About
I have worked on Information Security with some of the largest organizations across the…
Activity
-
Team Pixee | Your Automated Product Engineer is heading to Hacker Summer Camp in Las Vegas next week! 🧚 We're thrilled to attend our first BlackHat…
Team Pixee | Your Automated Product Engineer is heading to Hacker Summer Camp in Las Vegas next week! 🧚 We're thrilled to attend our first BlackHat…
Liked by Dan Amodio
-
Going to be in Vegas for the Hacker Summer Camp from August 05 - August 10, 2024. Come talk to me (or DM me to meet) and get some Ophion Security…
Going to be in Vegas for the Hacker Summer Camp from August 05 - August 10, 2024. Come talk to me (or DM me to meet) and get some Ophion Security…
Liked by Dan Amodio
-
Thought: Great leaders are great only because they keep great people around them. We learn from each experience and every person we interact with. I…
Thought: Great leaders are great only because they keep great people around them. We learn from each experience and every person we interact with. I…
Liked by Dan Amodio
Experience
Education
Publications
-
Mobile Applications & Proxy Shenanigans (AppSec USA 2012)
Aspect Security
With over 5 Billion mobile devices presently in use, mobile applications enable new threats and attacks which introduce significant risks to organizations. As such, it is imperative that we perform our normal application security procedures on all mobile applications, including pen testing and code reviews. Pen testing mobile applications has proven to be difficult when typical application security testing practices are employed. Proxying mobile traffic for examination and modification is…
With over 5 Billion mobile devices presently in use, mobile applications enable new threats and attacks which introduce significant risks to organizations. As such, it is imperative that we perform our normal application security procedures on all mobile applications, including pen testing and code reviews. Pen testing mobile applications has proven to be difficult when typical application security testing practices are employed. Proxying mobile traffic for examination and modification is anything but straightforward and every application presents its own, unique challenges. David and Dan will explain the issues that arise when trying to proxy mobile application traffic. Join Dan and Dave as they provide guidance and a roadmap so that you may overcome these obstacles.
Slides: https://www.aspectsecurity.com/uploads/downloads/2012/10/2012-Mobile_Applications_and_Proxy_Shenanigans.pdf
Video: http://vimeo.com/54227158Other authorsSee publication -
Remote Code With Expression Language Injection, Discovering a Spring Framework Vulnerability
Aspect Security
In 2011, Stefano Di Paola of Minded Security and Arshan Dabirsiaghi from Aspect Security discovered an interesting pattern in the Spring Framework, which Stefano coined Expression Language (EL) Injection. Their discovery revealed that certain Spring tags which double interpret Expression Language can be used to expose sensitive data stored on the server. This is because Spring provides EL support independent of the JSP/Servlet container, as a means for backwards compatibility, since, prior to…
In 2011, Stefano Di Paola of Minded Security and Arshan Dabirsiaghi from Aspect Security discovered an interesting pattern in the Spring Framework, which Stefano coined Expression Language (EL) Injection. Their discovery revealed that certain Spring tags which double interpret Expression Language can be used to expose sensitive data stored on the server. This is because Spring provides EL support independent of the JSP/Servlet container, as a means for backwards compatibility, since, prior to JSP 2.0, Expression Language wasn’t supported. This functionality is currently turned on by default, and applications that use the patterns described herein are vulnerable.
The original impact of this issue related to information disclosure, but I’ll illustrate how it can actually be used for remote code execution on Glassfish and potentially other EL 2.2 containers.
More activity by Dan
-
I'm going to be at hacker summer camp, but only for part. I'll arrive Monday, depart Friday. Main things I'm looking to do: 1. Walk the expo floor…
I'm going to be at hacker summer camp, but only for part. I'll arrive Monday, depart Friday. Main things I'm looking to do: 1. Walk the expo floor…
Liked by Dan Amodio
-
One week away! Looking forward to connecting with a bunch of security professionals I really respect.
One week away! Looking forward to connecting with a bunch of security professionals I really respect.
Liked by Dan Amodio
-
Robinhood is hiring an Application Security EM. shoot me a message if you are interested/have questions https://lnkd.in/eacbAz8Z
Robinhood is hiring an Application Security EM. shoot me a message if you are interested/have questions https://lnkd.in/eacbAz8Z
Liked by Dan Amodio
-
The best way to dogfood security product is to see if it works in the real world. I took Orion for a run this month and had some pretty solid success…
The best way to dogfood security product is to see if it works in the real world. I took Orion for a run this month and had some pretty solid success…
Liked by Dan Amodio
-
How to build a cybersecurity company- from the founders of Thinkst Canary , Duo Security , Signal Sciences. 📺 My notes + links to the videos. 1️⃣…
How to build a cybersecurity company- from the founders of Thinkst Canary , Duo Security , Signal Sciences. 📺 My notes + links to the videos. 1️⃣…
Liked by Dan Amodio
-
Something a lot of folks ask me is "how do you stay current on emerging technologies" and one of the great sources for me is by being an angel…
Something a lot of folks ask me is "how do you stay current on emerging technologies" and one of the great sources for me is by being an angel…
Liked by Dan Amodio
-
🎉 New Role Alert ✨ This is an exciting opportunity to massively impact security at AWS. Join a team of SecEngs and SDEs as we work to provide…
🎉 New Role Alert ✨ This is an exciting opportunity to massively impact security at AWS. Join a team of SecEngs and SDEs as we work to provide…
Liked by Dan Amodio
-
Last week I was honored to be in a room filled with the best and the brightest during the Baltimore Magazine Nurse Excellence Awards. Thankful for my…
Last week I was honored to be in a room filled with the best and the brightest during the Baltimore Magazine Nurse Excellence Awards. Thankful for my…
Liked by Dan Amodio
-
Scale's Head of Security, Alex Levinson, joined Director Jen Easterly on Thursday to sign the Cybersecurity and Infrastructure Security Agency's…
Scale's Head of Security, Alex Levinson, joined Director Jen Easterly on Thursday to sign the Cybersecurity and Infrastructure Security Agency's…
Liked by Dan Amodio
-
Psyched to talk about Scaling Security. Come checkout Loco Moco Sec!
Psyched to talk about Scaling Security. Come checkout Loco Moco Sec!
Liked by Dan Amodio
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Dan Amodio in United States
-
Daniel Amodio
-
Dan Amodio
--
-
Daniel Amodio
Business Development Leader in SaaS, Sports & Tech.
-
Daniel Amodio
5 others named Dan Amodio in United States are on LinkedIn
See others named Dan Amodio