India ranks third in 2023 for phishing attacks following the US and Russia. Cybercrime poses increasing threats due to widespread internet usage. Therefore, there is a dire need for effective preventative measures. Sandeep Hodkasia, Founder & CEO of Appsecure Security, strives to combat these issues through offering reliable mobile app scanning solutions. Providing holistic protection against harmful software and skilled hackers, Appsecure Security seeks to facilitate safer online experiences, minimizing risk and promoting confidence among users navigating cyberspaces. Here is an exclusive email interaction between FYI9 News and Sandeep Hodkasia:
Prateek: How did your journey into the world of cybersecurity begin, particularly your experience as an ethical hacker?
Sandeep Hodkasia: My journey into cybersecurity started during my teenage years when I was introduced to ethical hacking by my brother, Anand Prakash. From the moment I encountered the concept, I was hooked. It wasn’t just the technical aspects that fascinated me, but the realization that I could make a real difference by discovering vulnerabilities and helping companies fix them. I started by participating in online hacking forums and competitions, where I got hands-on experience with various hacking techniques. I became deeply invested in learning how systems worked and how they could be exploited. This early immersion in the world of ethical hacking gave me a strong foundation, and once I earned my first bug bounty, I knew I was on the right path. The feeling of discovering something others had missed, and then seeing that vulnerability fixed, was incredibly fulfilling. From there, my passion only grew.
Prateek: As the founder of a cybersecurity company for the past eight years, what are the key lessons you have learned?
Sandeep Hodkasia: Running a cybersecurity company for eight years has been a transformative journey. There have been a few key lessons that have shaped my approach to the field:
#1 Staying Updated is Critical: The cybersecurity landscape is evolving at an unprecedented rate. Threats that were common a few years ago have been replaced by more sophisticated, AI-driven attacks. It’s a constant learning process, and staying ahead of the curve is essential to providing effective protection for our clients.
#2 The Power of a Strong Team: In cybersecurity, it’s impossible to succeed alone. Building a talented and dedicated team of professionals has been one of the most valuable aspects of my journey. A strong team brings diverse skills and perspectives, allowing us to tackle complex security challenges from multiple angles.
#3 Continuous Learning is Essential: The nature of cybersecurity means you can never stop learning. Whether it’s new hacking techniques, emerging threats, or the latest security technologies, being in a constant state of growth is necessary to remain effective in this industry.
#4 Customer-Centric Approach: Every client has unique security needs, and understanding those needs is key to building long-term, trust-based relationships. Tailoring solutions to each client has been a cornerstone of AppSecure’s success, and it’s something I believe in strongly.
Prateek: Could you provide an example of a sensitive issue you discovered through ethical hacking, and how you resolved it?
Sandeep Hodkasia: One of the more notable vulnerabilities I discovered was during research on the Dubsmash iOS application. I found that the UpdateSoundGraphQL API endpoint was vulnerable to a Broken Object Level Authorization (BOLA) flaw, which allowed an attacker to change the title of any soundtrack using the soundtrack’s UUID, a publicly known value. Essentially, with this vulnerability, an attacker could alter an entire music library using an automated script. After discovering this issue, I promptly reported it to Reddit, who owned Dubsmash, and recommended that they implement an authorization check to verify the UUID parameter against the logged-in user session. Within a short time, Reddit fixed the issue, and they rewarded me with a $3000 bug bounty for my efforts. This experience reinforced my belief in the value of ethical hacking in safeguarding digital platforms.
Prateek: What motivates you to continue your efforts in enhancing digital security, and how do you envision yourself in the field of cybersecurity?
Sandeep Hodkasia: What drives me is the idea that, with every vulnerability I help fix, the digital world becomes a bit safer. The cybersecurity space is dynamic, and the constant evolution of threats keeps me motivated to stay one step ahead. I’m particularly inspired by the idea that my work has a tangible impact on the security of companies and individuals around the world. My vision for myself in the field of cybersecurity is to continue advancing offensive security techniques, helping businesses protect their digital assets. I see myself growing not only as an expert in ethical hacking but also as a mentor, guiding the next generation of cybersecurity professionals and shaping the industry’s future.
Prateek: What are your future plans for both yourself and AppSecure Security?
Sandeep Hodkasia: For myself, I plan to keep expanding my knowledge in cybersecurity, particularly in offensive security strategies. I also want to dedicate time to mentoring young professionals in the field, sharing my experiences, and inspiring the next wave of cybersecurity experts. As for AppSecure Security, the goal is to continue growing into a global leader in offensive security services. I envision providing innovative, cutting-edge solutions to companies worldwide, ensuring they stay ahead of potential attackers. We plan to stay at the forefront of cybersecurity trends, adapting and evolving as new threats emerge, and building a lasting legacy of excellence in the field.
Here is an exclusive article written by Sandeep Hodkasia – Power Of Manual Pentest Over Automated Security Testing