WEB 2.0 SECURITY AND PRIVACY 2015 WORKSHOP CALL FOR PAPERS

About

My name is Szymon Gruszecki
I'm security pentester (particularly interested in Web apps).
Contact clues: {'dot', 'Szymon', 'dot', 'at', 'gmail' ,'com', 'Gruszecki'}


Bug (bounty) hunting

I'm seriously involved in two bug bounty programs that reward security pentesters for finding and disclosing vulnerabilities in company web properties:
Also take part in other bug bounties from: CCBill (temporarily placed on hold at this moment), Piwik, PayPal, Etsy


Shirts collection 'xssed'

In summer 2010 I hit on a crazy idea to verify if corporate websites of largest software companies (according to Forbes 2010 Global 2000 rank) are vulnerable to my favourite, good old Cross-Site Scripting. Once again I had a chance to see that this kind of vulnerability is commonly underestimated.

Security teams of these companies have donated me shirts with corporate logotypes... proofs of my findings. The photo gallery of my collection is below (thumbnails of shirts and enlarged logotypes located on them).

I would like to thank all employees of these corporations who have helped me to get shirts, I'm grateful for your efforts!

1. IBM
2. Microsoft
3. Oracle
4. Google
5. SAP
6. Accenture
7. Computer Sciences Corporation
8. Yahoo
9. Tata Consultancy Services
10. CA