Testing for the Untestable: Validating App Resilience Against AiTM and Session Hijacking
As QA and DevOps teams, you rigorously test your login flows, MFA integrations, and session timeouts. But how do you test for an attack that doesn't break the code and mirrors the entire environment? Enter Adversary-in-the-Middle (AiTM) attacks—a sophisticated phishing method using reverse-proxy toolkits (like Evilginx) that bypass Multi-Factor Authentication (MFA) by stealing live session tokens. In this session, Yaamini will move beyond standard functional testing to look at the technical reality of modern session-based threats. She will demonstrate how these "zero-hour" attacks operate as transparent middlemen and, more importantly, how QA teams can build testing strategies to identify where their applications are most vulnerable to session hijacking and token theft.
As the Vice President of WiCyS Austin, Yaamini Barathi Mohan is dedicated to fostering diversity in the industry. With experience in Vulnerability Management at Dell Technologies and Ethical Hacking at RSA Security, Yaamini has worked across penetration testing, threat intelligence, and security automation. Along the way, she has been honored with recognitions such as Cybersecurity Woman of the Year, the SANS Difference Maker Award 2024, the Cyberjutsu Rising Star Award, and inclusion in the Top 50 Mentors in the U.S. Beyond her technical work, Yaamini is committed to mentorship and community building, actively supporting women and underrepresented groups in cybersecurity through platforms like Ask Me and Topmate.io. She enjoys speaking at conferences, sharing insights on AI-powered security automation, ethical hacking, and cloud security challenges, and learning from the experiences of others in the field.