Here’s a presentation that I’d delivered at a null Mumbai Chapter meet. It’d received pretty good response, so putting it up here as well
Read more →The pictures of Day 2 are here. The second day consisted of 6 workshops – 3 before lunch and 3 after. I was confused on choosing between Sheeraj Shah and Mano Paul’s workshops during the first half; and Jason Li’s talk on “Web 2.0 Security” and “Secure Code Review” workshop (originally by Dinis Cruz,...
Read more →Special Note: I don’t have my Canon EOS 350D with me nowadays, so I had to borrow my roomates Canon Powershot. The quality sucks, but still, the pictures are here. I’ll be honest, going by the conf prices and some of the talk titles; I was expecting OWASP AppSec Delhi to be targeted mainly...
Read more →I spent the first half of the day at SecurCamp -1 (or Security Barcamp). It always great to get together with the community and today was no different. It came a sweet surprise to me that I have quite a few acquaintances in the community. The best part of the whole day, however, was...
Read more →The OWASP Bangalore Chapter met after almost an year today, and I was priviledged to be a part of it. As happens often with technical groups, including LUGs (Linux User Groups), they tend to loose participation and go to indefinite hibernation mode. OWASP-Bangalore’s fate was no different. Anyhoo! The important point is that we...
Read more →Update: OWASP Bangalore Chapter is meeting on 29th June, i.e. Sunday, morning at 9:00 AM at Indian Coffee House. M.G. Road, Bangalore. Join us, if you can. I feel extremely glad to announce that Security Camp, the first security Barcamp in Bangalore (as far as as I know) is on12th of July. It’s being...
Read more →Link People who know me, know that I desist Social networking portals. Don’t worry, this post isn’t another rant. It’s more of an announcement that I’ve joined a Social Network Yup! The guys at GNUCitizen have started a social network for hackers, and very intelligently named it House of Hackers. I’d like to call...
Read more →Demo 1. Phizy-Phizy-Phizy I have always loved making this phizy-phizy-phizy sound purposelessly, which I once heard in a Rob Schneider movie (which, if I remember correctly, was a pathetic movie). Anyhoo! I, now, have a set of very strong reasons to move around repeating the same lines. First, we received a request to be...
Read more →It brings me immense pleasure to inform you that w3af (web application attack and audit framework) has been named the Best Application Scanner in BEST IT Security and Auditing Softwares 2007 list prepared by Security Database. I had mentioned in a few previous articles that I see immense potential in w3af. I must, however,...
Read more →1. Life & Code (The title of this section is taken from Johnny’s blog of the same name, Life and Code. Although my implementation of the phrase isn’t in terms with Johnny’s, yet I could resist using it. ) Life: Three days ago I found that there are some strange entries in my local...
Read more →Update: Kishor reports a flaw in the implementation of “private” videos feature on Orkut. Although I am at office and I haven’t checked it yet myself, I believe I can trust him, based on his posts at Slackers. Nice one Kishor. 1. YAWN Orkut (Google’s MySpace and Facebook for Indian,...
Read more →DEMO This post was due since the Bank of India hack incident, and was fueled by PDP’s Drive-by Java post, which is a very simple, yet a well thought of extension (sort of) to the Drive-by Download attack. This post is aimed to provide a clearer understanding of the Drive-by Download attack (via a...
Read more →Update: I somehow managed to make a blunder. A part of slide no. 12 was taken from David Kierznowski’s (of GNUCitizen and Blogsecurity group) presentation for OWASP Belgium Conf. I missed out on mentioning David’s name is the credits. Apologies David. I’ve updated and re-uploaded it. Yesterday, I presented my first Webinar (Seminar on...
Read more →I know, I know… the title sounds like a cheap promotion ad. As I mentioned in my previous entry that Giorgio has addressed our (mine and Gareth’s) request to block iframes using NoScript. I must, however, admit that I did not expect it to be this fast. NoScript 1.1.7.1 (SilverNight) is here. The changelog...
Read more →Update: Aah. It’s not that there couldn’t have been any better news , but today’s News is that Ma1 has agreed to provide feature to block frames through NoScript from the next version (1.1.7). NoScripts Rocks. Oh and Yes! Ma1 Rocks too …;) I have been pretty busy since the last few weeks (and...
Read more →The Month of Search Engine Bugs by MustLive has come to an end. MutLive reports: In the project took part 33 search engines (30 web engines and 3 local engines) of 19 vendors, some vendors have several engines. The list of project’s participants (in order of appearance): Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex,...
Read more →