Nitesh Dhanjani

Author, Speaker

Areas of Expertise:

IT strategy
security strategy
application security strategy
ethical hacking
cloud computing
virtualization

consulting
speaking
training
writing

Biography
Books
Blog
Multimedia
Articles

Nitesh Dhanjani is a well known information security researcher and speaker. Dhanjani is the author of "Hacking: The Next Generation" (O'Reilly), "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly), and "HackNotes:Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes:Network Security" (Osborne McGraw-Hill).

At Ernst & Young, Nitesh is Executive Director in the Americas Information Security Center of Excellence (CoE), responsible for helping some of the largest corporations successfully establish enterprise wide information security programs and solutions. Nitesh is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as mobile security, cloud computing, and social media.

Prior to E&Y, Dhanjani was Senior Director of Application Security and Assessments at Equifax where he spearheaded security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & threat modeling, and managed the attack & penetration team. Before Equifax, Dhanjani was Senior Advisor at Foundstone's Professional Services group where, in addition to performing security assessments, he contributed to and taught Foundstone's Ultimate Hacking security courses.

Dhanjani holds both a Bachelor's and Master's degree in Computer Science from Purdue University.

Dhanjani's personal blog is located at dhanjani.com. You can follow him on Twitter here: @nitesh_dhanjani

Hacking: The Next Generation
by Nitesh Dhanjani , Billy Rios , Brett Hardin
September 2009
Print: $39.99
Ebook: $31.99

Network Security Tools
by Nitesh Dhanjani , Justin Clarke
April 2005
Print: $34.95

Recent Posts | All O'Reilly Posts

Nitesh blogs at:
http://oreilly.com/blogs/
http://weblogs.oreilly.com/

UI Spoofing Safari on the iPhone

November 28 2010

Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view. read more

Insecure Handling of URL Schemes in Apple's iOS

November 08 2010

I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be… read more

Healthcare Data: The Upcoming Privacy Conflict

September 29 2010

But what happens when patients volunteer their private medical records into the public domain? In this article, I'd like to present my thoughts on this topic. read more

Behavioral Economics in Information Security

September 12 2010

In order to influence users to promote positive cultural change in security related behavior, the enforcers must comprehend additional variables such as the difference in the perspective of risk to the individual, psychological biases and simple behavioral economics. read more

Initiating the Privacy Arms Race Against Facebook: The AntiSocial Firefox Extension

June 01 2010

It is my opinion, that regardless of the platform, the online social space has created a condition where the end users must ultimately collaborate to initiate an ongoing privacy arms race to poison the intelligence collected of them. To promote this sentiment, and to further the cause of research in… read more

2 Years Later: Droppin' Malware on Your OSX, Carpet Bomb Style (and Then Some!)

May 22 2010

2 years later from my original disclosure, the Carpet Bomb vulnerability on OSX remains un-patched. read more

Raising Consciousness: Facebook's "Automatic Authorization"

April 06 2010

In their explanation on the developer wiki, Facebook explicitly states that 3rd party applications that use this feature can only gather information about the given user that may be publicly search-able anyway. However, this assurance from Facebook is without merit because the implied reasoning is based upon flawed assumptions: the… read more

New Book "Hacking: The Next Generation"

September 05 2009

My new book "Hacking: The Next Generation" is now available. read more

Hack in the Box (Dubai) 2009 / Psychotronic(a) / Hacking the Psyche

March 30 2009

I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009). read more

Blame the Credit Card Franchise: Criminals on Amazon's EC2 (Elastic Compute) Cloud

March 11 2009

Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to… read more

Gartner and the Pope

February 24 2009

The Gartner press release makes extraordinary claims on how much phishing costs businesses: $3.2 billion is not an estimate that should be taken lightly by anyone. Extraordinary claims require extraordinary evidence (quoting Carl Sagan). As I read through the Gartner press release, I felt that the claims were unsupported because,… read more

