SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Hacking - Bridging the Gap And Going Beyond to Fight Black-Hat
Hacking is one of the areas which shall never stop until the software/hardware exists on this planet. Whatever is built can be compromised and its an order of nature. Some things will never change, but all we can do is protect ourselves from the majority of the attacks and also build solid secure layers around the software that we test. This helps in improving the privacy of our users and also protecting our businesses from the black-hat world. Alas! We have a massive skill shortage. Most white-hat hackers are script kiddies, toolsmith, checkers and someone who keeps running scanners only and then report them as vulnerabilities.
Santhosh Tuppad's question is, if black-hat hackers also use scanners or checkers to hack something, then why is that we have not been able to successfully stop them as we are also using scanners to identify vulnerabilities? Do you get his point? Think.
In this talk, Santhosh Tuppad is going to demonstrate the bad shape of software industry where security is not considered or taken seriously and how shallow or sloppy way of security testing is being done just for the namesake. Santhosh will not just be a pessimist, but also share his thoughts on how we can fix this problem of massive skill shortage and how one can foster their skills by upskilling themselves with characteristics of passion, self-educating, learning, digging deeper and more.
Are you ready for a jaw-dropping session? You bet.
#1. What stays here, stays here or dies later.
#2. I am not responsible for how you use this knowledge.
(Don’t mess with me).
#3. I am a super good person on this good planet called
“Earth”. So, believe me.
JUST DO IT: Vote for me with highest points whether you
like it or not. Or else… I don’t know!
I have been a great liar, a thief, physical
infrastructure breaker, web application hacker,
mobile apps hacker, kiosk machine basher,
black-hat hacker, white-hat hacker, trainer, security
coach and blah blah blah!
● Would you be okay if your car speed is controlled by malicious
● Would you be okay to send heart rate data of your baby
incorrectly to physician? (Man In the Middle)
● Would you be okay if someone takes control of your CCTVs or
Cameras installed in your home? Would you be okay if...
What do Black Hat Hackers do anyway?
1. They don’t care about why they want to hack
2. They care about why they want to hack
3. They are driven by intrinsic motivation
4. They hold grudges, hatred, love, and many other different
5. They don’t fear because of their confidence (but they may
6. Intuition, Instincts & Mindset are the weapons / tools they
believe in unlike most of the White Hat Hackers
7. They do all different kinds of bullshit, but it is great.
How do we bridge this gap so that we can fight the black-hat
● Work on Mindset
● Think Crime
● Watch Border Patrol, Investigation Netflix Episodes, Border
Security, and also make yourself feel like, “Hell yeah, I am a
criminal”. And watch out for the thought process. Warning: It can
be dangerous, but I think you can do it without committing crime.
● Hack your friends account.
● If your inner guidance is guiding you to do something, then just
do it ;) (Warning: Don’t tell people that I told you this. You are
responsible for whatever you do).
OWASP TOP 10 (Go Beyond Them)
● SQL Injection
● Cross Site Request Forgery
● Sensitive Information Disclosure
● Components With Known Vulnerabilities
● Authorisation / Access Control
● And 3 more… (Explore them)
Slides were just for namesake anyways…
Thank you very much.
Points to Remember:
● If you want to talk more about “Software Security” or questions
that needs discussion, please catch me anywhere and let’s go to
● There is no “Silver Bullet” for one question, so let’s talk deeper and
● I don’t know what else I need to write here… So, I will stop.