'OAuth 2.0 & Security Considerations' @ OWASP/Null Delhi chapter meet

I gave this talk at OWASP/Null Delhi chapter meet. The session was around the OAuth 2.0 workflow and few security considerations that developers or security analyst needs to take care.

Event details: https://null.co.in/events/210-delhi-null-delhi-meet-30-july-2016-null-owasp-combined-meet

Categories: application security appsec null oauth oauth security owasp

Read More

'Security Automation Using ZAP' @ OWASP AppSec Europe '16

These are the slides from my lightning talk at OWASP AppSec Europe 2016. The session broadly consisted of:

- Quick run through of ZAP GUI
- Understanding what can be automated
- How to integrate ZAP with automation scripts
- Example scripts/Hands-on
- Some delicate considerations

Categories: application security appsec automation owasp owasp zap security automation zap

Read More

SSL Certificate pinning: Key Takways

There was a good discussion on OWASP-Leaders mailing list [0] some time ago regarding SSL certificate pinning in applications. 

I thought of summarizing a few key points to consider while opting for certificate pinning: 

Categories: application security appsec certificate pinning code signing Crypto Cryptography SSL Windows Security

Read More