belarchaoui youcef
10350
Standort1175
Punkte52
Premium Übungen0
CompromissionsMeine Daten
- Status : Besucher
- Anzahl von Beiträgen : 0
- ChatBox : 0
- Webseite : write-up some challenge and research
- Kleine Biografie :
+4 years as Cyber Security professional, passionate and addicted to everything related to information security, I’m currently working Penetration Test Engineer at ELIT-Sonelgaz company:
– Web application penetration testing (based on OWASP standard testing guid, code review),
– Mobile application penetration testing (based on the MASTG OWASP mobile application testing guid standard,
code review ),
– Participate in the development of security audit and assessment procedures.
– Participate in the creation of Linux hardened system models (Centos, Ubuntu, Debian) using CIS
– Benchmarks.
– Participate in the creation of Windows hardened system templates ( winodws server , Active directory ) using
– CIS Benchmarks.
– Creation of benchmarks contains good security practices for languages and frameworks ( NodeJS,Laravel,Spring boot,JavaEE)
– Active Directory AD Server Penetration Testing
– Perform compliance and vulnerability audits on hosting environments (Apache, Centos, Debian, Php, MySql, Postgresql, Windows, ...etc).
– Participate in the creation of SDLC secure development guide for the developer team
– Participate in the integration of SATS and DAST tools in the CI-CD process (identification of TOP vulnerabilities 10 in the development cycle) using Jenkins and gitlb runner.
– Vulnerability management of DATA-Center assets.
– Internal and external Red Team activity (exploit vulnerabilities, test security measures implemented by the Blue team in the 3 sectors: networks, system, compliance)
– Report writing (full audit report, in-scope and out-scope vulnerability report)
Beiträge
Neueste Aktivität
- Bash - System 1September 2021
- Analyse de logs - attaque webAugust 2021
- SQL injection - Time basedJuli 2021
- XPath injection - En aveugleJuli 2021
- JWT - Secret faibleJuli 2021
- JWT - IntroductionJuli 2021
- JWT - Jeton révoquéJuli 2021
- XSS - Stockée 2Januar 2021
- PHP - SérialisationJanuar 2021
- SQL injection - Authentification - GBKJanuar 2021