Adam Strickland (adamstrickland97@gmail.com)
Technical problem solver with expertise in web and native app security and networking protocols. Technologies I know:
- Applied cryptography, for example JWTs
- Authentication systems and chains of trust, for example OAuth 2.0, OIDC and FIDO/WebAuthn
- Cross-Site request forgery (CSRF) protection
- RESTful web services and HTTP
- Session management using cookies, tokens, or certificates
I like to say that if it uses HTTP, I can hack it! I can quickly examine a network trace (for example, using Burp Suite) and understand how a web or native application ticks.
- Demonstrated how to sign Elliptic-Curve JWTs with the openssl CLI
- Contributed JWT authentication functionality to an Openid Connect library
- Contributed to a FIDO/WebAuthn library that bridges OpenSSH with Windows Hello
- Identified a broken authentication issue in one of my company's integrations. I used my knowledge of crpytography to exploit an encryption system
- Updated the Swagger/OpenAPI spec for the CDS Hooks REST API
- Implemented an example CDS Hooks service for my company's use in demos (hosted in pipedream)
- Identified a login CSRF attack at my company, and prevented us from pushing the code to production
- Added a CSRF protection example to an Openid Connect Library after a throrough conversation with library maintainers on the scope of CSRF attacks against the library
- Discovered and fixed an issue with an Openid Connect library, where sessions didn't work embedded in an iframe
- Added testing for a feature of the express-session library