Dawid Czagan (@dawidczagan) has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, BlackBerry and other companies. Due to the severity of many bugs, he received numerous awards for his findings.
Dawid is founder and CEO at Silesia Security Lab, which delivers specialized security auditing services with a results-driven approach. He also works as Security Architect at Future Processing.
Dawid shares his bug hunting experience in his workshop entitled "Hacking web applications - case studies of award-winning bugs in Google, Yahoo, Mozilla and more". To find out about the latest in Dawid's work, you are invited to visit his blog (https://silesiasecuritylab.com/blog) and follow him on Twitter (@dawidczagan).
-
Tunneling, Crypto and VPNs
By Dawid Czagan on April 23, 2015
-
Bypassing Packet Filters with IP Fragmentation Overlapping
By Dawid Czagan on April 20, 2015
-
HTTPS and Mixed Content Vulnerability
By Dawid Czagan on January 8, 2015
-
Cookies with Secure Flag: Undesired Behavior in Modern Browsers
By Dawid Czagan on August 11, 2014
-
Effective Risk Reduction
By Dawid Czagan on May 27, 2014
-
Qualitative Risk Analysis with the DREAD Model
By Dawid Czagan on May 21, 2014
-
Cookies with HttpOnly Flag: Problem in Some Browsers
By Dawid Czagan on April 7, 2014
-
Securing Cookies with HttpOnly and secure Flags
By Dawid Czagan on March 6, 2014
-
The Importance of Session Regeneration
By Dawid Czagan on February 19, 2014
-
Session Randomness Analysis with Burp Suite Sequencer
By Dawid Czagan on January 24, 2014
-
From CSRF to Unauthorized Remote Admin Access
By Dawid Czagan on January 21, 2014
-
Non-repudiation and digital signature
By Dawid Czagan on January 9, 2014
-
Attacking LAN hosts with ARP spoofing
By Dawid Czagan on January 8, 2014
-
Fuzzing for SQL injection with Burp Suite Intruder
By Dawid Czagan on November 8, 2013
-
Quantitative Risk Analysis
By Dawid Czagan on November 4, 2013
-
Understanding Session Fixation
By Dawid Czagan on October 31, 2013
-
Symmetric and Asymmetric Encryption
By Dawid Czagan on October 23, 2013
-
CSRF Proof of Concept with OWASP ZAP
By Dawid Czagan on October 14, 2013
-
Online Dictionary Attack with Hydra
By Dawid Czagan on September 13, 2013
-
Using Hashes in Computer Security
By Dawid Czagan on September 5, 2013