Web Application Pentester
Riyaz Walikar is a Web Application Pentester, Security evangelist and researcher. He has been active in the security community for the better part of the last 10 years. He has been actively involved with the Bangalore OWASP and null chapter for the last 7 years and is one of the OWASP and null Bangalore chapter leads.
He is actively involved with Vulnerability Research in popular Web Applications and Network aware services and has disclosed several security issues in popular software like Apache Archiva, Openfire, Joomla!, EJabberd, .NET Script Injection Bypass and has had luck with finding vulnerabilities with popular web applications like Facebook, Twitter, Google, Cisco, Symantec, Mozilla, PayPal, Ebay, Apigee, Yahoo, Adobe, Tumblr, Pinterest etc. for which he is on the Hall of Fame for most of these services. He has also been a speaker and trainer at several security conferences including OWASP AppsecUSA 2012, BlackHat Abu Dhabi 2012, Las Vegas 2015, EU 2015, nullcon 2012, 2013, 2014, 2015, 2016 and 2017, DefCon Las Vegas 2016 and c0c0n 2011,2013,2015 and 2016.
His technical interests lie with programming, bug bounty, malware analysis, breaking web applications, playing CTFs, researching devices that fall under the Internet of Things category and penetration testing networks exposed to the Internet. When he is not writing/breaking code, you can find him dabbling in photography, stargazing, playing football, reading or fishing.
Some of the trainings/workshops by Riyaz Walikar include
- Xtreme Web Hacking at NULLCON Goa 2012, 2013, 2014, 2015, 2016
- Cloud Security for Devs & Ops – NULLCON 2017
- Ninja Level Infrastructure Monitoring – DefCon 2016
- Xtreme Web Hacking (CTF Style) – c0c0n 2015, 2016
Some of the talks given by Riyaz Walikar include
- Poking Servers with Facebook – AppsecUSA 2012, BlackHat Abu Dhabi 2012, c0c0n 2013
- A Pentester's Methodology to Discover and Exploit Windows Privilege Escalation flaws – c0c0n 2015, nullcon 2016
- Esoteric XSS Payloads – c0c0n 2016
- The Whys and Hows of Cyber Attacks – SAP Security Summit 2016
An accomplished security professional with over a decade’s experience of providing specialist application and infrastructure consulting services at the highest levels to companies, governments, and organizations around the world. Deep experience of working with clients to provide innovative security insight that truly reflects the commercial and operational needs of the organization from strategic advice to testing and analysis to incident response and recovery. An active participant in the international security community and conference speaker both individually, as chapter lead of the Bangalore chapter of OWASP the global organization responsible for defining the standards for web application security and as a co-founder of NULL India’s largest open security community. Akash runs Appsecco a company focused on Application Security.
Some of the trainings/workshops by Akash include
- Secure Code Review 3-day training at PWC Bangalore 2016
- Web Hacking for Penetration Testers at NULLCON Goa 2016
- Using ZAP for Automating Security Testing half day workshop at OPEN SOURCE SUMMIT Bangalore Feb 2016
- Security Testing in the AWS Cloud 2-day training at PHILLIPS Bangalore
- Secure Web Programming 3-day training at FREECHARGE Bangalore 2015
- Web Security Testing 3-day training at STPI Bangalore
Some of the talks given by Akash include
- App Sec in the time of Docker Containers at c0c0n 2016 Police Conference
- How Attackers Hack at THOUGHTWORKS 2016, SAP INDIA 2015 & PHILIPS INNOVATION CAMPUS 2015
- Building and Operating Secure Applications in The Cloud (Web and Mobile) at UNICOM ETHICAL HACKING SUMMIT 2015, MICROSOFT ACCELERATOR 2015 & ISACA DUBAI 2015
- Security in The Cloud at HSTC2014, 2014