My research work
From December until May 2016,, I worked as a consultant at EBRC, in Luxembourg. Previously, I was with itrust consulting, a senior security researcher.
Prior to that, I was a research associate at the Interdisciplinary Centre for Security, Reliability and Trust, the SnT for four years.
I have a PhD degree in Computer Science from Telecom Bretagne, in Rennes, France. I started my PhD in September 2007 and I finished at the end of October 2010. I did my thesis defense in 22th of Septembre 2010.
My advisors were Prof. Yves Le Traon and Dr. Benoit Baudry.
I was a member of Serval team, which is part of the RSM teaching and research department.
My thesis subject was:
“Testing and Modeling Security Mechanisms in Web Applications”.
What is it about:
The main idea is to benefit from testing techniques and apply them and adapt them to perform security testing in web applications. It starts also from the idea that there are several existing powerful and very handy concepts from the MDE field that can be applied to security. Actually, part of my research focuses on modelling and applying model paradigms to access control policies deployment and testing.
Security cannot be limited to modelling and testing. The security community is desperately needing new tools and methods to protect against specific kinds of attacks. That is why, I am working on new approaches dealing with attacks and vulnerabilities targeting web applications.
The main fields I worked on:
- Access control policies testing in applications:
- Testing strategies and criteria
- Building fault/flaw model for access control implementation in apps.
- Regression testing of Security mechanisms testing:
* Evaluation of the robustness.
* New solutions for protecting web applications.
It is all about security, security testing and security assessment applied to web applications.
Currently, I am giving lecture on Access Control modelling and testing and Web application security testing, software testing for Master students at the university of Luxembourg.
During my PhD in Telecom Bretagne, I gave several lecture for graduate students from Telecom Bretagne and from the university of Rennes 1
October to December 2007 and 2008:
- Supervision of Software Engineering projects (3rd of advanced MS) in Telecom Bretagne in Rennes.
- Teaching courses of OO programming Java (Sockets, threads, CORBA) (3rd of advanced MS) in the university of Rennes 1.
2008 to June 2009:
I supervised a master of research internship. The student was working on application security. I was also supervising two student projects about web application security.
2010 to 2014:
- Lectures on Web app security and sofware testing for student in computer science Master.
- Lectures on Access Control Modelling for 'Master in Information Security Management' students.
- Lectures on Penetration testing for 'Master in Information Security Management' students.