About
Senior Information Security Specialist.
My main focus is on Application Security Testing and Security Research / R&D consulting for globally renowned clients. I collaborate daily with multiple teams of skilled security engineers from different companies, having a big influence on implementing security processes and closing security gaps in fast-growing environments.
In the past I have focused extensively in multiple disciplines of the Information Security field including Vulnerability Assessment and Penetration Testing (VA/PT), Secure Coding Practices & SSDLC, DevSecOps/Rugged DevOps/SRE Security, and Exploit R&D. My career experience also includes designing and implementing a wide variety of security solutions, which has resulted in a broad background in technologies and secure infrastructure planning, transformation, and delivery.
I graduated from the University of Milan in AY. 2017/2018 and received a BS in Computer Systems and Networks Security.
You can find me over at:
https://lorenzostella.it/
http://pequalsnp-team.github.io/
http://jbzteam.github.io/
https://twitter.com/lorenzostella
Activity
-
Thrilled to announce that Addepar Security Engineering has open-sourced RedFlag 🚩, a CI/CD security tool that uses AI to flag high-risk code…
Thrilled to announce that Addepar Security Engineering has open-sourced RedFlag 🚩, a CI/CD security tool that uses AI to flag high-risk code…
Liked by Lorenzo Stella
-
Early on in my time at Netflix we made the public cloud core to our enterprise security strategy. We wanted our data in the cloud, not on servers we…
Early on in my time at Netflix we made the public cloud core to our enterprise security strategy. We wanted our data in the cloud, not on servers we…
Liked by Lorenzo Stella
-
Most people have heard of Wave, many know we’re valued at $1.7 Billion+, but few know how we got here. I recorded a quick interview with Justin…
Most people have heard of Wave, many know we’re valued at $1.7 Billion+, but few know how we got here. I recorded a quick interview with Justin…
Liked by Lorenzo Stella
Experience
Education
Volunteer Experience
-
IT Security Consultant
Electronic Frontier Foundation
- Present 7 years
Civil Rights and Social Action
I helped conduct a secure code review and vulnerability assessment for Privacy Badger, a browser add-on from the Electronic Frontier Foundation (EFF) that stops advertisers and other third-party trackers by blocking racking cookies that do not respect the "Do Not Track" setting in a user's web browser.
I am registered as a member since 2017. -
Soccorritore base
Associazione della Croce Rossa Italiana
- 1 year 1 month
Social Services
Abilitazione OPEM
Projects
-
Electronegativity: identify misconfigurations and security anti-patterns in Electron applications
- Present
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper:
https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Software developers and security auditors can use this tool to detect and mitigate potential…Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper:
https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using Electronegativity, as some of the potential issues detected by the tool require manual investigation. -
`detect_antivirus` module for BeEF
I created a module for the Browser Exploitation Framework Project (BeEF) to passively detect potential antiviruses installed on a target machine. Currently it supports Kaspersky, Avira, Avast (ASW), BitDefender, Nortona, and Dr. Web.
-
jsClean: an unpacker/deobfuscator
jsClean is an unpacker/deobfuscator for javascript sources. This Node.js script combines several deobfuscation techniques, even relocating the strings array in the input source (a common obfuscation) to improve the readability for reverse engineering purposes.
-
OSSH: Open Source Security Hub
The Open Source Security Hub (OSSH) idea came up after the local OWASP chapter raised the need for a system aiming at bringing together security experts and projects in need. I quickly realized I could help out by building it as a project for my mobile- and web-programming course at the university. Taking the example of many platforms focused on crowdsourced security (Bugcrowd, HackerOne, Crowdcurity, Synack) I opted to develop a framework to make the process simple and intuitive.
-
Squarify Bot
Don't let Twitter to crop your pics!
Many social networks require you to crop your profile pic, making it fit in a square. Squarifybot lets you solve this problem in an easy way -
Ghetti Trasporti S.r.l. website
A business website for a transport company based in Padua (Villa Estense).
-
Revamp Movies
Revamp is a web application for the streaming of indipendent and historic films.
