Jaap Karan Singh

Jaap Karan Singh
Jaap Karan Singh is Director of Customer Strategy, Chief Singh and a co-founder of Secure Code Warrior. After security testing at BAE Systems in Australia, Jaap moved from hacking web applications to educating developers on how to protect their own applications. Jaap designs & implements the entire customer strategy which includes Customer Success, Renewals, Support, Ops, and Customer Marketing.
Based in Sydney, Jaap has delivered training on software security concepts and run workshops at leading financial and telecommunications organisations around the world. He specialises in Javascript technologies such as HTML5, Node, Express and Mongo.

Coders Conquer Security: Share & Learn Series - Information Exposure
When your web app reveals too much information, it can make it easier for attackers to break into it. jIn this post, we'll cover what information exposure is, why it's dangerous, and how to prevent it.

Coders Conquer Security: Share & Learn Series - XQuery Injection
A huge majority of websites use XML databases to perform critical functions such as holding user login credentials, customer information, personal identity information and confidential or sensitive data, leaving XQuery attacks with a rather large attack footprint.

Coders Conquer Security: Share & Learn Series - Code Injection
Code injection attacks are among the most common, and also the most dangerous, that many websites and applications will encounter. They run the gamut both in terms of sophistication and in the danger that they pose, but nearly any site or app that accepts user input could be vulnerable.

Coders Conquer Security: Share & Learn Series - Local File Inclusion and Path Traversal
Unlike many vulnerabilities, exploiting local file inclusion and path traversal processes for nefarious purposes requires a sufficiently skilled attacker, a fair amount of time, and perhaps a bit of luck.

Coders Conquer Security: Share & Learn Series - Email Header Injection
It's common for websites and applications to allow users to send feedback and various other bits of information through an application using email. And most people don't even think about it in terms of a potential security risk.

Coders Conquer Security: Share & Learn Series - LDAP Injections
Problems can occur when malicious users can manipulate an LDAP query. Doing this can trick the receiving server into executing invalid queries that would normally not be allowed, or even granting high level or administrator access to invalid or low-security users without a password.

Coders Conquer Security: Share & Learn - SQL Injection
Attackers are using SQL injection - one of the oldest (since 1998!) and peskiest data vulnerabilities out there - to steal and change the sensitive information available in millions of databases all over the world.

Coders Conquer Security: Share & Learn Series - Remote File Inclusion
In many ways, the remote file inclusion vulnerability is much more dangerous, and also easier to exploit, than its local file counterpart. As such, it should be found and remedied as soon as possible.

Coders Conquer Security: Share & Learn Series - Insufficient Logging and Monitoring
Insufficient logging and monitoring is one of the most dangerous conditions that can exist within an application's defensive structure. If this vulnerability or condition exists, then almost any advanced attack made against it will eventually be successful.

Coders Conquer Security: Share & Learn Series - Sensitive Data Exposure
Sensitive data exposure occurs whenever information that is only meant for authorized viewing is exposed to an unauthorized person in an unencrypted, unprotected, or weakly protected state.

Coders Conquer Security: Share & Learn Series - Insufficient Transport Layer Protection
Even if you have completely secured an application server and the backend systems it uses, communications might still be vulnerable to snooping if you have insufficient transport layer protection.

Coders Conquer Security: Share & Learn Series - Broken Access Control
When you build a business application, whether for internal use or external use by your customers, you probably don't let every user perform every single function. If you do, you may be vulnerable to broken access control.

Coders Conquer Security: Share & Learn Series - Business Logic Problems
Although coding issues may be part of the problem, business logic errors are most frequently a result of design flaws or incorrect logical assumptions when an app is first created.

Coders Conquer Security: Share & Learn - Cross-Site Scripting (XSS)
Cross-site scripting (XSS) uses the trust of browsers and ignorance of users to steal data, take over accounts, and deface websites; it's a vulnerability that can get very ugly, very quickly. Let's take a look at how XSS works, what damage can be done, and how to prevent it.

Coders Conquer Security: Share & Learn Series - Unvalidated Redirects and Forwards
Coding a website or application with the ability to process unvalidated redirects and forwards can be extremely dangerous for both your users and your organization.

Coders Conquer Security: Share & Learn Series - NoSQL Injection
NoSQL databases are becoming increasingly popular. It's hard to deny their speed and ease of dealing with unstructured data, but as use becomes widespread, more vulnerabilities inevitably bubble to the surface.

Coders Conquer Security: Share & Learn Series: Insecure Direct Object Reference
A direct object reference is when a specific record (the 'object'), is referenced within an application. It usually takes the form of a unique identifier and may appear in a URL.

Coders Conquer Security: Share & Learn Series - Insecure Deserialization
Insecure deserialization can happen whenever an application treats data being deserialized as trusted. If a user is able to modify the newly reconstructed data, they can perform all kinds of malicious activities such as code injections, denial of service attacks or elevating their privileges.

Coders Conquer Security: Share & Learn Series - Authentication
Were going to cover one of the most common problems faced by organizations that either run websites, or which allow employees to remotely access computer resources - which is pretty much everyone. And yes, you probably guessed that we are going to be talking about authentication.

Coders Conquer Security: Share & Learn Series - XML Injections
XML injection attacks are nasty little exploits invented by hackers to help them compromise systems hosting XML databases. This includes the kinds of things that come to mind when one thinks about traditional databases - detailed stores of information about anything from medicines to movies.

Security' is Not a Dirty Word: How a Positive Approach Will Transform Your Security Program
Having been on both sides of the fence, I know all too well the tension that can arise between the development team and AppSec specialists when it comes to upholding security best practice. However, there is a better approach.

Coders Conquer Security: Share & Learn Series - Cross-Site Request Forgery
CSRF attacks are fairly complex and rely on multiple layers to be successful. In other words, lots of things have to break in favor of the attacker for it to work. Despite this, they are an extremely popular, lucrative attack vector.

Coders Conquer Security: Share & Learn Series - CRLF Injection
If an attacker can insert a CR or LF code into an existing application, they can sometimes change its behavior. The effects are less easy to predict compared with most attacks, but can be no less dangerous to the target organization.

Coders Conquer Security: Share & Learn Series - Unrestricted File Uploads
In cybersecurity, attackers can be quick to exploit any application or program that has been allowed to support unrestricted file uploads. And the results can be devastating.

Coders Conquer Security: Share & Learn Series - OS Command Injection
OS command injection attacks can be performed by entry-level and less skilled hackers, which makes them one of the most common weaknesses that security teams experience. Thankfully, there are quite a few very effective ways to prevent them from being successful.

Contextual, Hands-On Learning: The Supercharged Way to Train Your Brain for Security
It truly boggles the mind that many places still rely on classrooms, dry textbooks and mind-numbing video training to get their best and brightest on-board with new initiatives, especially when there's a far better, more engaging and more valuable way to learn: contextual training.

Coders Conquer Security: Share & Learn Series - Using Components with Known Vulnerabilities
Since all applications use components, most of which you haven't written, vulnerabilities within the components you use can become liabilities. Let's discuss what using components with known vulnerabilities means, how dangerous it is, and how to resolve it.
.avif)
Vibe Coding: Practical Guide to Updating Your AppSec Strategy for AI
Watch on-demand to learn how to empower AppSec managers to become AI enablers, rather than blockers, through a practical, training-first approach. We'll show you how to leverage Secure Code Warrior (SCW) to strategically update your AppSec strategy for the age of AI coding assistants.