Nitesh Dhanjani

Nitesh Dhanjani

Author, Speaker

  • @nitesh_dhanjani

Areas of Expertise:

  • IT strategy
  • security strategy
  • application security strategy
  • ethical hacking
  • cloud computing
  • virtualization
  • consulting
  • speaking
  • training
  • writing

Nitesh Dhanjani is a well known information security researcher and speaker. Dhanjani is the author of "Hacking: The Next Generation" (O'Reilly), "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O'Reilly), and "HackNotes:Linux and Unix Security" (Osborne McGraw-Hill). He is also a contributing author to "Hacking Exposed 4" (Osborne McGraw-Hill) and "HackNotes:Network Security" (Osborne McGraw-Hill).

At Ernst & Young, Nitesh is Executive Director in the Americas Information Security Center of Excellence (CoE), responsible for helping some of the largest corporations successfully establish enterprise wide information security programs and solutions. Nitesh is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as mobile security, cloud computing, and social media.

Prior to E&Y, Dhanjani was Senior Director of Application Security and Assessments at Equifax where he spearheaded security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews & threat modeling, and managed the attack & penetration team. Before Equifax, Dhanjani was Senior Advisor at Foundstone's Professional Services group where, in addition to performing security assessments, he contributed to and taught Foundstone's Ultimate Hacking security courses.

Dhanjani holds both a Bachelor's and Master's degree in Computer Science from Purdue University.

Dhanjani's personal blog is located at You can follow him on Twitter here: @nitesh_dhanjani

Hacking: The Next Generation Hacking: The Next Generation
by Nitesh Dhanjani, Billy Rios, Brett Hardin
September 2009
Print: $39.99
Ebook: $31.99

Network Security Tools Network Security Tools
by Nitesh Dhanjani, Justin Clarke
April 2005
Print: $34.95
Ebook: $27.99

Recent Posts | All O'Reilly Posts

Nitesh blogs at:

UI Spoofing Safari on the iPhone

November 28 2010

Given how rampant phishing and malware attempts are these days, I hope Apple chooses to not allow arbitrary web applications to scroll the real Safari address bar out of view. read more

Insecure Handling of URL Schemes in Apple's iOS

November 08 2010

I feel the risk posed by how URL Schemes are handled in iOS is significant because it allows external sources to launch applications without user interaction and perform registered transactions. Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be… read more

Healthcare Data: The Upcoming Privacy Conflict

September 29 2010

But what happens when patients volunteer their private medical records into the public domain? In this article, I'd like to present my thoughts on this topic. read more

Behavioral Economics in Information Security

September 12 2010

In order to influence users to promote positive cultural change in security related behavior, the enforcers must comprehend additional variables such as the difference in the perspective of risk to the individual, psychological biases and simple behavioral economics. read more

Initiating the Privacy Arms Race Against Facebook: The AntiSocial Firefox Extension

June 01 2010

It is my opinion, that regardless of the platform, the online social space has created a condition where the end users must ultimately collaborate to initiate an ongoing privacy arms race to poison the intelligence collected of them. To promote this sentiment, and to further the cause of research in… read more

2 Years Later: Droppin' Malware on Your OSX, Carpet Bomb Style (and Then Some!)

May 22 2010

2 years later from my original disclosure, the Carpet Bomb vulnerability on OSX remains un-patched. read more

Raising Consciousness: Facebook's "Automatic Authorization"

April 06 2010

In their explanation on the developer wiki, Facebook explicitly states that 3rd party applications that use this feature can only gather information about the given user that may be publicly search-able anyway. However, this assurance from Facebook is without merit because the implied reasoning is based upon flawed assumptions: the… read more

New Book "Hacking: The Next Generation"

September 05 2009

My new book "Hacking: The Next Generation" is now available. read more

Hack in the Box (Dubai) 2009 / Psychotronic(a) / Hacking the Psyche

March 30 2009

I will be presenting Psychotronica: Exposure, Control, and Deceit at the Hack in the Box Conference in Dubai (20th - 23rd April 2009). read more

Blame the Credit Card Franchise: Criminals on Amazon's EC2 (Elastic Compute) Cloud

March 11 2009

Amazon EC2 is an extraordinarily powerful infrastructure available to anyone with a stolen credit card. Even if someone is able to use the EC2 platform for a few hours with a stolen credit card, he or she will be able to initiate a vicious cycle that may become impossible to… read more

Gartner and the Pope

February 24 2009

The Gartner press release makes extraordinary claims on how much phishing costs businesses: $3.2 billion is not an estimate that should be taken lightly by anyone. Extraordinary claims require extraordinary evidence (quoting Carl Sagan). As I read through the Gartner press release, I felt that the claims were unsupported because,… read more

International Conference on Cyber Security 2009

January 04 2009

I'll be speaking at the International Conference on Cyber Security 2009 in New York (Jan 5 - 9). read more

How Terrorists May Abuse Micro-Blogging Channels Like Twitter

December 18 2008

In this article, I want to further the discussion on how micro-blogging channels may be leveraged by terrorist organizations to obtain real time surveillance and intelligence of their efforts. read more

Why Jerry Seinfeld Probably Cost Microsoft a Lot More than $10 Million

November 10 2008

In this article, I want put forth a case study to demonstrate how capturing feelings on the social web can allow companies to measure the reputation of their brand. read more

In Support of Science [and Tim]

November 04 2008

Venues such as O'Reilly are not likely to discuss politics or religion often. Yet, as scientists and technologists, when we do have something to say that addresses an important topic where we can offer reasoning and critical thought - lets not be shy about it. read more

Hacking the Psyche

November 03 2008

In this article/blog-entry, I want to persuade you of the real possibility and high probability that, in the very near future, remote entities will be able target people's on-line presence to capture and leverage their emotional states and feelings. There are some very extreme implications of this from a security… read more

Recent Posts | All O'Reilly Posts

Webcast - Psychotronica: Abusing and Leveraging Intelligence from Social Networking
September 29, 2009
In this presentation, we will go beyond discussing the obvious security and privacy implications of social media. We will tie the items of discussion to privacy implications as well as how they can be leveraged for investigations as well as business ...

"It says everything it should without the endless repeating and rephrasing so that readers would understand the concept, because it was so clearly explained the first time. This is a book that will get and keep your attention, and a must-read book for everyone dealing with computer and information security."
--Zeljka Zorz, Help Net Security

"I'd really recommend Hacking: The Next Generation to my fellow techies. More important than learning new ways to mess with each other's minds, it will expose you to a number of new attack vectors that you may not have considered. And in most cases, simple awareness of those new vectors is enough to allow you to start to defend against them. "
--Thomas Duff, Duffbert's Random Musings