Intervenant

Maxence graduated from a French engineering school in Computer Science and Software Engineering and always had an interest in the security field. His professional experience began with managing Identity and Access Management topics in a large French IT consulting company. His skillset also evolved further through participating in bug bounty and Capture the Flag (CTF) competitions. Later, he worked to define security best practices in all phases of the application lifecycle, ranging from initial requirements to the application end of life (i.e., Security by Design). He has been involved in all the different aspects of projects - from security design reviews, to patching policy, covering development practices, as well as systems hardening (Kubernetes, Docker, Kafka, etc.). He also worked in the offensive side of a Computer Emergency Response Team (CERT). It allowed him to focus on his preferred disciplines : penetration testing and red teaming.

He is now a Senior Application Security Engineer at Doyensec reviewing source code and finding vulnerabilities in well-known products (web app, mobile app, desktop app, …).

maxenceschmitt

---

11/10/2024 : Exploiting Client-Side Path Traversal. CSRF is Dead, Long Live CSRF