I'm an independent information security researcher and consultant that helps people to identify web vulnerabilities, especially Cross-Site Scripting (XSS), the most common and dangerous security flaw of the web. With 10+ years of experience in the information security field, I have developed a deep knowledge and passion for XSS and security evasions, which I share online and offline with the information security community.
I am the founder and developer of KNOXSS, an online tool that automates XSS detection and proof. It has helped thousands of pentesters and bug hunters to find and exploit XSS vulnerabilities in live websites, including Big Tech ones like Oracle, Uber, Samsung, Apple, Amazon and Microsoft. I also publish research, content, and resources on XSS and security evasions, such as my blog, my booklet, and my talks at DEFCON and other events. My goal is to raise awareness and educate about the importance and impact of XSS and security evasions, contributing to a more secure and resilient web.
