The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for MCP Dev Summit Mumbai to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration..
IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
MCP servers are quickly becoming the default interface between AI agents and production systems.
This speed has a cost. Most teams shipping MCP servers today are repeating the same security mistakes like overprivileged tool definitions, missing input validation, no transport-layer auth, and blind trust in what the LLM sends downstream.
This talk presents a practical security assessment playbook for MCP servers, built from hands-on penetration testing and security assessments of real MCP deployments.
We'll walk through the three-five most common vulnerability patterns seen in the wild.
- tool poisoning - permission escalation - transport misconfiguration - server-side request forgery through tool arguments
For each vulnerability class, you'll see how the attack works, why it slips past code review, and what the fix looks like in practice.
Attendees will walk away with a repeatable methodology for assessing the security posture of any MCP server before it hits prod. Whether they built it or adopted it.
