Mohamed A Basset
About
Mohamed A Basset is from Mexico City, Mexico. Mohamed works in the following industries: "Computer & Network Security". Mohamed is currently Project Leader at OWASP Foundation. Mohamed also works as Founder & Chief Hacking Officer at Seekurity SA de C.V., a job Mohamed has held since Sep 2014. Another title Mohamed currently holds is CTO (Chief Technology Officer) at S3Geeks. In Mohamed's previous role as a Sr. Cyber Security Analyst at Linio, Mohamed worked in Mexico City Area, Mexico until Jul 2018. Prior to joining Linio, Mohamed was a Core Researcher at Cobalt.io and held the position of Core Researcher. Prior to that, Mohamed was a Senior Information Security Analyst at Defencely from Mar 2015 to Oct 2015. Mohamed started working as Independent Security Consultant: Vodafone Egypt Service Pentest at Vodafone Egypt in Cairo, Egypt in Jun 2014. From Nov 2013 to Mar 2014, Mohamed was Independent: Translation Supervisor at foursquare. Prior to that, Mohamed was a Founder & CTO at Spotivty from Apr 2013 to Jan 2014. Mohamed started working as Verified Translator at foursquare in Egypt in Oct 2013.
You can find Mohamed A Basset's email on finalScout.com. FinalScout is a popular professional database with more than 500 million business professionals and over 200 million company profiles.
Mohamed A Basset's current jobs
Officially an OWASP Project Leader of "QRLJacking" attack vector! [*] What is QRLJacking? QRLJacking or Quick Response Code Login Jacking is a simple social engineering attack vector capable of session hijacking affecting all applications that rely on “Login with QR code” feature as a secure way to login into accounts. In a simple way, In a nutshell victim scans the attacker’s QR code results of session hijacking. [*] QRLJacking and Advanced Real Life Attack Vectors: As we all know, If we combined more than one attack vector together we can have a great result. QRLJacking attack can be combined with a powerful attack vectors and techniques to make it more reliable and trustworthy. Here are some examples: 1. Social Engineering techniques (Targeted Attacks) 2. Highly Trusted Hacked Websites 3. SSL Stripping 4. Content Delivery Networks (CDNs Downgrading) 5. Non-secure Traffic over LAN 6. Bad Implementation / Logic [*] Vulnerable Web Applications and Services: There is a lot of well-known web applications and Services which are vulnerable to this attack till the date we wrote this paper. Here's some examples (that we have reported) including but not limited to: 1. Chat Applications: WhatsApp, WeChat, Line, Weibo, QQ Instant Messaging 2. Mailing Services: QQ Mail (Personal and Business Corporate), Yandex Mail 3. eCommerce: Alibaba, Aliexpress, Taobao, Tmall, 1688.com, Alimama, Taobao Trips 4. Online Banking: AliPay, Yandex Money, TenPay 5. Passport Services “Critical”: Yandex Passport (Yandex Mail, Yandex Money, Yandex Maps, Yandex Videos, etc...) 6. Mobile Management Software: AirDroid 7. Other Services: MyDigiPass, Zapper & Zapper WordPress Login by QR Code plugin, Trustly App, Yelophone, Alibaba Yunos [*] References: https://www.owasp.org/index.php/QRLJacking https://github.com/OWASP/QRLJacking https://github.com/OWASP/QRLJacking/wiki [*] For Suggestions and Improvements: Mohamed.Baset@OWASP.org
Seekurity SA de C.V. is a Cyber Security and Information Security consulting firm specialized in: Penetration testing (Web, Mobile, and Desktop Apps), Physical Penetration Testing, Source Code Auditing, Content Management Systems Security Testing and Hardening, Vulnerability Assessments, Security Researches, Malware analysis, Data Security (Data privacy and compliance), Incident Management, Phishing analysis, Anti-Fraud Solutions, Risk Management, OSINT (Open Source Intelligence), Onsite/Remote Corporate/Individual Social Engineering engagements, Security Monitoring, VoIP Security and Solutions We deliver a detailed, comprehensive, and customizable report at the end of each security engagement. Our reports typically include an executive summary, detailed technical findings with well-defined proof of concepts, and recommended remediation steps. We're offering Black-Box, Gray-Box, and White box Web and Mobile Applications Security Consultation, Penetration Testing, Source Code Auditing, Vulnerability Assessment, and Remediation including full detailed reports about the discovered vulnerabilities and hints about solving it. I'm leading the penetration testing team and the automation team to conduct application security penetration testing for our clients and building our own automation security solutions.
As Entrepreneurship communities and activities started to spread in Egypt, We waited so long for someone to shed some light upon upper Egypt,but in vain.so we decided to start the first of its kind event in upper Egypt interested in organizing and expanding upper Egypt youth`s activities to build up Entrepreneurship community gathering programmers,designers,developers and all the creative young people dreaming of a better upper Egypt,and hence "S3eedy Geeks" came to life. I'm the responsible for all the technology related implementation.
Mohamed A Basset's past jobs
Linio the largest online retail store in Latin America Since April 2012. Linio Mexico offers an unparalleled shopping experience with excellent customer service to generate a strong bond of trust for each of its users. This situation has been replicated in each of the Latin American countries in which it operates. Colombia, Peru, Argentina, Venezuela, Chile, Ecuador and Panama. As a part IT Security Team I was working as a Senior Information Security Analyst and was in charge of all the company's product security performing a continues penetration testing for all services (staging and live) for making sure that our web application is safe and not leaking any of our employees/clients data which is very sensitive. Also I was following up with the rest of the team to build our own access control policies, development of policies, regulations and management processes of information security focused on policy frameworks such as ISO 27001, ISO27002, PCI, LFPDPPP, SOX, evaluation of risk and risk management, incident management, computer frauds investigations, regulatory compliance as LFPDPPP, PCI-DDS, SOX and sometimes involved in Risk and Incident Management cases.
Crowdcurity is a marketplace where businesses can crowdsource security by connecting with over 2000 talented security researchers. In just a few clicks, any business can engage directly with security researchers through bug bounty programs and security audits to strengthen their application security. Pay-per-bug, not per hour.
Defencely Cloud Security Pvt. Limited is the first Indian flagship company to serve cloud based on-demand security solutions to webmasters, web app owners, network admins, online companies and internet businesses. I was working as a remote Senior Penetration Tester for testing clients websites and businesses.
I was privately contracted with Vodafone Egypt to conduct a black-box Penetration testing, discovered and delivered some critical security issues (Application and Infrastructure), and helped responsibly disclosing a final report to them.
I was selected to be the translation supervisor to do a full translation from English to Arabic for the following modules: Foursquare Core, API and Mobile version words/phrases.
I founded "Spotivty" which is a location based social network for sharing activities on live map based concept. Spotivty won the first place in Startup Weekend Assiut and me and my team got a 6 months of incubation but after that the team got some different visions and they started to work on their own projects so we discontinued working on it but the idea itself guided me through pivoting to another awesome ideas built on top of WebRTC.
Volunteer Translate Core, API and mobile version words/phrases from English to Arabic.
Translation from English to Arabic.