Areas of Expertise:
Nitesh Dhanjani is a well known information security researcher and speaker. Dhanjani is the author of "Hacking: The Next Generation" (O'Reilly), "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly), and "HackNotes:Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes:Network Security" (Osborne McGraw-Hill).
At Ernst & Young, Nitesh is Executive Director in the Americas Information Security Center of Excellence (CoE), responsible for helping some of the largest corporations successfully establish enterprise wide information security programs and solutions. Nitesh is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as mobile security, cloud computing, and social media.
Prior to E&Y, Dhanjani was Senior Director of Application Security and Assessments at Equifax where he spearheaded security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & threat modeling, and managed the attack & penetration team. Before Equifax, Dhanjani was Senior Advisor at Foundstone's Professional Services group where, in addition to performing security assessments, he contributed to and taught Foundstone's Ultimate Hacking security courses.
Dhanjani holds both a Bachelor's and Master's degree in Computer Science from Purdue University.
Recent Posts | All O'Reilly Posts
November 28 2010Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view. read more
November 08 2010I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be… read more
September 29 2010But what happens when patients volunteer their private medical records into the public domain? In this article, I'd like to present my thoughts on this topic. read more
September 12 2010In order to influence users to promote positive cultural change in security related behavior, the enforcers must comprehend additional variables such as the difference in the perspective of risk to the individual, psychological biases and simple behavioral economics. read more
June 01 2010It is my opinion, that regardless of the platform, the online social space has created a condition where the end users must ultimately collaborate to initiate an ongoing privacy arms race to poison the intelligence collected of them. To promote this sentiment, and to further the cause of research in… read more
May 22 20102 years later from my original disclosure, the Carpet Bomb vulnerability on OSX remains un-patched. read more
April 06 2010In their explanation on the developer wiki, Facebook explicitly states that 3rd party applications that use this feature can only gather information about the given user that may be publicly search-able anyway. However, this assurance from Facebook is without merit because the implied reasoning is based upon flawed assumptions: the… read more
September 05 2009My new book "Hacking: The Next Generation" is now available. read more
March 30 2009I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009). read more
March 11 2009Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to… read more
February 24 2009The Gartner press release makes extraordinary claims on how much phishing costs businesses: $3.2 billion is not an estimate that should be taken lightly by anyone. Extraordinary claims require extraordinary evidence (quoting Carl Sagan). As I read through the Gartner press release, I felt that the claims were unsupported because,… read more
January 04 2009I'll be speaking at the International Conference on Cyber Security 2009 in New York (Jan 5 - 9). read more
December 18 2008In this article, I want to further the discussion on how micro-blogging channels may be leveraged by terrorist organizations to obtain real time surveillance and intelligence of their efforts. read more
November 10 2008In this article, I want put forth a case study to demonstrate how capturing feelings on the social web can allow companies to measure the reputation of their brand. read more
November 04 2008Venues such as O'Reilly are not likely to discuss politics or religion often. Yet, as scientists and technologists, when we do have something to say that addresses an important topic where we can offer reasoning and critical thought - lets not be shy about it. read more
November 03 2008In this article/blog-entry, I want to persuade you of the real possibility and high probability that, in the very near future, remote entities will be able target people's on-line presence to capture and leverage their emotional states and feelings. There are some very extreme implications of this from a security… read more
May 21 2006If you aren't doing anything wrong, what do you have to hide? read more
April 09 2006I'll be the first to tell you: AJAX does NOT substantially change the typical web application security audit methodology. However, if you are a developer or a security professional, there are a few issues to consider and watch out for. read more
April 06 2006I just installed Windows XP on Parallels workstation for intel Macs, and boy, this thing is FAST! read more
March 29 2006Tenable just released a Mac OS X port of the Nessus vulnerability scanner. As stated on nessus.org, "Nessus for Mac OS X is not just a port of the Unix server to the Mac environment, it also bundles a native interface to manage the server and the client." Awesome!… read more
Recent Posts | All O'Reilly Posts
Webcast - Psychotronica: Abusing and Leveraging Intelligence from Social Networking
"It says everything it should without the endless repeating and rephrasing so that readers would understand the concept, because it was so clearly explained the first time. This is a book that will get and keep your attention, and a must-read book for everyone dealing with computer and information security."
"I'd really recommend Hacking: The Next Generation to my fellow techies. More important than learning new ways to mess with each other's minds, it will expose you to a number of new attack vectors that you may not have considered. And in most cases, simple awareness of those new vectors is enough to allow you to start to defend against them. "
© 2014, O’Reilly Media, Inc.
(707) 827-7019 (800) 889-8969
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.