Software security has been one of my passions for as long as I can remember. I’ve always been an avid reader, absorbing everything about encryption, web application security, reverse engineering, and whatever else I can find. I actively hone my skills by working as a freelance security researcher (I’ve begun writing up some of my more fun exploits in my blog). I also enjoy participating in security capture the flag competitions (CTFs), and recently placed 17th out of 288 with Yelp’s security team (d4rwinb0ts) in a University of Illinois at Urbana–Champaign run CTF.
I attempt to incorporate my knowledge and passion for security into everything I do. While working at Desire2Learn, I actively performed black- and white-box testing. I uncovered and reported Cross Site Scripting (XSS), SQL Injection, and Cross Site Request Forgery (CSRF) flaws, as well as developing some more involved proof of concept attacks exploiting string truncation and authorization check timings. As a result of my work at Desire2Learn, I was asked to lead a developer education effort to share the patterns I had uncovered and educate engineers on how to write safer code.