Ahmed Hassan

Cyber Security Consultant & Penetration Tester at Condignum, Austria

Session Title: API Security/Web Security - how it can affect an Organization and possibly damage your Business ?

Here are some speech topics related to API security and web security and how they can affect a business:
1. The Importance of API Security: Exploring the Risks and Consequences for Businesses
2. Protecting Your Business from Cyber Threats: Best Practices for Securing Your APIs and Web Applications
3. I can provide examples of Common Vulnerabilities and Exposures (CVEs) that I discovered while conducting penetration testing on an API. These CVEs could include security weaknesses such as SQL injection, cross-site scripting (XSS), or authentication flaws. By sharing these examples, I can highlight the importance of securing APIs and the potential risks that businesses face if they do not take adequate measures to protect their APIs from attacks.
4. Building a Secure Web Environment: A Guide to Identifying and Mitigating Vulnerabilities in Your Web Infrastructure
5. The Role of Regulations in Web Security: Navigating Compliance Requirements and Minimizing Legal Liabilities
6. Investing in Cybersecurity: The Business Case for Prioritizing API and Web Security
7. Beyond the Firewall: How to Build a Comprehensive Security Strategy for Your Web Infrastructure
8. Securing the Future: Anticipating and Preparing for Emerging Threats in the Web Environment.

BIO

Previously, he worked as an IT Security Engineer and as a Penetration tester in other companies. Moreover, he has a lot of Cyber Security & Penetration Testing Certifications and countless accepted Vulnerabilities from worldwide Companies.

CVEs identified

He detected with the Support of Josef Hassan many CVEs. Some examples are written down below. 18x CVEs are already published:

 CVE-2023-0564

 CVE-2023-0565

 CVE-2023-0566

 CVE-2023-0572

 CVE-2023-0794

 CVE-2023-0793

 CVE-2023-0792

 CVE-2023-0790

 CVE-2023-0789

 CVE-2023-0788

 CVE-2023-0786

 CVE-2023-1116

He is a certified EC-Council Instructor, and he gave many courses in onsite as online in the UK, Saudi Arabia (Government), Netherlands and many more.

Experience:

Ahmed Hassan worked on the following Points:

 Conducting IT audits (ITGC audits) as part of annual audits

 Planning and implementation of technical security checks (vulnerability analyses, penetration tests) at different levels (infrastructure, web applications, applications)

 PCI-DSS Implementation and Improvement for safe Payment Steps for banks or Collaborators with these banks

 Planning and implementation of IT vulnerability analyzes (penetration tests) of various IT network infrastructures, websites, and web shops

 Advice for IT departments regarding IT security technologies to improve general IT security and support for security awareness training and cyber security simulations

Incidentally, Ahmed Hassan deals with the identification of vulnerabilities (e.g. CVE-2023-0564) on websites and programs of various organizations and governments (bug bounty programs). He has already reported several vulnerabilities, including at Huawei, UK Ministry of Defense, NASA, US Department of State, EU-CERT, SAP, Siemens, Nokia, Singapore Government, Indian Government, MTN, UK-Government, stkrr.nl, Scottish Government lufa, Lego, University of Texas of Austin and more.

Hall of Fame for example from BOSCH and United Nations:

As mentioned above I have identified several further Vulnerabilities in worldwide and huge Companies/Governments.

 https://psirt.bosch.com/hall-of-fame/websites-hall-of-fame.html (search for Ahmed Hassan)

 https://unite.un.org/content/hall-fame/list (search for Ahmed Hassan)

IT-Security Certifications:

 Offensive Security Certified Professional (OSCP)

 Cerified EC-Council Instructor (CEI)

 PCI-DSS Implementer -> for specifically the Bank Area

 Certified Ethical Hacker (CEH)

 eLearn Security Junior Penetration Tester (eJPT)

 eLearn Security Professional Penetration Tester (eCPPT)

 eLearn Security Web application Penetration Tester (eWPT)

 eLearn Security Web Application Penetration Tester Extreme (eWPTX)

 eLearn Security Mobile Penetration Tester (eMAPT)

 eLearn Security Certified Penetration Tester eXtreme (eCPTX)

 Cyber Security Foundation (CSFPC)

 Certified Network Security Specialist (CNNS)

 Certified AppSec Practitioner (CAP)

 CyberSAFE CBS-410 Instructor

Education:

 Bachelorstudium „Informatik/Web-Development“

Languages

German, Englisch, Arabic, French