Speaker Name Manu Zacharia
Title Web Application Security


Manu Zacharia, Information Security evangelist with more than twenty years of professional experience.Awarded the prestigious Microsoft Most Valuable Professional – MVP award consecutively for four years (2009, 2010, 2011 and 2012) in Enterprise Security stream.Also honored with the prestigious Asia Pacific Information Security Leadership Achievements Award for 2010 from (ISC) under Senior Information Security Professional Category. Awarded the Nullcon Black Shield Awards for 2014 under the Community Star category for contribution to community in terms of knowledge sharing, administration, communication, proliferation Recipient of Newsmakers Achievers Awards in IT Sector for the Best Ethical Hacker in 2011 Founder of c0c0n International Hacking & Information Security Conference and also Information Security Day Initiatives. Co-Founder – Ground Zero – Asia’s Foremost Information Security Conference. Creator & Chief Architect of Matriux – Security & Penetration Testing Operating System Associated with International Multilateral Partnership Against Cyber Threats (IMPACT) – the cyber security executing arm of the United Nations’ specialized agency – the International Telecommunication Union (ITU) as Expert Trainer. Director – Indian Infosec Consortium – www.iic.org.in Member – Technology Steering Committee, National Security Database – an Initiative by ISAC Foundation and Govt of India for National Critical Infrastructure protection and Cyber Safety Enlisted with Prometric (www.prometric.com – global leader in technology-enabled testing and assessment services) as their Subject Matter Expert (SME) for Cyber Security Associated with the Signal School, Centre for Defense Communication & Electronic Warfare - premier professional training institution of the Indian Navy in Communications and Information Warfare for their various cyber security courses. Subject Matter Expert for The Information Assurance and Homeland Security Academy Co-authored a book on Intrusion Detection Systems. Also associated with Southern Command, Indian Army and Criminal Investigation Department (CID), Maharashtra Police for their Cyber Security training through C-DAC, ACTS. Founder & Producer of Right Click – A TV Tech Show aired in over 60 countries by Asianet News. Speaker @ various International and national security and technology conferences including Cyber Security Summit 2012, Kuala Lumpur, Malaysia, Qualys Security Conference 2011 (Keynote Speaker), Microsoft Tech-Ed (2010 and 2011), ClubHack, Enterprise Information Security 2010 – Singapore, Bangalore Cyber Security Summit, Security Conference- Bangalore 2010, DevCon, Microsoft Virtual Techdays, Nullcon 2011, etc. Also an expert member of the Curriculum Review Committee of the Indira Gandhi National Open University M-Tech Programme in Information Systems Security. Associated with the Centre for Development of Advanced Computing (C-DAC – the R&D institution and scientific society of the Ministry of Communication & Information Technology, Government of India), as a Guest Faculty for their various Information Security modules. President of Information Security Research Association (ISRA) and an active member of Data Security Council of India, Bangalore Chapter. Closely associated with the academia on various projects and also an invited speaker to various colleges like IIIT, Allahabad, IMT Ghaziabad and SCIT. Visiting faculty to Gujarat Technical University (M-Tech Program in IT Sys & Network Security)


1. Intro to Web Application Security

2. Web Application Architecture

3. Web Application Security Testing / Penetration Testing


5. OWASP Top 10 vulnerabilities

6. Injection Attacks

7. Cross-Site Scripting (XSS)

8. Broken Authentication and Session Management

9. Insecure Direct Object References

10. Cross-Site Request Forgery (CSRF)

11. Security Misconfiguration

12. Insecure Cryptographic Storage

13. Failure to Restrict URL Access

14. Insufficient Transport Layer Protection

15. Un-validated Redirects and Forwards

16. Incident management

17. Log analysis

Buffer Topics

Other Vulnerabilities

File upload Vulnerabilities


Web Application Denial-of-Service (DoS) Attack

Buffer Overflow