Pramod Rana
Leon Denard
SeVa aims to provide an accurate triage and priority framework for secrets with below philosophy: 1) Secrets which are confirmed to be valid will be of most priority 2) Secrets which are confirmed to be not valid will be of least priority 3) Remaining secrets will have severity as per triage
SeVa has three primary independent modules: 1) Connector - To connect with a secret source and fetch the details, support major secret scanners 2) Enhancer - This module identifies the secret type and what additional information is required to make a decision on validation as defined above. It also fetches the complimentary information from affected area 3) Validator - This engine validates the secrets and makes the decision on secret validity and provides the output in multiple formats
SeVA provides a fast and noninvasive way to verify credentials with non-intrusive API calls without secrets leaving organization infrastructure. It can be adopted as easily as writing a GitHub Action workflow.
Pramod Rana
Sr. Manager - Application Security
Pramod Rana is author of below open source projects: 1) Omniscient - LetsMapYourNetwork: a graph-based asset management framework 2) vPrioritizer - Art of Risk Prioritization: a risk prioritization framework 3) CICDGuard - Orchestrating visibility and security of CICD ecosystem
He has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HackMiami, HackInParis and Insomnihack before.
He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.
Leon Denard
Information Security Engineer @ Netskope
Leon Denard is a red teamer and application security engineer at Netskope, where he focuses on secret validation, offensive tooling, and helping teams identify security gaps before attackers do. He has led red team operations across finance, cloud, and enterprise environments, combining deep technical work with a strong understanding of secure development practices.
He has hands-on experience with phishing campaigns, password cracking, detection evasion, and building tools to automate repetitive tasks. He is a DEFCON "Crack Me If You Can" champion, GPEN certified, and shares his work at github.com/ltdenard, where he builds and publishes tools.