Security researcher, bug hunter, software engineer.
Publications:
- A Technical Deep Dive into Semgrep’s JavaScript Vulnerability Detection
- Exploiting dynamic rendering engines to take control of web apps
- Hardcoded secrets, unverified tokens, and other common JWT mistakes
Presentations:
- OWASP Toronto (April 2022): Saving a SAST Program in Distress
- OWASP Ottawa (July 2021): Scale Security with Secure Defaults & Eliminating Bug Classes
Links: