M.S. in Computer Science, Georgia Tech.
B.S. in Software Engineering, Drexel University
Ax Sharma is a Security Researcher, Threat Intel Analyst, and Tech Reporter who holds a passion for perpetual learning. In his spare time, he loves exploiting vulnerabilities, ethically, and educating a wide range of audiences via blogging and vlogging. He’s an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).
Ax’s expertise lies in malware analysis, vulnerability research, threat intelligence analysis, and web app security. Through responsible disclosure, he has previously exposed serious bugs and security vulnerabilities affecting national & global organisations like HM Government, Yodel, U.S. DHS, P.F. Chang’s, Planet Fitness, Comcast/Arris, Ellucian, and the popular restaurant chain, Buca di Beppo.
In early 2018, Ax helped prevent a data breach at Georgia Tech by going public with a serious flaw that was left unpatched for over a year.
To consult Ax for your next big security project or for media source requests, drop him a note here.
Ax’s hobbies include working out, reading, playing piano and developing innovative, upcoming web projects.
- Passengers couldn’t fly after NHS vaccine passport went offlineOutage lasted approximately 4 hours, causing issues with health app. Read more »
- Verizon’s Visible cell customers hacked, leading to unauthorized purchasesCompany suspects credential stuffing, but questions remain. Read more »
- “Hacker X”—the American who built a pro-Trump fake news empire—unmasks himselfHe was hired to build a fake news op but now wants to put things right. Read more »
- SSRF attacks explained and how to defend against themSSRF attack definition Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. The name itself implies that a request that should have otherwise been made by the server has been forged by the attacker.SSRF attacks are far more dangerous than cross-site request… Read more »
- Java deserialization vulnerabilities explained and how to defend against themThe Java programming language offers a seamless and elegant way to store and retrieve data. However, without proper input validation and safeguards in place, your application can be vulnerable to unsafe deserialization vulnerabilities.In a best-case scenario, deserialization vulnerabilities may simply cause data corruption or application crashes, leading to a denial… Read more »
- Securing CI/CD pipelines: 6 best practicesRecent cyberattacks leveraging weaknesses in continuous integration/continuous delivery (CI/CD) pipelines and developer tooling warrant a need for increased security of the developer infrastructure. Prominently, the Codecov supply-chain attack has alerted everyone against storing secrets in CI/CD environment variables, no matter how safe the environment might be.To read this article in… Read more »
- 5 ways cybersecurity awareness trainings can strengthen your organizationAccording to an InfoScales report, 95% of successful cyberattacks have human error as the leading cause – most notably company employees falling for phishing scams. This is an important observation as cybersecurity efforts often intuitively focus largely on strengthening the technical controls in an organization to prevent data leakage, willful… Read more »
- 5 practical ways your organization can benefit from DevSecOpsIt’s right there in the moniker: DevSecOps , a portmanteau of Development, Security and Operations, implies introducing security early on – as a part of a comprehensive, agile Software Development Life Cycle (SDLC) used by your organization, rather than doing so iteratively or waiting until after a release.Given how security… Read more »
- Is our obsession with regulation killing the web?Anybody who’s been paying attention has noticed just how much the internet has changed within the last 10 years.From the humble looks of Google’s homepage to the vast existence old-school message boards and a virtually irrelevant “social” media, the internet largely felt like an accessory, a toy you could play… Read more »