Security Vulnerabilities Acknowledgements

OrganizationVulnerability
GoogleBASM, XSS, DT
MicrosoftXSS, UE
YahooXSS, PM
Barracuda LabsXSS, CSRF
AdobeBASM, XSS
At & tCSRF
BlackberryCSRF, PD
Magix AGXSS
ScaniiCSRF
LinkedinLB
TwitchXSS
TwilioXSS, BASM
TumblrXSS, CSRF
Smart BudgetCSRF
Risk IOXSS
Get PocketIDOR
Pager DutyXSS
OlarkCSRF
Nitrous.ioXSS
Mail ChimpXSS, IDOR
MagentoXSS, CSRF, IDOR, PE
LogentiresXSS
LibratoXSS
CiscoCSRF
HerokuCSRF, IDOR
PusherUE
Form AssemblyXSS
EventbriteFU
DropmyemailXSS
DropcamIDOR, XSS, FU
Constant ContactXSS
BlinksaleCSRF
BitcasaBASM
ApptentiveLB
123contactformXSS, FU
AppceleratorAI
SkmasterIDOR
FreshbooksCSRF, XSS, TB
LocalBitcoinsXSS
MuutXSS
CloudAppXSS
CloudFlareCSRF, AI
DockerLB
StopthehackerXSS
Concrete5IDOR
ebayXSS, BASM
CoindoeXSS
KeenIOTB, CSRF
DistimoLB
FreshdeskCSRF, AI
Honeybadger.ioIDOR
VzaarCSRF, XSS
AbacusAI
Active State & StackatoBASM
OpenpageCRMBASM
PcloudXSS, BASM
WepayCSRF
ZendeskXSS
BufferAppIDOR
ComposeCSRF, XSS
GreenHouseLB
500pxXSS
ViadeoBASM
UnitagXSS
HackerrankXSS
SonyCSRF
Factor.ioBASM
InflectraXSS
MovemberBASM
WHMCSBASM, XSS, CSRF
Acorns, LLCBASM, XSS, IDOR
SocrataBASM, CSRF
Many others

Legend

  • AI: Authentication Issue
  • BASM: Broken Authentication & Session Management
  • CSRF: Cross Site Request Forgery
  • FU: File Upload Vulnerability
  • IDOR: Insecure Direct Object Reference
  • LB: Logical Bug
  • TB: Token Bypass Vulnerability
  • UE: Username Enumeration
  • XSS: Cross Site Scripting
  • PE: Privilege Escalation
  • PD: Path Disclosure
  • DT: Directory Traversal
Madhu Akula
Madhu Akula
Never Ending Learner!

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security researcher with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc. Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27 & 29), BlackHat USA (2018, 19 & 21), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19 & 21), SACON 2019, Serverless Summit, null and multiple others. His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.

Related