Madhu is a security ninja, security and devops researcher with extensive experience in the industry ranging from client facing assignments building scalable and secure infrastructure, to publishing industry leading research to running training sessions for companies and governments alike.

Madhu’s research papers are frequently selected for major security industry conferences including Defcon 24, All Day DevOps (2016, 2017), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n, Serverless Summit, ToorCon, DefCamp, SkydogCon, NolaCon and null, etc. Madhu was a keynote speaker for the National Cyber Security conference at Dayananda Sagar College in Feb 2016.

When he’s not working with Appsecco’s clients or speaking at events he’s actively involved in researching vulnerabilities in open source products/platforms such as WordPress, Ntop, Opendocman etc. and is also a contributing bug hunter with Code Vigilant (a project to Secure Open Source Software). His research has identified many vulnerabilities in over 200 organisations including US Department of Homeland Security, Google, Microsoft, Yahoo, Adobe, LinkedIn, Ebay, At&t, Blackberry, Cisco, Barracuda etc. He is also an active member with Bugcrowd, Hackerone, Synack etc.

Madhu has trained over 5000 people in information security for companies and organisations including the Indian Navy and the Ministry of e-services in a leading Gulf state.


Details of my security advisories.


Details of my security vulnerabilities acknowledgements.



Ubercool Stuff

Hacked Emails

Command line utility for hacked-emails

Awesome DevSecOps

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

Code Vigilant

Code Vigilant project is created out of the need to have a more secure open source software.

Docker Data Science ToolBox

Data Science Command Line Toolbox in a docker container

Markdown Automation

Automating Documentation, Presentation, Knowledge base using Markdown (Zero to Hero)

Security Automation with Ansible2

This repository contains all the code, playbooks, details regarding the book on Security Automation with Ansible2.

Windows CLI gems

wincmdfu project is for windows one line commands that make life easier, shortcuts and command line fu. This is combination of all tweets from @wincmdfu


I deliver trainings on following courses

  • Secure DevOps
  • Cloud Security
  • Automated Defence using Elastic Stack
  • Web Application Security Testing

Recent & Upcoming Talks

More Talks

Aug 4, 2018 9:30 AM
Automated Defence for Cloud Security in AWS using Serverless
Oct 27, 2017 5:45 PM
Modern Security Operations aka Secure DevOps
Oct 24, 2017 4:00 PM
Real World Security monitoring & Automated Defence for almost free
Oct 20, 2017 10:25 AM
Real World Security monitoring & Automated Defence for almost free
Sep 20, 2017 10:25 AM