International Conference on Cyber Security 2009

January 04 2009

I'll be speaking at the International Conference on Cyber Security 2009 in New York (Jan 5 - 9). read more

How Terrorists May Abuse Micro-Blogging Channels Like Twitter

December 18 2008

In this article, I want to further the discussion on how micro-blogging channels may be leveraged by terrorist organizations to obtain real time surveillance and intelligence of their efforts. read more

Why Jerry Seinfeld Probably Cost Microsoft a Lot More than $10 Million

November 10 2008

In this article, I want put forth a case study to demonstrate how capturing feelings on the social web can allow companies to measure the reputation of their brand. read more

In Support of Science [and Tim]

November 04 2008

Venues such as O'Reilly are not likely to discuss politics or religion often. Yet, as scientists and technologists, when we do have something to say that addresses an important topic where we can offer reasoning and critical thought - lets not be shy about it. read more

Hacking the Psyche

November 03 2008

In this article/blog-entry, I want to persuade you of the real possibility and high probability that, in the very near future, remote entities will be able target people's on-line presence to capture and leverage their emotional states and feelings. There are some very extreme implications of this from a security… read more

Quis Custodiet Custodes Ipsos (Who Watches the Watchers) ?

May 21 2006

If you aren't doing anything wrong, what do you have to hide? read more

(Informal) Thoughts on AJAX and Security

April 09 2006

I'll be the first to tell you: AJAX does NOT substantially change the typical web application security audit methodology. However, if you are a developer or a security professional, there are a few issues to consider and watch out for. read more

Dear "Parallels": Thank-you

April 06 2006

I just installed Windows XP on Parallels workstation for intel Macs, and boy, this thing is FAST! read more

Mac OS X port of Nessus Now Available (Universal Binary)

March 29 2006

Tenable just released a Mac OS X port of the Nessus vulnerability scanner. As stated on nessus.org, "Nessus for Mac OS X is not just a port of the Unix server to the Mac environment, it also bundles a native interface to manage the server and the client." Awesome!… read more

Recent Posts | All O'Reilly Posts

Webcast - Psychotronica: Abusing and Leveraging Intelligence from Social Networking
September 29, 2009
Duration: Approximately 60 minutes. Cost: Free In this presentation, we will go beyond discussing the obvious security and privacy implications of social media. Topics of discussion will include: Hacking the Psyche: Remote behavior analysis that...

You need to enable JavaScript to view more than 15 articles by this author.

Google Your Site For Security Vulnerabilities
Publish Date: Oct. 7, 2004The fact that Google indexes pages you might never have known were public is both good and bad. It's good when you're searching for specialized or esoteric information. It's bad when Google indexes potential security vulnerabilities on your site. Nitesh Dhanjani demonstrates how to use the Google API to help identify your inadvertently shared secrets. Writing Nessus Plugins
Publish Date: Jun. 3, 2004Today's best vulnerability detector will be out-of-date next week unless you can somehow teach it about new exploits and vulnerabilities. Fortunately, Nessus and NASL make that easy. Nitesh Dhanjani walks through the creation of a custom Nessus vulnerability plugin. Installing and Configuring Nessus
Publish Date: Apr. 22, 2004If you're connected to the global Internet, people are already scanning your network for vulnerabilities for free. They're probably not so good about informing you of their findings. Why not get a jump on the competition by analyzing your network yourself? Nitesh Dhanjani explains how to install and configure Nessus, an open source network vulnerability scanner. Web App Security Testing with a Custom Proxy Server
Publish Date: Jan. 22, 2004Assuming users will only access your web applications as you intend may be the best way to invite abuse. Attackers have tools to build bogus responses, so why not use the same techniques to toughen your own sites? Nitesh Dhanjani demonstrates how a custom proxy server can help you test the security of your web apps.

Hire Nitesh Dhanjani

Also find Nitesh on:

Buy Now and Save

About O'Reilly

Community

More O'Reilly Sites

Partner Sites

Shop O'Reilly