Roshan Piyush
Soujanya Namburi
Modern attackers aren’t waiting for CVEs. They’re quietly mapping your apps and APIs, uncovering unintended exposures, and slipping past defenses.
Don’t just react, anticipate. This workshop pulls back the curtain on the modern attacker’s playbook. You’ll learn how adversaries extract intelligence from exposed metadata clues hiding in plain sight. Then, we’ll dive into crafting stealthy, context-aware payloads designed to bypass detection and exploit subtle implementation flaws. Through real-world examples and guided exercises, you’ll learn to identify these patterns, recognize evasions, and build resilient detection and prevention strategies.
Takeaways: Early-stage recon via api access, information disclosure through common hardening State of the art evasion techniques with our free, open-source tool Obfuskit Normalization and encoding and adversarial techniques to subvert pathing, routing, and authentication Step up your defensive game against these attacks
Roshan Piyush
Head of Security Research, Traceable by Harness | Co-founder, Aspen Labs | Owasp crAPI Author
Roshan Piyush leads Security Research at Traceable by Harness and Aspen Labs — the dedicated research division within Harness focused on advancing modern application and API security. He is at the forefront of building next-generation security platforms that offer deep protection from code to runtime.
With over a decade of experience in cybersecurity, Roshan has spent the past four years specializing in API security. His day-to-day work involves researching detection and prevention techniques across CI/CD, software supply chains, runtime environments, and cloud-native architectures. This research powers enterprise-grade security solutions used by organizations to defend against evolving threats.
Roshan has contributed to open-source projects such as OWASP crAPI and Coraza WAF, and he actively shares his insights through talks, tools, and community collaboration.
Soujanya Namburi
Senior Security Research Engineer, Harness
I’m Soujanya Namburi, a Developer and Security Research Engineer. I specialize in WAF (Web Application Firewalls), anomaly detection, external surface scanners, and active security testing. I have extensive experience with open source security projects like OWASP Coraza, OWASP Coreruleset, and OWASP Crapi. I’m passionate about building secure, high-performance solutions and contributing to open-source projects that help organizations strengthen their security posture.