belarchaoui youcef
10350
Place1175
Points52
Challenges0
CompromissionsMes informations
- Statut : Visiteur
- Nombre de posts : 0
- ChatBox : 0
- Site web : write-up some challenge and research
- Biographie :
+4 years as Cyber Security professional, passionate and addicted to everything related to information security, I’m currently working Penetration Test Engineer at ELIT-Sonelgaz company :
– Web application penetration testing (based on OWASP standard testing guid, code review),
– Mobile application penetration testing (based on the MASTG OWASP mobile application testing guid standard,
code review ),
– Participate in the development of security audit and assessment procedures.
– Participate in the creation of Linux hardened system models (Centos, Ubuntu, Debian) using CIS
– Benchmarks.
– Participate in the creation of Windows hardened system templates ( winodws server , Active directory ) using
– CIS Benchmarks.
– Creation of benchmarks contains good security practices for languages and frameworks ( NodeJS,Laravel,Spring boot,JavaEE)
– Active Directory AD Server Penetration Testing
– Perform compliance and vulnerability audits on hosting environments (Apache, Centos, Debian, Php, MySql, Postgresql, Windows, ...etc).
– Participate in the creation of SDLC secure development guide for the developer team
– Participate in the integration of SATS and DAST tools in the CI-CD process (identification of TOP vulnerabilities 10 in the development cycle) using Jenkins and gitlb runner.
– Vulnerability management of DATA-Center assets.
– Internal and external Red Team activity (exploit vulnerabilities, test security measures implemented by the Blue team in the 3 sectors : networks, system, compliance)
– Report writing (full audit report, in-scope and out-scope vulnerability report)
Contributions
Activité récente
- Bash - System 1Septembre 2021
- Analyse de logs - attaque webAoût 2021
- SQL injection - Time basedJuillet 2021
- XPath injection - En aveugleJuillet 2021
- JWT - Secret faibleJuillet 2021
- JWT - IntroductionJuillet 2021
- JWT - Jeton révoquéJuillet 2021
- XSS - Stockée 2Janvier 2021
- PHP - SérialisationJanvier 2021
- SQL injection - Authentification - GBKJanvier 2021