|
|
|
|
|
|
|
|
|
Degrees
|
|
Bachelor of Science from Cornell University
|
|
|
My Expert Service
|
|
Understand how to find and resolve security issues related to OWASP Top 10, PCI-DSS, and FFIEC in Web Applications. Specialty is with J2EE, Web 2.0, Struts, SpringMVC, Flash Applications, and Oracle Application Server based web applications. Also specialize in finding back doors in Web applications.
Expert in creating and writing Fortify custom rules for use in Fortify SCA (Security Code Analysis)
Current areas of research are Unicode vulnerabilities and Framework (J2EE, Struts, Spring MVC, PL/SQL Server Pages) specific vulnerabilities.
Encryption, Key Lifecycle Management, and Key Rotation API development
|
|
|
Experience & Qualifications
|
|
Have been code reviewing large enterprise applications for financial institutions for over 2 years and worked as a security practitioner for over 7 years.
Developed Fortify custom rules to address framework specific security issues which were not covered by Fortify.
Developed the Flash/ActionScript guidelines and code reviewing process for a large financial institution institution.
Subject matter expert for my group in Struts, SpringMVC, ActionScript and PL/SQL.
Trained by workmates in identifying and resolving Cross Site Scripting, Parameter Tampering, Path Manipulation, HTTP Parameter Polution, Application Backdoors, and security vulnerabilities associated with popular J2EE frameworks (Struts, SpringMVC, etc.)
Implemented a Encryption API which supported key rotation and key life cycle management.
|
|
|
Available Modes Of Communication
|
|
email/chat
|
|
|
|
|
Contact
Abraham Kang
|
|
|
|
|
|
|