Lorenzo Stella
Malo, Veneto, Italia
1272 follower
Oltre 500 collegamenti
Informazioni
Senior Application Security Engineer.
My main focus is on Application Security, currently building radically affordable financial infrastructure for Sub-Saharan Africa in a secure way at Wave Mobile Money (www.wave.com).
Before that I performed Security Research / R&D consulting on behalf on Doyensec (www.doyensec.com) for globally renowned clients. I collaborated daily with multiple teams of skilled security engineers from different companies, having a big influence on implementing security processes and closing security gaps in fast-growing environments.
In the past I have also focused extensively in multiple disciplines of the Information Security field including Vulnerability Assessment and Penetration Testing (VA/PT), Secure Coding Practices & SSDLC, DevSecOps/Rugged DevOps/SRE Security, and Exploit R&D. My career experience also includes designing and implementing a wide variety of security solutions, which has resulted in a broad background in technologies and secure infrastructure planning, transformation, and delivery.
I graduated from the University of Milan in AY. 2017/2018 and received a BSc in Computer Systems and Networks Security.
You can find me over at:
https://lorenzostella.it/
http://pequalsnp-team.github.io/
http://jbzteam.github.io/
https://twitter.com/lorenzostella
Attività
-
When we were starting Statsig, I had to dig into my roots working on Microsoft Office 365 to establish a baseline security posture. We had good…
When we were starting Statsig, I had to dig into my roots working on Microsoft Office 365 to establish a baseline security posture. We had good…
Consigliato da Lorenzo Stella
-
We're hiring again! We are looking to add a couple of SREs and DBAs to our team in the upcoming weeks/months. Exciting projects coming, focusing on…
We're hiring again! We are looking to add a couple of SREs and DBAs to our team in the upcoming weeks/months. Exciting projects coming, focusing on…
Consigliato da Lorenzo Stella
-
One thing I love about the culture at Wave Mobile Money, it’s the fact that we are not big on titles. This is both a good cultural test whilst…
One thing I love about the culture at Wave Mobile Money, it’s the fact that we are not big on titles. This is both a good cultural test whilst…
Consigliato da Lorenzo Stella
Esperienza
Formazione
Esperienze di volontariato
-
IT Security Consultant
Electronic Frontier Foundation
- Presente 7 anni e 3 mesi
Diritti civili e azioni sociali
I helped conduct a secure code review and vulnerability assessment for Privacy Badger, a browser add-on from the Electronic Frontier Foundation (EFF) that stops advertisers and other third-party trackers by blocking racking cookies that do not respect the "Do Not Track" setting in a user's web browser.
I am registered as a member since 2017. -
Soccorritore base
Associazione della Croce Rossa Italiana
- 1 anno e 1 mese
Servizi sociali
Abilitazione OPEM
Progetti
-
Electronegativity: identify misconfigurations and security anti-patterns in Electron applications
- Presente
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper:
https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Software developers and security auditors can use this tool to detect and mitigate potential…Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper:
https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using Electronegativity, as some of the potential issues detected by the tool require manual investigation. -
`detect_antivirus` module for BeEF
I created a module for the Browser Exploitation Framework Project (BeEF) to passively detect potential antiviruses installed on a target machine. Currently it supports Kaspersky, Avira, Avast (ASW), BitDefender, Nortona, and Dr. Web.
-
jsClean: an unpacker/deobfuscator
jsClean is an unpacker/deobfuscator for javascript sources. This Node.js script combines several deobfuscation techniques, even relocating the strings array in the input source (a common obfuscation) to improve the readability for reverse engineering purposes.
-
OSSH: Open Source Security Hub
The Open Source Security Hub (OSSH) idea came up after the local OWASP chapter raised the need for a system aiming at bringing together security experts and projects in need. I quickly realized I could help out by building it as a project for my mobile- and web-programming course at the university. Taking the example of many platforms focused on crowdsourced security (Bugcrowd, HackerOne, Crowdcurity, Synack) I opted to develop a framework to make the process simple and intuitive.
-
Squarify Bot
Don't let Twitter to crop your pics!
Many social networks require you to crop your profile pic, making it fit in a square. Squarifybot lets you solve this problem in an easy way -
Ghetti Trasporti S.r.l. website
A business website for a transport company based in Padua (Villa Estense).
-
Revamp Movies
Revamp is a web application for the streaming of indipendent and historic films.
Altri creatori -
Team Jestion's coming soon parallax
A parallax experiment for a countdown of the release of a video.
-
CutBack
Chrome extension to close tab groups for subject, automatically classified combining TF/IDF & hierarchical tabs.
-
Team Jestion's page
The Team Jestion's official page, built with LESS, CSS3 and HTML5; fully responsive.
-
Image Placeholder API with Play framework
A Custom Image Placeholder service, fully customizable, built with Play framework 2.1.x.
https://github.com/phosphore/CustomImagePlaceHolder/ -
APInions
-
A RESTful API framework to handle votes and surveys, via JSON requests. It provides a simple way for mobile apps developers to send surveys and display/manage them in a dashboard.
It's written in Java (backend) and Scala (frontend), storing data in MySQL.
Lingue
-
Italiano
Conoscenza madrelingua o bilingue
-
Inglese
Conoscenza professionale completa
-
Francese
Conoscenza base
Organizzazioni
-
JBZ CTF Team
-
- PresenteJBZ is one of the few high-ranking Italian CTF teams, which gathers security-minded people from Italy. There are students, professionals, academic researchers and infosec enthusiasts. Capture the Flag (CTF) is a special kind of information security competitions. CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these…
JBZ is one of the few high-ranking Italian CTF teams, which gathers security-minded people from Italy. There are students, professionals, academic researchers and infosec enthusiasts. Capture the Flag (CTF) is a special kind of information security competitions. CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues. https://jbzteam.github.io/
-
The Noun Project
Translator and Reviewer
- PresenteThe Noun Project is a website that aggregates and catalogs symbols that are created and uploaded by graphic designers around the world. Based in Los Angeles, the project functions both as a resource for people in search of typographic symbols and a design history of the genre. I'm a translator and a reviewer for the Italian version since 2011.
Altre attività di Lorenzo
-
Wave (https://wave.com) is transforming financial infrastructure across sub-Saharan Africa, making it easier, more reliable, and more affordable to…
Wave (https://wave.com) is transforming financial infrastructure across sub-Saharan Africa, making it easier, more reliable, and more affordable to…
Condiviso da Lorenzo Stella
-
Apple is announcing a new open source Swift package for homomorphic encryption in Swift: swift-homomorphic-encryption. “One example of how we’re…
Apple is announcing a new open source Swift package for homomorphic encryption in Swift: swift-homomorphic-encryption. “One example of how we’re…
Consigliato da Lorenzo Stella
-
Smile; it’s Friday again! 😎 Excited to share some Flashback Friday photos featuring some of our wonderful team members from around the globe…
Smile; it’s Friday again! 😎 Excited to share some Flashback Friday photos featuring some of our wonderful team members from around the globe…
Consigliato da Lorenzo Stella
Altri profili simili
Altre persone che si chiamano Lorenzo Stella in Italia
Su LinkedIn ci sono altre 48 persone che si chiamano Lorenzo Stella in Italia
Vedi altre persone che si chiamano Lorenzo Stella