Press "Enter" to skip to content

Javan Rasokat Posts

My talk at Ekoparty security conference

I just finished my talk at Ekoparty Security Conference Maintrack. It’s day 2 of three and the conference is just a blast. It is such a great selection of presentations and I am looking forward to the new connections I’ve made! Ya está disponible la charla de @javanrasokat: "A race against time" ▶️ https://t.co/dI6OoMwleO#MainTrackTalk #EKO2022 pic.twitter.com/GjmTqrWda2 — Ekoparty | Hacking…

Leave a Comment

Software Quality Engineering Vorlesung am DHBW CAS

Mit großer Freude durfte ich vergangenen Samstag Prof. Dr. Katja Wengler bei der Mastervorlesung “Software Quality Engineering” am DHBW Center for Advanced Studies (CAS) unterstützten. Das Modul “Software Quality Engineering” beschäftigt sich mit der Analyse von Softwaresystemen und deren Optimierung. Was ist Softwarequalität, wie kann Softwarequalität bewertet oder verbessert werden? Je nach Vorkenntnissen der Teilnehmer werden Themen wie Refactoring, Clean…

Leave a Comment

My upcoming talks at #Eko2022 and #GlobalAppSecSanFran

I am already very excited that I will be giving a talk at Ekoparty security conference 2022 in Buenos Aires. #Eko2022 My talk outline: https://ekoparty.org/en_US/eko2022/main-track-talks-a-race-against-time-javan-rasokat Get your tickets here: https://ekoparty.org (free) #GlobalAppSecSanFran I am also looking forward to be part of the OWASP Global AppSec in San Francisco. My talk is on the last day of the conference. Check out…

Leave a Comment

My keynote on “beekeeping and technology” at PLCnext Technology Community Summit

Beekeeping is a fantastic hobby, which I have been doing for over 8 years. I never thought I would get to combine the technical world of sensors and automation in one talk from a beekeeper’s perspective. But it gave me great pleasure to give my keynote on beekeeping and technology at PLCnext Technology Community Summit. With my contribution to this…

Leave a Comment

My talk on “Exploiting Race Condition Vulnerabilities in Web Applications” at #HITB2022SIN conference

I was very pleased to give my presentation on race condition vulnerabilities in web applications at this year’s HITB conference in Singapore. The talks with the participants, the other presentations, the organisation, everything was very well done and I was able to exchange ideas with the security community in Singapore and internationally.The people, the city and the food are amazing.Many…

Leave a Comment

Secure Coding Vorlesung an der Hochschule

Mit dem Thema Informationssicherheit und der sicheren Softwareentwicklung kann man nicht früh genug beginnen. Deshalb ist in diesem Sommersemester 2021 an der DHBW Karlsruhe im Studiengang Wirtschaftsinformatik ein Teil des Studiums das Secure Coding. Als Ent­wick­ler von Weban­wen­dun­gen ist man heu­te mit viel­fäl­ti­gen Ge­fah­ren­po­ten­tia­len kon­fron­tiert. Die Be­dro­hun­gen zu ken­nen, Fall­stri­cke zu ver­mei­den und mit den rich­ti­gen Maß­nah­men ent­ge­gen­zu­wir­ken ge­hört zwei­fel­los…

Leave a Comment

Race Condition leads to MS Account Takeover

This week security researcher Laxman Muthiyah published his bugbounty write-up “How I Might Have Hacked Any Microsoft Account“. For his finding, he was paid a bugbounty of $50,000 by Microsoft. The researcher describes a vulnerability that theoretically can be used to bypass a rate limit which results in brute-forcing a code. Theoretically, a 6-digit code (1 million necessary attempts) can…

1 Comment

Review – My path to CSSLP

This month I passed the (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) exam. As I have been studying with the new version revised in late 2020 and have taken the revised exam, I would like to share my experience with you. My previous security certifications were always practically applied certifications, for example for pentesting. For me, the CSSLP was the…

7 Comments

Review – My path to GXPN

After 3 months of good preparation I passed a challenging GIAC Certification for the GXPN – GIAC Exploit Researcher and Advanced Penetration Tester. The highlights for me were to learn and really understand how to defeat Windows and Linux stack protection, find common mistakes in cryptography implementation and in general to create and customize the tools to make them work…

2 Comments