If you missed the PtaaS Exchange in person, join us virtually to learn how to improve your security program in 2023.

Shubham Chaskar

A core pentester, Shubham has extensive experience as an application security engineer. The certifications he holds are CEH, eCPPTv2, and eWPTXv2. He has experience with mobile apps, web applications, networks, cloud configuration, and thick-client apps. Bash, Python, Go, and PowerShell is his favorite languages to automate penetration testing. You can find more details here:

OAuth Vulnerabilites Pt. 1

Welcome to part one of OAuth Vulnerabilities. Core Pentester Shubham Chaskar overviews Oauth, commonly used grant types, entities, misconfiguration, and more.
Jan 23, 2023
Est Read Time: 10 min

CSP and Bypasses

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.
Oct 12, 2022
Est Read Time: 9 min

File Upload Vulnerabilities

This blog aims to demonstrate how applications can be compromised using simple file upload functionalities. Core Pentester Shubham Chaskar will show how to bypass common defense mechanisms and upload web shells.
Aug 24, 2022
Est Read Time: 8 min

Attacking Windows Applications Pt. 2

Welcome to the second part of the blog series "Attacking windows application." In this blog, we go more in-depth on attacking these applications and the tools used.
Aug 4, 2022
Est Read Time: 9 min

Attacking Windows Applications – Part 1

In this two-part blog series, we will discuss the overview of thick client applications and the type of architecture present.
Jul 8, 2022
Est Read Time: 9 min