Abhinav Mishra

A hacker, security enthusiast, blogger, trainer and a speaker. I love to hack applications, have spoken to conferences about my experiences and research. Have a great interest in penetration testing, and support open source community.

Application Security

Experience at X0RC0NF, 2015 – A security conference

Being a technology focused company, TO THE NEW has always made its presence felt in major conferences around the world. This time, it was X0RC0NF in Cochin, India. I was invited to present my talk there and attend the conference as a speaker. The topic of my talk was "Anatomizing online payment systems: hack to shop", majorly focusing on...

19-Oct-2015

Application Security

Abusing Password reset functionality to steal user data (Part–2)

In continuation to my last blog about possible attacks on a password reset functionality, this part of the same series will look into below two implementations: • Email sent with a temporary password or current password • Secret questions asked and then given the option to reset the password I will mention possible issues which...

29-Sep-2015

Application Security

Abusing Password reset functionality to steal user data (Part – I)

For every developer, implementing a password reset feature is a very interesting part. This is where he develops a logic and then implements it in the code. There is no well-defined industry standard on how to implement a secure password reset functionality in your application. So, the result is that every application has a different way...

02-Sep-2015