Michele Orru' Email & Phone Number

As Web Application Security is one of my main research fields, I couldn't continue without being part of a good open source project. I was using BeEF from many years during pentests and security seminars, and now I'm proud to be part of the core development team. Thanks to Wade for inspiration on many things.Some of my work: - Thin/Rack/Sinatra migration.

Providing professional consulting services to clients in the following areas: - Application Penetration Testing, - Phishing and Social Engineering, - Source Code Analysis and Secure Architecture/Coding guidelines.

London, United Kingdom

Providing professional consulting services to clients in the following areas: - Application Penetration Testing, - Source Code Analysis and Secure Architecture/Code guidelines, - Social Engineering, - Secure Development and Pentesting live trainings, - Internal Products Pentesting and Code Review.

Penetration testing of worldwide banking systems. Vulnerability research activities.Main Areas:- Web Application Security- Infrastructure/Web penetration tests and build reviews on *NIX/Linux/Windows- BeEF

Writer and beta-tester (http://en.wikipedia.org/wiki/Hakin9) Official writer, reviewer and beta-tester of articles in english anditalian. I've written three articles by now:1. Introducion to Firewalls: from ISO/OSI stack to DMZ(published in english and italian)2. Gentoo Hardened: portare la sicurezza di Linux all'estremo(published in italian, November.

Build a secure, reliable and powerful Linux based platform forIntegratingWeb with CentoOS 5. Admin and check regularly thehealth of the system.- Official developer of the OpenSource project Opentaps (www.opentaps.org), and contributor of Apache Ofbiz (security)- Implement and Manage the security of the web applications withAcegi Security and JAAS.- Threat.

Researcher and Developer at INFN -CNAF (National Institute of Nuclear Phisycs, Bologna): - working with OGF-europe (www.ogfeurope.eu) on the OCCI cloud interface, and cloud computing use-cases collection - main Java developer of INFN-CNAF research on Cloud Computing (Spring, Hibernate, Restlet, Jetty, X.509, Kerberos, Shibboleth, Platform LSF, Xen/KVM.

Managing software development in legacy products using Visual Basic 6 for the biggest Italian companies. Linux and Java reference person. Java development for Real time access control systems and Real Time media content distribution Bologna buses.

I did some penetration tests on the network infrastructure, especially black box testing on mail and web servers, and on Flash applications.

Teaching assistant in the course of Computer Networks at HighTechnology Center. My work was help the students during labs withexercices and in-depth explanations about security topics relatedwith the course.

System administrator and Security Engineer- Build a secure IDS server with FreeBSD and OpenBSD;- Penetration Testing of the remotely exposed servers and the eticketapplication [https://intern.kvarteret.no/ticket/] used by allthe students(700 c.a.).Skills: *BSD, Debian, arpwatch, Snort, Postgresql, pf, OpenLDAP,Apache, Exim, BIND, MySQL, Paros, nmap, amap.

System administrator and Security EngineerHelp the Network Group to mitigate and prevent arpspoofing/sniffing into the Fantoft network, managing HP and Dlinkswitches with SNMP and implementing IDS sensors tostatically monitor the arp:IP association of main servers.Skills: OpenBSD, Snort, SnortSam, MySQL, iptables, Acid, dsniff,ettercap.

Bachelor, Information Technology

Activities and Societies: My thesis (lead by professor Babaoglu) has been focalized on research about Web Session Management: Analisi.

Erasmus, Information Technology

Activities and Societies: Develop Secure Net-based Applications - In-depth study of Security Patterns (RBAC, DMZ, I&A, front door.