Friday, April 24, 2026

The Grammar of Injection Attacks

 

I'm presenting a talk in Null OWASP Bengaluru Meetup on 25th April 2026.  It is a talk that focuses on foundation of injections in web applications.  I wish, I had a senior or mentor who would have walked through me this in the early days of my career.  However, Rahul Verma's workshop on web security helped me to build the perspectives -- I take this opportunity to thank and express my gratitude for him.


It's Just Data..., Until It Isn't: The Grammar of Injection Attacks

In modern web applications, user input is everywhere -- search boxes, login forms, URLs, and APIs.  Most of the time, it is treated as harmless data.  But what happens when the data is interpreted as code?

This talk introduces a fundamental yet often overlooked concept behind vulnerabilities like HTML injection, SQL injection and Cross-Site Scripting (XSS): grammar and context.

Instead of focusing on memorizing payloads, we will explore how browsers, databases, and interpreters parse input.  Later, we will learn how the attackers exploit these rules to break out of intended contexts.  Through simple, real-world examples, we will walk step-by-step through how an attacker reads the structure of a target, identifies injection points, and crafts payloads that turn data into execution.

By the end of this session, you will have a strong mental model to:

  • Understand where and why injection vulnerabilities occur
  • Analyze how input is interpreted across HTML, JavaScript, and SQL contexts
  • Think like an attacker and defend like an engineer.
This talk is designed for beginners in security, testing or development who want to build a solid foundation in web vulnerabilities without getting lost in complexity.

Prerequisite:  An open mind and do not keep the questions unasked and undiscussed.



null and OWASP Bengaluru Meetup - 25th April 2026




Posted by Ravisuriya at 4/24/2026 09:59:00 AM 0 comments
Posted under Labels: , , , , , ,

Friday, April 10, 2026

SYNICT'26: Software Testing Conference Happening With No Noise and Buzz

 

Tomorrow [11th Apr 2026], I'm attending a Software Testing conference in Bengaluru -- SYNICT'26.  

What compelled me to write this blog about this conference is, no buzz.  Yes, I do not see any buzz on social media or in the community from anyone about this conference.

I see the buzz and noise for the meetups that happen.  Yet, this conference is happening in silent.

The theme of the conference is, QA In the Era of AI.

When AI has buzz all around why the organizers of this conference chose to execute and deliver it in silence?  I'm yet to know this!

I see the committed practitioners in the speaker list.

All said, you and I know, a conference cannot happen if the organizing team is silence.  I see the team of 10 members who are behind this.  Among them, I interacted with Soham Majumder.  He seemed to be approachable, listening, and coordinated very well.  This has given me a good impression about his other team members as well.

Well, I will not be silent in the conference.  I will be exploring, unlearning, learning, catching-up, networking and assist engineers where all I can.

I'm exited to experience my first conference for the year 2026. 

How this conference is being executed has made me curious about it!

Between, I asked Soham what do "SYNICT" mean.  He said, it is -- synergy and connect.

Note this please -- I'm not paid to write.  I will not do it as well.  Such happening should be documented so that the future will know about it to say a testing conference happened with no noise and buzz.  I'm glad, I documented it.



SYNICT'26 Web Page



Posted by Ravisuriya at 4/10/2026 04:01:00 PM 1 comments
Posted under Labels: ,
Subscribe to: Comments (Atom)