Mazin Ahmed

Application and Infrastructure Security Engineering

Press & Citations

[Interview] Security in Arabic - FullHunt.IO - Mazin Ahmed (سكيوريتي بالعربي) (June 22, 2024)

• https://www.youtube.com/watch?v=GshUjOW5-gw
• https://podcasts.apple.com/us/podcast/fullhunt-io-%D9%85%D8%A7%D8%B2%D9%86-%D8%A3%D8%AD%D9%85%D8%AF/id1662298463?i=1000659884117
• https://open.spotify.com/show/4SEZywCqLqOInZtVy2kqHY

OWASP AppSec Pacific Northwest Conference - Speaker Preview - Attacking GraphQL APIs - Mazin Ahmed (June 4th, 2024)

• https://www.youtube.com/watch?v=U-2BYHevnDE

BlackHat MEA: Can you bootstrap a cybersecurity startup? (October 11th, 2023)

• https://www.youtube.com/watch?v=U-2BYHevnDE

BlackHat MEA: Can you bootstrap a cybersecurity startup? (October 10th, 2023

• https://www.linkedin.com/pulse/can-you-bootstrap-cybersecurity-startup-blackhatmea/

[Interview] BlackHat MEA: Building a cybersecurity startup from scratch (October 10, 2024)

• https://insights.blackhatmea.com/how-to-build-a-cybersecurity-startup-from-scratch/

[Interview] Interview with Mazin Ahmed - Sectastic (March 22nd, 2021)

• https://www.youtube.com/watch?v=qJjERXwM5wo

[Interview] Terraform Security - The Application Security Podcast (October 7th, 2021)

• https://www.youtube.com/watch?v=jdh-yHKLAWU

[Interview] Interview with Mazin Ahmed - CyberSocial with VJ (February 9th, 2021)

• https://www.youtube.com/watch?v=QxXl6lai_rY

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON (August 10th, 2020)

• https://thehackernews.com/2020/08/zoom-software-vulnerabilities.html
• https://www.darkreading.com/application-security/zoom-vulnerabilities-demonstrated-in-def-con-talk/d/d-id/1338636
• https://www.informationsecuritybuzz.com/expert-comments/experts-insight-on-researchers-discovered-multiple-security-vulnerabilities-in-zoom/
• https://xakep.ru/2020/08/11/zoom-bugs/
• https://www.agconnect.nl/artikel/zoom-gaten-getoond-op-hackersconferentie
• https://www.anti-malware.ru/news/2020-08-10-111332/33369
• https://gbhackers.com/zoom-vulnerabilities/

[Citation] Analysis of Attacks on Content Security Policies (May 8th, 2018)

• https://elib.uni-stuttgart.de/bitstream/11682/9987/1/Bachelorarbeit%20Tobias%20Schneider.pdf

[Citation] WAFFLE - A Web Application Firewall that defies rules (August 2016)

• https://www.slideshare.net/DimitrisGkizanis/waffle-a-web-application-firewall-that-defies-rules

Web Application Firewall: a must-have security control or an outdated technology? (February 16th, 2016)

• https://www.csoonline.com/article/3032743/application-development/web-application-firewall-a-must-have-security-control-or-an-outdated-technology.html

[Interview] AMA with @mazen160 (October 9th, 2017)

• https://bugbountyforum.com/blog/ama/mazen160/

Web Application Firewall: a must-have security control or an outdated technology? (February 16th, 2016)

• https://www.csoonline.com/article/3032743/application-development/web-application-firewall-a-must-have-security-control-or-an-outdated-technology.html

Top 10 Web Hacking Techniques of 2015 (April 25th, 2016)

• https://www.helpnetsecurity.com/2016/04/25/top-10-web-hacking-techniques-2015/
• https://www.darkreading.com/endpoint/top-10-web-hacking-techniques-for-2015-/d/d-id/1325281
• https://www.techworm.net/2016/04/top-web-hacking-techniques-2015.html
• https://www.prnewswire.com/news-releases/whitehat-security-announces-the-tenth-annual-top-10-web-hacking-techniques-for-2015-300254223.html
• https://insights.samsung.com/2016/05/02/threat-watch-the-top-10-hacking-techniques-for-2015/

[Interview] Researcher Spotlight: Mazin Ahmed - Bugcrowd (November 9th, 2015)

• https://www.bugcrowd.com/blog/researcher-spotlight-mazin-ahmed/

Evading All Web-Application Firewalls XSS Filters (September 15th, 2015)

• http://www.securityweek.com/web-application-firewalls-tested-against-xss-attacks
• http://www.port80software.com/blog/2015/09/are-there-holes-in-your-web-application-firewall/
• http://www.securitylab.ru/analytics/474676.php

Fifteen Famous Bug Bounty Hunters (August 17th, 2015)

• http://resources.infosecinstitute.com/fifteen-famous-bug-bounty-hunters/

Bypassing Google Password Alert with One Line of Code (July 25th, 2015)

• http://researchbuzz.me/2015/07/27/typography-twitter-slack-more-monday-morning-buzz-july-27th-2015/
• http://bobao.360.cn/news/detail/1822.html
• http://www.itsn.ir/?p=33987

Instagram’s SSL certificate expires (April 30th, 2015)

• http://www.theregister.co.uk/2015/04/30/instagram_https_goes_titsup

W3 Total Cache Cross-Site Request Foregery CVE-2014-9414 (Dec 16 2014)

• �http://www.securityfocus.com/archive/1/534250
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9414
• http://osdir.com/ml/bugtraq.security/2014-12/msg00100.html
• https://wpvulndb.com/vulnerabilities/7717
• http://www.slideshare.net/Nilesh_logan/null-its-all-about-csrf

Instagram Account Hijacking (July 27th, 2014)

• http://thehackernews.com/2014/07/instagram-mobile-app-issue-leads-to_27.html
• http://securityaffairs.co/wordpress/27101/hacking/instagram-adroid-appflaw.html
• http://www.scmagazine.com/instagram-ios-and-android-apps-vulnerable-to-session-hijacking/article/363444/
• https://threatpost.com/facebook-plans-to-fix-instagram-mobile-session-hijack-eventually/107518
• http://www.androidpolice.com/2014/07/29/instagram-android-app-susceptible-to-session-hijacking-due-to-unencrypted-http-transfers/
• http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/instagrams-android-users-risk-having-their-accounts-hijacked-but-is-that-a-threat-to-your-business/

XSS Vulnerability Found in WikiLeaks’ Internal Search Engine (February 20th, 2014)

• http://news.softpedia.com/news/XSS-Vulnerability-Found-in-WikiLeaks-Internal-Search-Engine-428166.shtml
• http://dataprotectioncenter.com/security/xss-vulnerability-found-in-wikileaks-internal-search-engine/
• http://www.hackbusters.com/news/stories/21193-xss-vulnerability-found-in-wikileaks-internal-search-engine