Jessica breaks websites. She aspires to break more websites. Having spent the past five years performing penetration tests throughout the United States and Europe, she now works for TrustedSec as a Security Consultant, specializing in Application Security. Her areas of expertise include APIs and Web Services, Mobile Application Security, Source Code Review, and Desktop Environment Breakouts
Education & Certifications
King’s College London, London, United Kingdom
Awards: Pentest Ninja (2016), Women’s Society of Cyberjutsu, Arlington, Virginia Ada Lovelace Student Prize (2015)
Recent Blog Posts
A security researcher (Joel Noguera @niemand_sec) discovered a ‘critical’ misconfiguration bug in Spring Data’s Application Level Profile Semantics (ALPS). This bug allows unauthenticated users to perform an Application Programming Interface (API) request, which responds with sensitive user data that can be utilized, manipulated, or even deleted. What is ALPS? “ALPS [is] a data format for defining...
The main advantage of utilizing serverless architecture, such as Amazon Web Services (AWS), is that it is a great way to build applications without having to manage the infrastructure. The provider will provision, scale, and maintain the servers to run applications, databases, and storage systems. Naturally, this offloads the risk of server-side insecurities to the...