Cernica Ionut-Cosmin

IT Cyber Security Engineer for Safetech Innovations

I am an IT cyber security enthusiast with strong technical skills in the areas of Information Technology and Information Security. My main interest regarding IT and Information Security is the security of web and mobile applications, and the network infrastructures that support them.

My key technical skills include penetration testing, secure code review, security testing and management using white, gray and black box penetration testing approaches.

I also take part in security audits together with my fellow security engineers.

I have been involved in a lot of training activities as I like to be in touch with the latest developments and technologies regarding security testing.

Because I am a competitive person, I also like to take part in Hacking competitions and conventions together with my colleagues from the Hexcellents team, and if it is one thing that I’ve learned from every CTF competition is that you never stop learning new things in the field of Information Security.

Another hobby of mine is participating in bug bounty programs, like the ones held by Google, Facebook and others. You can find me on more than 15 Halls of Fame on the web such as the Google Hall of Fame and Facebook (2011, 2012, 2013 and 2014).

Presentation: A Practical Study of Security Problems on One of the Most Efficient Web Application Firewall

Security of web applications is a part of Information Security and is very important from the viewpoint of system integrity and in terms of access to authorized data used by the application. With the passage of time the information exchange increased in intensity, so this conducted to capturing the attention of people who wanted access to information. Because of this it has been recognized the need to implement security policies at the web application level. My study was on one of the most efficient web application firewall. In this research I focused on security problems of any kind that this specific technology implementation might have.

Key words: bypass SQL Injection protection, find the administrative console (government and public sector), a way to disable the firewall protection, ways to take control over the administrative console.

Presentation @DefCamp 2014