Join us as we delve into the mind of Gaurav Narwani, a cybersecurity expert with a wealth of experience in the field. In this interview, Gaurav shares his journey into the cybersecurity field, including how he got started and his passion for speaking at events. He also talks about his experience at last year’s Worqference and the knowledge he will be sharing at the upcoming event.
Know his thoughts on Pen testing, including why it is important to learn and some interesting facts about the subject. He also shares his positive experience with the community and how he started working as a freelancer in security research. This is a unique opportunity to gain valuable insights into the field and learn from an expert in the industry.
How did you get started in the field of cybersecurity?
Gaurav: I was first introduced to cybersecurity through the TV series “Mr. Robot” in 2018. I became interested in the field and was intrigued by the possibilities and ways to secure a system. I began my journey by researching and learning more about cybersecurity, including working on new projects, reading blogs, and earning my first Bug Bounty. Since then, I have developed a passion for the field and enjoy working in it.
I also have a passion for speaking, my first event was at the Mumbai Meetup with The Test Tribe. I have continued to speak at events and have also written blogs, developed my tools, and contributed to the community by teaching others about different skill sets.
How was your experience at last year’s Worqference?
Gaurav: It was great, I enjoyed speaking with attendees and received a positive response from the community in terms of their reactions and interactions. I believe that the best talks happen when there is engagement and interaction with the audience. This year, I am looking forward to sharing my knowledge and expertise and meeting new people.
At last year’s conference, I met people who held high-level positions and they helped me with my professional development while improving my visibility in the field. I was also able to share my knowledge with them as well.
What can attendees expect from your workshop on “Pen Testing” this year at Worqference?
This year, I will be focusing on “How to Perform API Pen Test” in my workshop. I will be covering the basics and diving deep into all the vulnerabilities that can be found during an API Pen Test. There will also be tips and tricks for finding these vulnerabilities more quickly or for identifying common bugs found in most applications.
No prerequisites are required for the workshop, but I will provide resources for further learning and practice after the session. I encourage attendees to come with an open mind and listen to what I have to say, and they can take the learning further from there.
Why should someone learn “Pen Testing”?
Gaurav: There are several reasons why someone might want to learn pen testing. One reason is for career advancement as it is a highly sought-after skill in cybersecurity and can lead to new job opportunities. It is also a personal development opportunity as it requires a strong understanding of computer systems and networks and can be a challenging but rewarding field of study.
Additionally, pen testing can help organizations identify and fix vulnerabilities in their systems before they are exploited, improving overall security. Lastly, learning pen testing can also be a fun and interesting hobby for those interested in the field.
What are some interesting facts about Pen Testing that will make attendees want to learn it?
Gaurav: I believe that one of the most interesting aspects of pen testing is the variety of tools and techniques used in the process. Once you have a good understanding of these tools and techniques, it is relatively easy to exploit vulnerabilities and find weaknesses in systems. Additionally, the results of a pen test can be used to improve security and it is a process that should be repeated regularly, rather than being a one-time event. Pen testing also provides a lot of exposure and the opportunity to meet people in the field.
What is your experience with the community? How did you come across The Test Tribe Community and what was your experience with it?
Gaurav: I have had a positive experience with the community and appreciate the willingness of people to share information and ideas. I also value the accessibility of resources and the support that is available when someone is stuck or has doubts. I first came across The Test Tribe Community through a Mumbai meetup event and my experience has been great.
How did you start working as a freelancer in security research?
Gaurav: One can work as a freelancer in security research through websites like HackerOne, Bugcrowd, and Synack. These websites connect clients who are seeking security testing with freelancers like me. Once you sign up on one of these platforms, you have access to information about what the clients are looking for and what kind of testing they want. and then perform the testing, identify vulnerabilities or issues, and report them to the website. The website then follows up with the client if they believe the issue is significant. This acts as a third party and facilitates communication between the freelancer and the client.
Can you recommend any professional or technical books or anything you like to read in your time?
Gaurav: Yes, I have compiled a list of books specifically for the workshop listed below:
- “API Security in Action” by Prabath Siriwardena: This book covers the basics of API security, including authentication and authorization, and more advanced topics such as threat modeling and security testing.
- “API Security: The Essential Guide to API Security for Developers and Architects” by Prabath Siriwardena and Nuwan Dias: This guide provides a comprehensive overview of API security, including how to secure APIs, design secure APIs, and test the security of APIs.
- “Web API Security: Protecting Your Application and Users” by Brian Vermeer: This book covers a wide range of topics related to API security, including common vulnerabilities, security best practices, and how to secure different types of APIs.
- “API Security Best Practices: A Guide to Protecting Your APIs” by Thomas Hunter II: This guide covers best practices for API security, including how to design secure APIs, how to test the security of APIs, and how to secure APIs in production.
- “API Security: A Practical Guide for Application Developers” by Tony Huynh: This book provides a practical guide to API security for application developers, including how to design and implement secure APIs, how to test the security of APIs, and how to secure APIs in production.
These books are great for anyone looking to gain a deeper understanding of API security and explore the specific vulnerabilities that can be found within them. I suggest reading these books before or after the workshop is equally beneficial, but note that attendees will be better able to understand the concepts in-depth if they read the books after the session. I also want to emphasize that the list of vulnerabilities found in web applications and APIs are similar, but there are some key differences.
What message do you have for attendees of the Worqference this time?
Gaurav: I encourage attendees to be prepared to learn and to have fun. I emphasize that the workshop will be interactive and encourage attendees to ask any questions they may have, even if they feel they are “stupid.” I hope that attendees will come away from the workshop with new knowledge and skills that they can implement in their work.