Parth Shukla
Security Analyst , Cequence Security
San Jose, California, United States
Actions
Parth Shukla is a dedicated Cybersecurity Analyst at Cequence Security with a strong passion for Web Application Security. He is an accomplished bug hunter, community builder, and cybersecurity enthusiast with a relentless drive to uncover vulnerabilities and share knowledge. Parth’s work focuses on securing modern web applications by addressing critical threats like those outlined in the OWASP API Top 10, including BOLA, SSRF, and Broken User Authentication.
In addition to his professional achievements, Parth has mentored over 600 aspiring cybersecurity professionals, empowering them with skills in ethical hacking, bug bounty hunting, and advanced web application testing. An advocate for continuous learning and collaboration, Parth is a frequent speaker at leading cybersecurity conferences worldwide. Guided by the principle that “security is a myth,” he strives to challenge assumptions and push the boundaries of what’s possible in cybersecurity.
Badges
Area of Expertise
Topics
The Darkside of GraphQL
GraphQL is a query language for APIs that provides a powerful and efficient way to query and manipulate data. As powerful and versatile as GraphQL is, its downside is that it can be vulnerable to certain security threats. In this presentation, we will discuss the security vulnerabilities associated with GraphQL, from the basics to more advanced threats, and how to best protect against them. After this presentation, attendees will have a better understanding of security vulnerabilities in GraphQL, as well as an understanding of the steps needed to protect against them.
Breaking and Securing APIs: A Red Teamer’s Approach
APIs serve as the foundation of modern applications, facilitating seamless data exchange and integration. However, their widespread adoption has also made them a prime target for attackers. This talk will take a deep dive into API security from an offensive perspective, demonstrating how adversaries discover, exploit, and escalate API vulnerabilities.
We will begin by establishing a solid understanding of API reconnaissance, showcasing techniques for discovering exposed endpoints using tools like Shodan and Google Dorking. From there, we’ll transition into the vulnerability discovery phase, examining common weaknesses such as SQL injection, authentication flaws, rate limiting misconfigurations, and excessive data exposure. Through live demonstrations with tools like Burp Suite, attendees will gain insight into how these attacks are carried out in real-world scenarios.
The session will also emphasize Open Source Intelligence (OSINT) and its role in API attacks. We will explore how attackers leverage OSINT tools like Maltego and theHarvester to gather critical information about API infrastructure, users, and potential weak points.
Finally, we’ll shift the focus to defensive strategies, covering essential security measures such as strong authentication, proper authorization mechanisms, input validation, rate limiting, and real-time monitoring. By understanding the offensive mindset, security professionals and developers can better anticipate threats and implement robust protections against API-based attacks.
This talk is designed for red teamers, security engineers, developers, and anyone interested in API security. Attendees will leave with practical insights and actionable techniques to enhance both offensive and defensive API security strategies.
Key Topics Covered:
- Reconnaissance: Discovering exposed APIs and endpoints
- Finding Vulnerabilities: Identifying and exploiting API weaknesses
- OSINT for APIs: Leveraging public data to enhance attacks
- Hands-On Exploitation: Demonstrating real-world attack techniques
- Defensive Best Practices: Strengthening APIs against threats
By the end of this session, participants will have a red teamer’s mindset when approaching API security—understanding not only how APIs are attacked but also how to build stronger defenses to mitigate these risks.
Bot Battles: Unmasking the Hidden Villains of the Digital World
As organizations increasingly rely on APIs for seamless data exchange, this study explores the evolving patterns of API communication and scrutinizes the tactics employed by attackers utilizing bots to exploit vulnerabilities. Real-world case studies illuminate the intricacies of these advanced attacks, ranging from data breaches, account takeover and shopping bots nearly buy all the inventories. The discussion delves into the technical nuances of bot-driven attacks, evaluates their impact on organizations, and proposes defensive strategies.
API Underworld: Red Team Hacking Secrets
This comprehensive workshop is designed to provide participants with a deep understanding of API security, its challenges, and best practices to mitigate risks. Spanning six engaging sessions, the program begins with an introduction to API security and real-world breaches, highlighting the critical importance of securing APIs.
Participants will explore reconnaissance techniques, including using tools like Shodan and Google Dorking, to identify API endpoints. The workshop delves into common API vulnerabilities, such as SQL Injection and XSS, complemented by practical hands-on scanning with Burp Suite.
Additionally, the sessions cover OSINT (Open Source Intelligence) techniques with tools like Maltego, theHarvester, and Wayback, empowering attendees to gather intelligence on API targets. The program culminates with guided vulnerability exploitation exercises and a collaborative group activity to identify and exploit API flaws.
Concluding with a wrap-up session and an open Q&A, this workshop equips participants with the knowledge and skills to secure APIs effectively while fostering a hands-on learning environment
AI Frontiers: Shielding Digital Gateways from Bot Invasions
n the presentation titled "AI Frontiers: Shielding Digital Gateways from Bot Invasions," we delve into the forefront of cyber defense against bot-driven threats that exploit API vulnerabilities. This comprehensive study explores how advanced AI and ML models are being harnessed to fortify digital defenses, offering a detailed analysis of API communication patterns and the evolving landscape of bot attacks. Through a series of real-world case studies, we illuminate the mechanisms of sophisticated bot strategies—ranging from data breaches and account takeovers to shopping bots that deplete inventories. The narrative progresses to unveil how AI/ML technologies serve as the cornerstone of innovative defense mechanisms. We dissect the architecture of AI-driven systems tailored to detect and counteract anomalous behaviors indicative of bot activities, leveraging vast datasets to train ML models that adeptly differentiate between legitimate user interactions and malicious bot intrusions. The discussion further navigates through the technical and operational nuances of implementing AI/ML defenses, emphasizing predictive analytics for preemptive action, machine learning for dynamic threat adaptation, and the overarching impact of such technologies in securing digital ecosystems against the insidious threats posed by automated attacks. This presentation not only highlights the challenges but also showcases the resilience and adaptability of AI/ML solutions in the ever-evolving battle against digital villains.
The Darkside of GraphQL
This presentation on GraphQL security is ideal for developers, architects, and security professionals looking to enhance the security of their GraphQL-based APIs and systems.Attendees will have a better understanding of the security risks and vulnerabilities associated with GraphQL and the necessary measures to protect against them, ensuring the secure and safe operation of their APIs.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top