Abhisek DattainEngineering @ ChargebeePerils of Parsing — Pixel Flood Attack on Java ImageIOWhile interviewing for SSE (Security Engineering), one of the candidates reported the possibility of triggering OutOfMemory exceptions in…Feb 8, 20211Feb 8, 20211
Abhisek DattaExtending The Value of Security Testing by Adopting Variant AnalysisImage source: https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeqlAug 26, 2020Aug 26, 2020
Abhisek DattainAppseccoThe Change — My Experience at AppseccoToday is my last working day at Appsecco. Almost like an end of an era for me. An experience that I will never forget. An experience of…Aug 25, 2020Aug 25, 2020
Abhisek DattainAppseccoKubernetes From an Attacker’s Perspective — OWASP Bay Area MeetupLast week, we did an hour long webinar for OWASP Bay Area Meetup group where I spoke about Kubernetes from an Attacker’s Perspective. As…Jun 3, 2020Jun 3, 2020
Abhisek DattainAppseccoThoughts on Security Engineering — How to Secure Systems in Real WorldSome of the most common questions that I get during security conferences are—Apr 27, 2020Apr 27, 2020
Abhisek DattainAppseccoMicroservices Authorization using Open Policy Agent and Traefik (API Gateway)Simplifying centralised authorisation (AuthZ) using Open Policy Agent when using Traefik as the API Gateway. Make your authorisation match.Apr 7, 2020Apr 7, 2020
Abhisek DattainAppseccoPrevent hostPath based Kubernetes attacks with Pod Security PoliciesMitigation for insecure hostPath volume mounts using pod security policiesMar 18, 2020Mar 18, 2020
Abhisek DattainAppseccoKubernetes Namespace Breakout using Insecure Host Path Volume — Part 1Abusing insecure hostPath volume mount in Kubernetes for full K8S cluster compromiseMar 18, 2020Mar 18, 2020
Abhisek DattainAppseccoDesigning Distributed Systems for Security Workflow — Learning from our Nullcon WorkshopWe at Appsecco conducted a workshop at Nullcon 2019 on Using Containers, Kubernetes and Serverless to Automate Appsec and OSINT Workflows…Mar 21, 2019Mar 21, 2019
Abhisek DattainAppseccoAnalysing and Exploiting Kubernetes APIServer Vulnerability- CVE-2018–1002105Cross namespace privilege escalation exploiting trust re-use vulnerability in Kubernetes APIServerDec 7, 20182Dec 7, 20182