Web SecurityA system is never hacking-proof but a few good software design decisions can make an attacker's life way harder.
Building, maintaining, and testing web applications for over 7 years, I developed a strong focus on full stack web security and industry standards such as the Open Web Application Security Project (OWASP).
If you are looking for someone to check your SSL and OAuth, someone to audit your system for RFI, LFI, SQLi, XSS or CSRF bugs, or if you are concerned someone might steal your cookies: please reach out.
- Penetration tests, source code audits and vulnerability assessment.
- Consulting focused on payment gateways, their providers and APIs.
- Consulting on how to minimize your attack surface and build robust software.
- Consulting regarding industry standard security solutions and most trustworthy services.
- Implement a public bug bounty program for you to benefit from the global community of whitehat hackers.
- Participated in Twitter's responsible vulnerability disclosure program. Received reward for reporting a complex XSS & email header injection bug.
- See here for a example report of a complex XSS & OAuth bug I found on Digitalsellz.com (ecommerce).
- Received bug bounty reward for reporting multiple XSS, CSRF and SSL bugs to piazza.com.
- Reported multiple SQLi and XSS bugs to iversity.org.
- Demonstrated a Clickjacking vulnerability in Google+. This post "ProfileJacked" 2000 users within a couple hours. Google removed the +1 button from embedded posts due to this issue.
- Built OWASP Top 10 Quiz, an open source web app to test your web security knowledge with questions from the OWASP Top 10 Threats and Mitigations Exam.
- Consulting on online privacy, browser tracking and fingerprinting.
- Help for people who suffer from online stalking.
- Consulting regarding private communication with end-to-end encryption such as PGP, Signal, or Telegram.
- Consulting regarding anonymity on the web with VPN and TOR.
- Talks about topics regarding online privacy.
- Built webkay, a demonstration of all the information your browser reveals about you by visting a website. Webkay was featured on the Reddit frontpage, Hackernews frontpage, and had over 1 Mio users in 2016.
- Built Social Media Leak, a demonstration of a bug in most major web platforms that leaks users logged-in state to any third party website. It was featured on the Reddit frontpage, Hackernews frontpage, and had over 200.000 vistors within first day of launch. It was recognized by netzpolitik.org, Stack Overflow co-founder Jeff Atwood and Founder of WhiteHat Security Jeremiah Grossman.
- Built ubercookie, a demonstration of cross-origin and cross-browser device fingerprinting using getClientRects and AudioApi.
Blockchain and Crypto CurrenciesSince the Bitcoin white paper was released in 2008, the adoption of blockchain technology grew exponentially.
Some people say it is an invention as big as the internet itself, and the moment I understood the aesthetics behind the cryptography of a blockchain header I got a glimpse of what they might be talking about. That's why I am excited to work on projects exploring the economical advantages of a digital currency.
If you are looking for someone who loves to wrap his head around topics like the difference between Bitcoin & Litecoin; proof of work & proof of stake; or the magic of Bloom filters and why a Patricia trie is even more awesome than just a Merkle tree: contact me.
- Development of smart contracts with Ethereum and Serenity.
- Security audits for systems using crypto currencies and smart contracts.
- Consulting on how to buy & sell crypto currencies.
- Consulting on Blockchain-based digital payment infrastructure in developing countries.
- Talks and webinars regarding blockchain technology topics.
- ubercent Ethereum is an open source, easy-to-use Ethereum Wallet built with ethereum.js. It can create accounts, fetch balances, and sign and deploy transactions.
- ubercent Bitcoin is ubercent built with bitcoin.js.
- "A poor man's self printed cash" is a research project on printable, offline-tradable crypto assets based on Ethereum smart contracts (video comming soon).
Pricing ranges from $100 - $5000 because it depends heavily on the complexity of your project, your threat model, and your expected degree of security. Consider the following questions:
- How likely is an attack against your system?
- What is at stake for you?
- How much can you invest in protection?
Please contact me with a detailed description of your project, your risks, and an estimation of your budget so I can suggest a strategy tailored to your requirements.