Talking with the expert- Anand Prakash

Image

Anand Prakash, founder of AppSecure Inc has been in limelight from past month. The reason is again the same- bug hunting. He is a noted bug hunter who has identified the so many security vulnerabilities in tech giants like- Facebook, Twitter, Uber etc. This time is in the news again for the vulnerability which he reported that allows an attacker to take control of any user account. He has also cemented his place in Forbes 30 under 30 award. We’re grateful to Anand for giving this interview from his busy schedule. Also We congratulate him on embarking a new journey of parenthood as he was blessed with a baby boy in the last week. Here’s the detailed interview of one of the finest white hack hacker of the country- Anand Prakash!

1. Your journey from an intern to founder of AppSecure is fascinating. Tell our readers about yourself and journey you have been through.

I am Anand Prakash, Founder of AppSecure. I started my bug bounty journey in 2013 when I discovered my first vulnerability in Facebook. I was ranked 66th in Facebook’s hall of fame when I started. I found it more interesting afterward and made it into the top 3 hackers from the year 2013-16 and 5th in 2017 worldwide on Facebook’s Whitehat list.

I joined Flipkart in 2014 which changed my life, I grew up both professionally as well as technically.

2. What was it that pushed you to pursue Information Security?

The orkut phishing hack pushed me into the security domain. My interests into hacking grew a lot after Orkut Incident.

3. What is AppSecure? What’s the goal of it?

AppSecure is a cybersecurity company that helps businesses across the world to protect their data, reputation and brand. We provide security services as well solution to businesses to make their systems more safe and secure.

4. You have been acknowledged by Forbes Asia 30 under 30. That’s huge! How did that happen? Have you ever dreamt of it?


No, I didn’t know of Forbes earlier (Yes, that’s true). I received an email into my Inbox and I filled out the form that was it, I made into the list.

5. Which area of InfoSec domain excites you the most? Why?

6. As you have identified vulnerabilities in almost all the big tech giants- FB, Twitter, Uber and many more, Is there anything common which organisations like these are lacking to secure or missing the point? Also how can they prevent the data thefts in advance?

6. As you have identified vulnerabilities in almost all the big tech giants- FB, Twitter, Uber and many more, Is there anything common which organisations like these are lacking to secure or missing the point? Also how can they prevent the data thefts in advance?

These companies run bug bounty programs which invites security researchers like me to find bugs in their application, network etc. I think they are already doing a good job by inviting ethical hackers like me to make their systems more secure. The issues which were discovered by me were missed in the secure SDLC process but were caught in the bounty program.

7. You are one of those few bug hunters who has breached almost all the big orgs who are claimed to be the most secure ones. What advise you will give to the fellow bug hunters?

Nothing is 100% secure. Hacking is all about creativity. I try to break the same feature multiple times while figuring out loopholes in big organizations.

8. The biggest challenge you have faced being a security researcher/expert till date.


Reporting vulnerabilities to Indian Companies is a big pain.

9.You’ve been in the news lately for identifying critical bug in Uber. Do you feel pressure at times while hunting the bugs as you’ve got a habit of trapping a big fish every now and then.

No, finding bugs is my hobby. I always try to find account takeovers in companies which have been security audited many times in the past. Till date I have been successful in finding account takeovers in Facebook, Periscope, Twitter, Uber, Tinder, etc. which I believe is an achievement

10. Your views on Certifications. Mandatory to peruse or not?


I don’t think certifications are necessary to get into white hat hacking. I would recommend beginners to read blogs written by security researchers like Nir Goldshlager,  Neal Poole, Jack Finite, Frans Rosen, etc. to learn security.

11. An advise to the freshers pursuing this field. How, what and where they should start? 


Of course, finding a few more account takeovers in big companies and growing AppSecure to protect more data of startups/enterprises.

RELATED ARTICLES

Image

4G LTE attacks

The attacks exploit design weaknesses in three key protocol procedures of the 4G LTE network known as attach, detach, and paging.

READ MORE
Image

Wifi Security Protocols

In today’s world Wi-Fi has become the essential thing in our daily routine. The wireless networks are also not secure in this digital age.

READ MORE