About
Senior Information Security Specialist.
My main focus is on Application Security Testing and Security Research / R&D consulting for globally renowned clients. I collaborate daily with multiple teams of skilled security engineers from different companies, having a big influence on implementing security processes and closing security gaps in fast-growing environments.
In the past I have focused extensively in multiple disciplines of the Information Security field including Vulnerability Assessment and Penetration Testing (VA/PT), Secure Coding Practices & SSDLC, DevSecOps/Rugged DevOps/SRE Security, and Exploit R&D. My career experience also includes designing and implementing a wide variety of security solutions, which has resulted in a broad background in technologies and secure infrastructure planning, transformation, and delivery.
I graduated from the University of Milan in AY. 2017/2018 and received a BS in Computer Systems and Networks Security.
You can find me over at:
https://lorenzostella.it/
http://pequalsnp-team.github.io/
http://jbzteam.github.io/
https://twitter.com/lorenzostella
Activity
-
When we were starting Statsig, I had to dig into my roots working on Microsoft Office 365 to establish a baseline security posture. We had good…
When we were starting Statsig, I had to dig into my roots working on Microsoft Office 365 to establish a baseline security posture. We had good…
Liked by Lorenzo Stella
-
We're hiring again! We are looking to add a couple of SREs and DBAs to our team in the upcoming weeks/months. Exciting projects coming, focusing on…
We're hiring again! We are looking to add a couple of SREs and DBAs to our team in the upcoming weeks/months. Exciting projects coming, focusing on…
Liked by Lorenzo Stella
-
One thing I love about the culture at Wave Mobile Money, it’s the fact that we are not big on titles. This is both a good cultural test whilst…
One thing I love about the culture at Wave Mobile Money, it’s the fact that we are not big on titles. This is both a good cultural test whilst…
Liked by Lorenzo Stella
Experience
Education
Volunteer Experience
-
IT Security Consultant
Electronic Frontier Foundation
- Present 7 years 3 months
Civil Rights and Social Action
I helped conduct a secure code review and vulnerability assessment for Privacy Badger, a browser add-on from the Electronic Frontier Foundation (EFF) that stops advertisers and other third-party trackers by blocking racking cookies that do not respect the "Do Not Track" setting in a user's web browser.
I am registered as a member since 2017. -
Soccorritore base
Associazione della Croce Rossa Italiana
- 1 year 1 month
Social Services
Abilitazione OPEM
Projects
-
Electronegativity: identify misconfigurations and security anti-patterns in Electron applications
- Present
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper:
https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Software developers and security auditors can use this tool to detect and mitigate potential…Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper:
https://doyensec.com/resources/us-17-Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Software developers and security auditors can use this tool to detect and mitigate potential weaknesses and implementation bugs when developing applications using Electron. A good understanding of Electron (in)security is still required when using Electronegativity, as some of the potential issues detected by the tool require manual investigation. -
`detect_antivirus` module for BeEF
I created a module for the Browser Exploitation Framework Project (BeEF) to passively detect potential antiviruses installed on a target machine. Currently it supports Kaspersky, Avira, Avast (ASW), BitDefender, Nortona, and Dr. Web.
-
jsClean: an unpacker/deobfuscator
jsClean is an unpacker/deobfuscator for javascript sources. This Node.js script combines several deobfuscation techniques, even relocating the strings array in the input source (a common obfuscation) to improve the readability for reverse engineering purposes.
-
OSSH: Open Source Security Hub
The Open Source Security Hub (OSSH) idea came up after the local OWASP chapter raised the need for a system aiming at bringing together security experts and projects in need. I quickly realized I could help out by building it as a project for my mobile- and web-programming course at the university. Taking the example of many platforms focused on crowdsourced security (Bugcrowd, HackerOne, Crowdcurity, Synack) I opted to develop a framework to make the process simple and intuitive.
-
Squarify Bot
Don't let Twitter to crop your pics!
Many social networks require you to crop your profile pic, making it fit in a square. Squarifybot lets you solve this problem in an easy way -
Ghetti Trasporti S.r.l. website
A business website for a transport company based in Padua (Villa Estense).
-
Revamp Movies
Revamp is a web application for the streaming of indipendent and historic films.
Other creators -
Team Jestion's coming soon parallax
A parallax experiment for a countdown of the release of a video.
-
CutBack
Chrome extension to close tab groups for subject, automatically classified combining TF/IDF & hierarchical tabs.
-
Team Jestion's page
The Team Jestion's official page, built with LESS, CSS3 and HTML5; fully responsive.
-
Image Placeholder API with Play framework
A Custom Image Placeholder service, fully customizable, built with Play framework 2.1.x.
https://github.com/phosphore/CustomImagePlaceHolder/ -
APInions
-
A RESTful API framework to handle votes and surveys, via JSON requests. It provides a simple way for mobile apps developers to send surveys and display/manage them in a dashboard.
It's written in Java (backend) and Scala (frontend), storing data in MySQL.
Languages
-
Italiano
Native or bilingual proficiency
-
Inglese
Full professional proficiency
-
Francese
Elementary proficiency
Organizations
-
JBZ CTF Team
-
- PresentJBZ is one of the few high-ranking Italian CTF teams, which gathers security-minded people from Italy. There are students, professionals, academic researchers and infosec enthusiasts. Capture the Flag (CTF) is a special kind of information security competitions. CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these…
JBZ is one of the few high-ranking Italian CTF teams, which gathers security-minded people from Italy. There are students, professionals, academic researchers and infosec enthusiasts. Capture the Flag (CTF) is a special kind of information security competitions. CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engeneering, mobile security and others. Good teams generally have strong skills and experience in all these issues. https://jbzteam.github.io/
-
The Noun Project
Translator and Reviewer
- PresentThe Noun Project is a website that aggregates and catalogs symbols that are created and uploaded by graphic designers around the world. Based in Los Angeles, the project functions both as a resource for people in search of typographic symbols and a design history of the genre. I'm a translator and a reviewer for the Italian version since 2011.
More activity by Lorenzo
-
Wave (https://wave.com) is transforming financial infrastructure across sub-Saharan Africa, making it easier, more reliable, and more affordable to…
Wave (https://wave.com) is transforming financial infrastructure across sub-Saharan Africa, making it easier, more reliable, and more affordable to…
Shared by Lorenzo Stella
-
Apple is announcing a new open source Swift package for homomorphic encryption in Swift: swift-homomorphic-encryption. “One example of how we’re…
Apple is announcing a new open source Swift package for homomorphic encryption in Swift: swift-homomorphic-encryption. “One example of how we’re…
Liked by Lorenzo Stella
-
Smile; it’s Friday again! 😎 Excited to share some Flashback Friday photos featuring some of our wonderful team members from around the globe…
Smile; it’s Friday again! 😎 Excited to share some Flashback Friday photos featuring some of our wonderful team members from around the globe…
Liked by Lorenzo Stella
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Lorenzo Stella in Italy
48 others named Lorenzo Stella in Italy are on LinkedIn
See others named Lorenzo Stella