An experienced security, development, and IT professional with a deep passion for information security. Bringing 5 years of experience administering, testing, and maintaining security in the small business space, and 2 years researching and exploiting vulnerabilities professionally and under bug bounty programs.
Vulnerability Portfolio
DoS P3 - MEDIUM Web Microsoft NO ? NO
Authentication Bypass P1 - CRITICAL Web TaxCloud YES NO YES
Authentication Bypass P3 - MEDIUM Desktop Bitdefender YES NO NO
Unrestricted File Upload P3 - MEDIUM Web Fancy Product Designer NO NO NO
Stored XSS via SVG Upload P2 - HIGH Web Fancy Product Designer YES NO YES
Sensitive Information Disclosure P3 - MEDIUM Web, Desktop Bitdefender YES NO NO
Authentication Bypass P2 - HIGH Desktop Malwarebytes YES NO YES
Authentication Bypass P4 - LOW Mobile Bitdefender YES YES YES
Application-level DoS P3 - MEDIUM Web Bitdefender YES NO YES
Reflected XSS P4 - LOW Web IBM N/A N/A N/A
Development Portfolio
Browser Guard
About:Browser Guard intercepts all top-level navigation requests and checks if the destination is on your list of trusted domains. If it is not found, the request is blocked, and you're given the option to temporarily or permanently trust the domain.
Technologies:TypeScript, Stardust, SCSS, NPM, Git
Frequency Distribution Calculator
About:Frequency Distribution Calculator is a tool to help you calculate and analyze word and character frequency distribution in text.
Technologies:TypeScript, Stardust, SCSS, NPM, Git, AWS
About:Stardust is what my apps are made of. A web application framework comprised of a small JavaScript and CSS library with no production dependencies and a build system. The JavaScript library (and application code by default) is TypeScript and compiles back to ES5 for compatibility with Internet Explorer 11. A dark and light theme are provided using SCSS for the Stardust UI and a separate theme for application SCSS.
Technologies:TypeScript, SCSS, NPM, Git
ExpressRAIL Assistant
About:ExpressRAIL Assistant was deployed to retail floors and reseller's websites and facilitated the ordering of one of the company's railing systems. After generating a list of needed parts, the list and the customer's drawing could be emailed to the customer. This feature added significant security concerns, since it rendered user-generated HTML, converted it to a PDF, and emailed it to a given email address. To better secure this feature, the backend service was restricted such that it would only communicate with the app's frontend service, a keyword filter was put in place to prevent the app from parsing unexpected HTML, and rate limiting was put in place to prevent the backend service from being abused as a spam gateway.
Technologies:JavaScript, CSS, PHP, EC2, wkhtmltopdf, Git
Reset settings