Other creators -
-
Team Jestion's coming soon parallax
A parallax experiment for a countdown of the release of a video.
-
CutBack
Chrome extension to close tab groups for subject, automatically classified combining TF/IDF & hierarchical tabs.
-
Team Jestion's page
The Team Jestion's official page, built with LESS, CSS3 and HTML5; fully responsive.
-
Image Placeholder API with Play framework
A Custom Image Placeholder service, fully customizable, built with Play framework 2.1.x.
https://github.com/phosphore/CustomImagePlaceHolder/ -
APInions
-
A RESTful API framework to handle votes and surveys, via JSON requests. It provides a simple way for mobile apps developers to send surveys and display/manage them in a dashboard.
It's written in Java (backend) and Scala (frontend), storing data in MySQL.
Languages
-
Italiano
Native or bilingual proficiency
-
Inglese
Full professional proficiency
-
Francese
Elementary proficiency
Organizations
-
JBZ CTF Team
-
- PresentJBZ is one of the few high-ranking Italian CTF teams, which gathers security-minded people from Italy. There are students, professionals, academic researchers and infosec enthusiasts. Capture the Flag (CTF) is a special kind of information security competitions. CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these…
JBZ is one of the few high-ranking Italian CTF teams, which gathers security-minded people from Italy. There are students, professionals, academic researchers and infosec enthusiasts. Capture the Flag (CTF) is a special kind of information security competitions. CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues. https://jbzteam.github.io/
-
The Noun Project
Translator and Reviewer
- PresentThe Noun Project is a website that aggregates and catalogs symbols that are created and uploaded by graphic designers around the world. Based in Los Angeles, the project functions both as a resource for people in search of typographic symbols and a design history of the genre. I'm a translator and a reviewer for the Italian version since 2011.
More activity by Lorenzo
-
If you're attending WarCon this weekend, be sure to say hello to Norbert Szetei and the other #Doyensec team members! #warcon #appsec #security…
If you're attending WarCon this weekend, be sure to say hello to Norbert Szetei and the other #Doyensec team members! #warcon #appsec #security…
Liked by Lorenzo Stella
-
Hey there! We are pleased to spotlight Rosario Garcia de Zuniga, who first joined Wave as an Engineer in September 2019 and is now a Product…
Hey there! We are pleased to spotlight Rosario Garcia de Zuniga, who first joined Wave as an Engineer in September 2019 and is now a Product…
Liked by Lorenzo Stella
-
Surprise😯 you don’t need to study for CISSP but rather do the practice exams. This reminds me of my driving school in Italy - they were teaching…
Surprise😯 you don’t need to study for CISSP but rather do the practice exams. This reminds me of my driving school in Italy - they were teaching…
Liked by Lorenzo Stella
-
A huge thank you to everyone who joined us at the Google Cloud Security Forum Milano 2024 earlier this week! 🎉 🚀…
A huge thank you to everyone who joined us at the Google Cloud Security Forum Milano 2024 earlier this week! 🎉 🚀…
Liked by Lorenzo Stella
-
Congratulations to Doyensec's own Norbert Szetei for discovering an out-of-bounds memory read vulnerability in the Linux kernel! Details:…
Congratulations to Doyensec's own Norbert Szetei for discovering an out-of-bounds memory read vulnerability in the Linux kernel! Details:…
Liked by Lorenzo Stella
-
A couple of weeks ago I was in Paris sponsored by YesWeHack to hack Louis Vuitton - it has been GREAT! I scored the 5th place, even though some stuff…
A couple of weeks ago I was in Paris sponsored by YesWeHack to hack Louis Vuitton - it has been GREAT! I scored the 5th place, even though some stuff…
Liked by Lorenzo Stella
-
For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning…
For more than 15 years, Google Safe Browsing has been protecting users from phishing, malware, unwanted software and more, by identifying and warning…
Liked by Lorenzo Stella
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Lorenzo Stella in Italy
47 others named Lorenzo Stella in Italy are on LinkedIn
See others named Lorenzo Stella