Name: Federico Gerardi
Profile: Full Stack Developer
Email: federicogerardi94[at]gmail.com
Phone: (+39) 3450156143
Teams: ESN Italy IT Committee
University: University of Pisa, Universitat de Barcelona
I'm Federico Gerardi (aka AzraelSec). I'm currently a computer science student at the University of Pisa (Italy).
I'm a Full Stack Developer and Cyber Security Enthusiast. I'm specialized in Penetration Testing, Code Reviewing, Full Stack Web Developing and Mobile Developing I'm involved in as many CTFs and Vulnerability Assessments as possible.
I am very enthustiastic about developing security softwares and tools in order to help my colleagues in automating their work as much as possible.
What do I do?
It is always a real necessity for a company to have particular programs (or tools) to complete their own daily goals but not always those particular programs exist. Why not to create them?
I realized web projects using the most popular and efficient frameworks: jQuery, Angular2+, Laravel, and more. I have experience in PWA developing too using the Ionic Framework.
Android is the most diffused mobile OS and sometimes happens that We'd like to have an app that does not exist. Not a problem: a bit of Java and the Android SDK will solve everything.
"Security through obscurity" is something that does not work anymore, does it? Everyone needs a complete and proper penetration test to verify Its own grade of (in)security.
Are you really sure that your website or your network is completely secure? Vulnerability assessment will be useful to find out all vulnerability flaws to which your system is exposed to.
It's really hard for a programmer without any experience in security to write a secure program. A well done (white hat) code review could avoid to expose your platform to initial attacks.
1
RESPONSIBLE DISCLOSURES8
YEARS OF EXPERIENCE4
CERTIFICATIONS3
PUBLICATIONSThese are some of my projects
The eJPT designation stands for eLearnSecurity Junior Penetration Tester. eJPT is a 100% practical certification on penetration testing and information security essentials. By passing the challenging exam and obtaining the eJPT certificate, a penetration tester can prove their skills in the fastest growing area of information security
What have I published?
During the web application security assessment for Phorum, VoidSec Team assessed the following systems using basically a grey-box approach, checking security from the perspective of an external attacker, with credentials.
During the JuniorsCTF 2017 remote competition, JBZ team solved the Scam web challange that involved a SQL injection vulnerability affecting a Telegram Bot.
Postman is a Linux HackTheBox machine that exposes a Redis exploitable service and a vulnerable version of Webmin.