Vikas Khanna
During the session, I will present an extensive array of over 15 distinct techniques and vulnerabilities that can be exploited for authentication bypass or account takeover. Some of the vulnerabilities I will cover include Session Puzzling, Session Fixation, Rate Limit Bypasses, Broken Brute-Force Protection, 2FA/OTP Misconfigurations, HTTP-Parameter Pollution, PHP Type Juggling, and many more. These insights will provide attendees with a comprehensive understanding of the various methods used by attackers to compromise authentication mechanisms and take control of user accounts.
Vikas Khanna
Privasec, Technical Specialist
I specialize in Web Application and API Security Assessments. I have worked with industries spanning Finance, E-Commerce, Employee Management, Food, Beverages, and Fitness. I have a track record of successful bug bounty hunting and have identified major security flaws in prominent organizations such as Apple, Google, Microsoft, Oracle, Verizon, Sony, IBM, Intel, Nokia, and ING Bank.