Full Stack Web Developer,Mobile Developer,Desktop Developer,AWS Developer,Cyber Security Enthusiast, Penetration Tester, Computer Science Student
Name: Federico Gerardi
Profile: Full Stack Developer
Phone: (+39) 3450156143
Teams: ESN Italy IT Committee
University: University of Pisa, Universitat de Barcelona
I'm Federico Gerardi (aka AzraelSec). I'm currently a computer science student at the University of Pisa (Italy).
I'm a Full Stack Developer and Cyber Security Enthusiast. I'm specialized in Penetration Testing, Code Reviewing, Full Stack Web Developing and Mobile Developing I'm involved in as many CTFs and Vulnerability Assessments as possible.
I am very enthustiastic about developing security softwares and tools in order to help my colleagues in automating their work as much as possible.
What do I do?
It is always a real necessity for a company to have particular programs (or tools) to complete their own daily goals but not always those particular programs exist. Why not to create them?
I realized web projects using the most popular and efficient frameworks: jQuery, Angular2+, Laravel, and more. I have experience in PWA developing too using the Ionic Framework.
Android is the most diffused mobile OS and sometimes happens that We'd like to have an app that does not exist. Not a problem: a bit of Java and the Android SDK will solve everything.
"Security through obscurity" is something that does not work anymore, does it? Everyone needs a complete and proper penetration test to verify Its own grade of (in)security.
Are you really sure that your website or your network is completely secure? Vulnerability assessment will be useful to find out all vulnerability flaws to which your system is exposed to.
It's really hard for a programmer without any experience in security to write a secure program. A well done (white hat) code review could avoid to expose your platform to initial attacks.
8YEARS OF EXPERIENCE
These are some of my projects
TURING (aka disTribUted collaboRative edItiNG) is a tool for the distributed collaborative documents editing which offers a small set of services.
RobowWar is a simple and minimalistic browser game in which a funny robot will fight against multiple enemies to get to the final goal
C.T.F. Time is an Amazon Alexa Skill which will allow you to stay up to date on upcoming cature the flag events and teams rankings.
CMShell is a simple, highly customizable and easily extensible static content managment system that allows you to share contents in a very original way.
Simple blog in which I usually publish CTF walkthroughs and security-related articles
The eJPT designation stands for eLearnSecurity Junior Penetration Tester. eJPT is a 100% practical certification on penetration testing and information security essentials. By passing the challenging exam and obtaining the eJPT certificate, a penetration tester can prove their skills in the fastest growing area of information security
What have I published?
During the web application security assessment for Phorum, VoidSec Team assessed the following systems using basically a grey-box approach, checking security from the perspective of an external attacker, with credentials.
During the JuniorsCTF 2017 remote competition, JBZ team solved the Scam web challange that involved a SQL injection vulnerability affecting a Telegram Bot.