Director of Customer Strategy. Chief Singh and Co-founder.

Jaap Karan Singh

About

Jaap Karan Singh

Jaap Karan Singh is Director of Customer Strategy, Chief Singh and a co-founder of Secure Code Warrior. After security testing at BAE Systems in Australia, Jaap moved from hacking web applications to educating developers on how to protect their own applications. Jaap designs & implements the entire customer strategy which includes Customer Success, Renewals, Support, Ops, and Customer Marketing.

Based in Sydney, Jaap has delivered training on software security concepts and run workshops at leading financial and telecommunications organisations around the world. He specialises in Javascript technologies such as HTML5, Node, Express and Mongo.

Resource hub

Articles by Jaap Karan Singh

more posts
Badge with pixel art character holding a staff, labeled Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Information Exposure

When your web app reveals too much information, it can make it easier for attackers to break into it. jIn this post, we'll cover what information exposure is, why it's dangerous, and how to prevent it.

Learn More
Gold and black badge with pixel art character holding staff, text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - XQuery Injection

A huge majority of websites use XML databases to perform critical functions such as holding user login credentials, customer information, personal identity information and confidential or sensitive data, leaving XQuery attacks with a rather large attack footprint.

Learn More
Badge showing pixel art character with a staff inside circle labeled Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Code Injection

Code injection attacks are among the most common, and also the most dangerous, that many websites and applications will encounter. They run the gamut both in terms of sophistication and in the danger that they pose, but nearly any site or app that accepts user input could be vulnerable.

Learn More
Round badge with text Coders Conquer Security Share and Learn Series and pixel art character holding staff.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Local File Inclusion and Path Traversal

Unlike many vulnerabilities, exploiting local file inclusion and path traversal processes for nefarious purposes requires a sufficiently skilled attacker, a fair amount of time, and perhaps a bit of luck.

Learn More
Badge with pixel art character holding staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Email Header Injection

It's common for websites and applications to allow users to send feedback and various other bits of information through an application using email. And most people don't even think about it in terms of a potential security risk.

Learn More
Gold badge with pixel art figure holding a staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - LDAP Injections

Problems can occur when malicious users can manipulate an LDAP query. Doing this can trick the receiving server into executing invalid queries that would normally not be allowed, or even granting high level or administrator access to invalid or low-security users without a password.

Learn More
Gold and black round badge with pixel art person holding a staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn - SQL Injection

Attackers are using SQL injection - one of the oldest (since 1998!) and peskiest data vulnerabilities out there - to steal and change the sensitive information available in millions of databases all over the world.

Learn More
Badge with pixel art of warrior and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Remote File Inclusion

In many ways, the remote file inclusion vulnerability is much more dangerous, and also easier to exploit, than its local file counterpart. As such, it should be found and remedied as soon as possible.

Learn More
Badge with pixel art figure holding staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Session Management Weaknesses

Sessions are key to a good user experience when using the web. However, managing sessions incorrectly can lead to security holes that attackers can exploit.

Learn More
Badge with pixelated character holding a staff surrounded by text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Insufficient Logging and Monitoring

Insufficient logging and monitoring is one of the most dangerous conditions that can exist within an application's defensive structure. If this vulnerability or condition exists, then almost any advanced attack made against it will eventually be successful.

Learn More
Gold circular badge with pixel character holding a staff, text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Sensitive Data Exposure

Sensitive data exposure occurs whenever information that is only meant for authorized viewing is exposed to an unauthorized person in an unencrypted, unprotected, or weakly protected state.

Learn More
Badge with pixel art figure holding a staff, encircled by text 'CODERS CONQUER SECURITY Share and Learn Series'.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Insufficient Transport Layer Protection

Even if you have completely secured an application server and the backend systems it uses, communications might still be vulnerable to snooping if you have insufficient transport layer protection.

Learn More
Badge with pixel art figure holding staff, text Coders Conquer Security Share and Learn Series around it.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Broken Access Control

When you build a business application, whether for internal use or external use by your customers, you probably don't let every user perform every single function. If you do, you may be vulnerable to broken access control.

Learn More
Gold badge reading Coders Conquer Security Share and Learn Series with pixelated figure holding a staff.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Clickjacking

Let's take a look now at how clickjacking works, why it's dangerous, and what developers like you can do to prevent it.

Learn More
Badge with pixel art character holding staff, text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Business Logic Problems

Although coding issues may be part of the problem, business logic errors are most frequently a result of design flaws or incorrect logical assumptions when an app is first created.

Learn More
Badge with text 'CODERS CONQUER SECURITY' and 'Share and Learn Series' around pixel art person holding a staff.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn - Cross-Site Scripting (XSS)

Cross-site scripting (XSS) uses the trust of browsers and ignorance of users to steal data, take over accounts, and deface websites; it's a vulnerability that can get very ugly, very quickly. Let's take a look at how XSS works, what damage can be done, and how to prevent it.

Learn More
Golden badge with pixel art figure holding a staff, text reads Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Unvalidated Redirects and Forwards

Coding a website or application with the ability to process unvalidated redirects and forwards can be extremely dangerous for both your users and your organization.

