Nitesh Dhanjani

Author, speaker

Areas of Expertise:

IT strategy
security strategy
application security strategy
ethical hacking
cloud computing
virtualization

consulting
speaking
training
writing

Biography

Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is currently Senior Manager at a large consulting firm where he advises some of the largest corporations around the world on how to establish enterprise wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization.

Prior to his current job, Dhanjani was Senior Director of Application Security and Assessments at a major credit bureau where he spearheaded brand new security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & Threat Modeling, and managed the Attack & Penetration team.

Dhanjani is the author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly) and "HackNotes: Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes: Network Security". Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.

Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in Computer Science.

Dhanjani's personal blog is located at dhanjani.com.

Books

Network Security Tools
by Nitesh Dhanjani , Justin Clarke
April 2005
$34.95 USD

Articles

You need to enable JavaScript to view more than 15 articles by this author.

Google Your Site For Security Vulnerabilities
Publish Date: Oct. 7, 2004The fact that Google indexes pages you might never have known were public is both good and bad. It's good when you're searching for specialized or esoteric information. It's bad when Google indexes potential security vulnerabilities on your site. Nitesh Dhanjani demonstrates how to use the Google API to help identify your inadvertently shared secrets. Writing Nessus Plugins
Publish Date: Jun. 3, 2004Today's best vulnerability detector will be out-of-date next week unless you can somehow teach it about new exploits and vulnerabilities. Fortunately, Nessus and NASL make that easy. Nitesh Dhanjani walks through the creation of a custom Nessus vulnerability plugin. Installing and Configuring Nessus
Publish Date: Apr. 22, 2004If you're connected to the global Internet, people are already scanning your network for vulnerabilities for free. They're probably not so good about informing you of their findings. Why not get a jump on the competition by analyzing your network yourself? Nitesh Dhanjani explains how to install and configure Nessus, an open source network vulnerability scanner. Web App Security Testing with a Custom Proxy Server
Publish Date: Jan. 22, 2004Assuming users will only access your web applications as you intend may be the best way to invite abuse. Attackers have tools to build bogus responses, so why not use the same techniques to toughen your own sites? Nitesh Dhanjani demonstrates how a custom proxy server can help you test the security of your web apps.

Blog

Recent Posts | All Posts

International Conference on Cyber Security 2009

January 04 2009

I'll be speaking at the International Conference on Cyber Security 2009 in New York (Jan 5 - 9). read more

T-Mobile, AT&T Ordered to Stop Advertising that their Voicemail Systems are Secure

December 19 2008

I first reported a security issue in the AT&T/Cingular voicemail system on February 1, 2006. Now, after 2.5 years, the LA District Attorney's office has banned AT&T and T-Mobile from saying that their voicemail systems are secure. read more

How Terrorists May Abuse Micro-Blogging Channels Like Twitter

December 18 2008

In this article, I want to further the discussion on how micro-blogging channels may be leveraged by terrorist organizations to obtain real time surveillance and intelligence of their efforts. read more

Why Jerry Seinfeld Probably Cost Microsoft a Lot More than $10 Million

November 10 2008

In this article, I want put forth a case study to demonstrate how capturing feelings on the social web can allow companies to measure the reputation of their brand. read more

In Support of Science [and Tim]

November 04 2008

Venues such as O'Reilly are not likely to discuss politics or religion often. Yet, as scientists and technologists, when we do have something to say that addresses an important topic where we can offer reasoning and critical thought - lets not be shy about it. read more

Hacking the Psyche

November 03 2008

In this article/blog-entry, I want to persuade you of the real possibility and high probability that, in the very near future, remote entities will be able target people's on-line presence to capture and leverage their emotional states and feelings. There are some very extreme implications of this from a security… read more

Suddenly Psychic: Knowing Everything About Everyone

July 15 2008

During the next few months, I will be presenting a brand-new talk titled "Suddenly Psychic: Knowing Everything About Everyone" at various conferences around the world....Currently, this talk is scheduled debut at the Microsoft Blue Hat Conference [v8] in October, followed by Hack in the Box in Kuala Lumpur. read more

Safari Carpet Bomb

May 15 2008

I let Apple know that I'd like to discuss the 2 issues they won't be fixing with the security community and they let me know they are fine with it. read more

Amazon's Elastic Compute Cloud [EC2]: Initial Thoughts on Security Implications

April 27 2008

Based on my recent experience with Amazon's EC2, here are some initial thoughts (with bias on security). read more

Interview With [IN]Secure Magazine

April 22 2008

Issue 16 of [IN]Secure Magazine is available. Mirko Zorz interviewed me in this edition (Page 41). If you decide to read it, I'd be delighted to hear your thoughts and feedback. The magazine edition of the interview is much better looking and highly recommended (as are the other articles), but… read more

Be Secure, and You'll be Compliant

April 17 2008

Don't let a requirement like PCI drive your overall strategy. Understand your goals and needs, aim to be secure, and you will be compliant. Try the formula the other way around, and your strategy will be flawed, your security budget won't be big enough, you will struggle to keep up… read more

Black Hat Europe 2008

March 31 2008

I presented Bad Sushi: Beating Phishers at their Own Game (with Billy) at Blackhat Europe (Amsterdam) 2008 last week. I always enjoy doing this talk, and the feedback was quite positive. For more information, check out Nate's coverage of the conference... read more

The iPhone SDK Press Conference

March 10 2008

Apple may have a difficult time auditing applications to ensure they meet their criteria. What is the absolute definition of malicious in the given context? Malicious to whom? The end user, Apple, or AT&T? Perhaps all of the above. Now, how does Apple go about obtaining assurance whether a given… read more

Black Hat Briefings 2008 (Washington DC)

February 27 2008

I presented Bad Sushi: Beating Phishers at their Own Game with Billy Rios last week at the Black Hat Briefings in DC. The best part of the experience was the opportunity to talk to people in the audience after the presentation, and to hear their perspectives on the subject. read more

Bad Sushi: Beating Phishers at their Own Game

January 28 2008

Help Net Security has posted an interview with me and Billy Rios titled Spies in the Phishing Underground. If you enjoyed the interview, and if you want more details and screen-shots, check out our talk at the Federal Black Hat Briefings 2008 [February 20]. The title of the talk is Bad… read more

Recent Posts | All Posts

Biography

Books

Articles

Blog

Hire Nitesh Dhanjani

Also find Nitesh on:

Buy Direct and Save