Skip to content

docs: add summary for OTC CatchUp #267 : added config #323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Alpastx wants to merge 2 commits into
base: main
Choose a base branch
from
Open

docs: add summary for OTC CatchUp #267 : added config #323

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
16ef65a
docs: add summary for OTC CatchUp #267 : added config
Alpastx Feb 2, 2026
4e730e8
docs: add summary for OTC CatchUp #267 : added configv2
Alpastx Feb 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions summary/sessions/267/attendees.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
==== Attendees

. link:https://twitter.com/KartikSoneji_[Kartik Soneji^]
. link:https://x.com/Alpastx[Alpesh Bhagwatkar^]
. Chirag Nayyar
. Jaden Furtado
. Krishna Gadia
. Swapnil Borkar
. Ishan Sharma
. Ayush Shukla
. Janvi Matani
. Parag Soneji
. Rehan S.
. Shlok Bagwe
. Shubhranil Paul
1 change: 1 addition & 0 deletions summary/sessions/267/config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
catchup_config_noimage=1
24 changes: 24 additions & 0 deletions summary/sessions/267/content.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
Date: 20-12-2025

Duration: 2 hrs 15 mins

==== Topics Discussed

* Rehan S. and Kartik Soneji discussed various web security vulnerabilities and attack vectors.
** They talked about reflected XSS (Cross-Site Scripting) vulnerabilities and how attackers can inject scripts through reflected parameters.
** The discussion covered cookie injection attacks and how vulnerabilities can be exploited through reflected access points.
** They explored scenarios where companies might dismiss bug bounty reports, claiming vulnerabilities are outdated or not exploitable, even when they can be demonstrated.
* Kartik shared experiences with SQL injection attacks and Denial of Service (DoS) scenarios.
** He mentioned testing SQL injection vulnerabilities and how injecting payloads could cause sites to freeze or crash.
** Kartik discussed an incident where cookie injection led to their EngineX server going down, though it recovered within a couple of minutes.
Copy link
Member

@ankushhKapoor ankushhKapoor Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
** Kartik discussed an incident where cookie injection led to their EngineX server going down, though it recovered within a couple of minutes.
** He discussed an incident where cookie injection led to their EngineX server going down, though it recovered within a couple of minutes.

** The group discussed how some companies respond to security reports, sometimes dismissing them as false positives or claiming they're not exploitable.
* Alpesh Bhagwatkar shared his experience with responsible disclosure and company responses to security vulnerabilities.
** He discussed an incident involving a large real estate company where he discovered and dumped their entire database.
** After reporting the vulnerability, the company responded with legal threats instead of acknowledging the security issue.
** Alpesh noted that the vulnerability still exists, highlighting challenges in responsible disclosure when companies respond defensively rather than addressing security concerns.
Copy link
Member

@ankushhKapoor ankushhKapoor Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
** Alpesh noted that the vulnerability still exists, highlighting challenges in responsible disclosure when companies respond defensively rather than addressing security concerns.
** He noted that the vulnerability still exists, highlighting challenges in responsible disclosure when companies respond defensively rather than addressing security concerns.

* The group discussed the challenges and frustrations of bug bounty programs.
** They talked about how companies sometimes dismiss valid security findings or respond with legal threats instead of fixing vulnerabilities.
** The conversation touched on the importance of proper vulnerability reporting and the need for companies to take security reports seriously.
* Discussion about an upcoming tech event at Nesco, Mumbai.
** The group discussed whether the event was worth attending, with some members noting it was scheduled for a weekend.
** Alpesh mentioned sharing an Amazon link in the OTC group related to the event.
Copy link
Member

@ankushhKapoor ankushhKapoor Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the link here too.