Learn More
Badge with pixel art character holding staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - NoSQL Injection

NoSQL databases are becoming increasingly popular. It's hard to deny their speed and ease of dealing with unstructured data, but as use becomes widespread, more vulnerabilities inevitably bubble to the surface.

Learn More
Gold badge with pixel art figure holding a staff and text Coders Conquer Security Share and Learn Series
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series: Insecure Direct Object Reference

A direct object reference is when a specific record (the 'object'), is referenced within an application. It usually takes the form of a unique identifier and may appear in a URL.

Learn More
Badge with pixel art figure holding staff, text: Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Insecure Cryptographic Storage & Security | Secure Code Warrior

In this digital society, developers are responsible for keeping info & businesses safe from insecure cryptographic storage. Learn from Secure Code Warrior.

Learn More
Badge with pixel art figure holding a staff, labeled Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Insecure Deserialization

Insecure deserialization can happen whenever an application treats data being deserialized as trusted. If a user is able to modify the newly reconstructed data, they can perform all kinds of malicious activities such as code injections, denial of service attacks or elevating their privileges.

Learn More
Badge with pixel art figure holding staff surrounded by text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Authentication

Were going to cover one of the most common problems faced by organizations that either run websites, or which allow employees to remotely access computer resources - which is pretty much everyone. And yes, you probably guessed that we are going to be talking about authentication.

Learn More
Badge reading Coders Conquer Security Share and Learn Series with pixel art figure holding staff.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - XML Injections

XML injection attacks are nasty little exploits invented by hackers to help them compromise systems hosting XML databases. This includes the kinds of things that come to mind when one thinks about traditional databases - detailed stores of information about anything from medicines to movies.

Learn More
White brick wall with a wooden frame and text reading 'WE LIKE YOU, TOO :)' surrounded by greenery.
Blog
Filter Label
This is some text inside of a div block.

Security' is Not a Dirty Word: How a Positive Approach Will Transform Your Security Program

Having been on both sides of the fence, I know all too well the tension that can arise between the development team and AppSec specialists when it comes to upholding security best practice. However, there is a better approach.

Learn More
Badge with pixel art character holding a staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

What is Security Misconfiguration? | Secure Code Warrior

What is security misconfiguration? Find the most popular security misconfigurations & how to prevent vulnerabilities. Learn from Secure Code Warrior.

Learn More
Gold badge with pixel art person holding a staff inside circle saying Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Cross-Site Request Forgery

CSRF attacks are fairly complex and rely on multiple layers to be successful. In other words, lots of things have to break in favor of the attacker for it to work. Despite this, they are an extremely popular, lucrative attack vector.

Learn More
Badge with pixelated character holding staff, text Coders Conquer Security Share and Learn Series around gold circle.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - CRLF Injection

If an attacker can insert a CR or LF code into an existing application, they can sometimes change its behavior. The effects are less easy to predict compared with most attacks, but can be no less dangerous to the target organization.

Learn More
Gold and black Coders Conquer Security Share and Learn Series badge with pixel art person holding staff.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Insufficient Anti-Automation

If an application has insufficient anti-automation checks in place, attackers can simply keep guessing at passwords until they find a match. Heres how to stop them.

Learn More
Badge with pixel art character holding staff, encircled by text 'Coders Conquer Security Share and Learn Series'.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Unrestricted File Uploads

In cybersecurity, attackers can be quick to exploit any application or program that has been allowed to support unrestricted file uploads. And the results can be devastating.

Learn More
Gold circular badge with pixel art figure holding staff and text Coders Conquer Security Share and Learn Series.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - OS Command Injection

OS command injection attacks can be performed by entry-level and less skilled hackers, which makes them one of the most common weaknesses that security teams experience. Thankfully, there are quite a few very effective ways to prevent them from being successful.

Learn More
Green neon sign reading 'Super Helpful' inside a dark industrial-style room with hanging lights.
Blog
Filter Label
This is some text inside of a div block.

Contextual, Hands-On Learning: The Supercharged Way to Train Your Brain for Security

It truly boggles the mind that many places still rely on classrooms, dry textbooks and mind-numbing video training to get their best and brightest on-board with new initiatives, especially when there's a far better, more engaging and more valuable way to learn: contextual training.

Learn More
Badge for Coders Conquer Security Share and Learn Series with pixel art figure holding a staff.
Blog
Filter Label
This is some text inside of a div block.

Coders Conquer Security: Share & Learn Series - Using Components with Known Vulnerabilities

Since all applications use components, most of which you haven't written, vulnerabilities within the components you use can become liabilities. Let's discuss what using components with known vulnerabilities means, how dangerous it is, and how to resolve it.

Learn More
Webinar titled Vibe Coding on AppSec strategy for AI with Jaap Karan Singh, Director of Customer Strategy.
Webinar
Filter Label
This is some text inside of a div block.

Vibe Coding: Practical Guide to Updating Your AppSec Strategy for AI

Watch on-demand to learn how to empower AppSec managers to become AI enablers, rather than blockers, through a practical, training-first approach. We'll show you how to leverage Secure Code Warrior (SCW) to strategically update your AppSec strategy for the age of AI coding assistants.

Learn More