These projects focus on penetration testing, security assessments, and vulnerability analysis.
Conducted SAST with SonarQube and DAST using ZAP, identified vulnerable dependencies with Snyk.io, and performed comprehensive threat modeling aligned with OWASP Top 10. Employed fuzzing, attack/defense trees, and abuse/misuse case identification. Discovered critical security vulnerabilities and proposed remediation strategies.
Completed various security challenges in OWASP Juice Shop, focusing on web application vulnerabilities including SQL Injection, Cross-Site Scripting (XSS), and Broken Authentication.
Performed a comprehensive network audit leveraging Censys.io and Shodan.io, identifying exposed services and attack vectors. Conducted passive reconnaissance and documented vulnerabilities.
Conducted an experiment demonstrating an attack that successfully escapes the Flatpak sandbox, highlighting vulnerabilities and the need for robust permission management.