222
Winja CTF @Wicked6

Riddhi Shree Chaurasia

588
Palette

Riddhi Shree Chaurasia

594

Tour

Presentations Trending decks Templates Features Pricing Slides for Teams Slides for Developers

Help

Forum Knowledge Base Developers Docs Leave Feedback Report an Issue

Company

News Changelog About Slides Security Partners

Resources

Make slides with AI Embed Google Maps Embed Google Forms Embed YouTube Convert PDF to Slides Convert PPT to Slides Convert Markdown to Slides

Terms • Privacy • © 2025 Slides, Inc.

BESbswyBESbswyBESbswyBESbswy