About
I previously served as the Head of Global Cyber Security for Ubisoft, where I led all…
Articles by Jason
-
Discussing CISO concerns with Motorola mobility CISO Richard Rushing
Discussing CISO concerns with Motorola mobility CISO Richard Rushing
By Jason Haddix
-
Discussing CISO concerns with Zephyr Health CISO Kim Green
Discussing CISO concerns with Zephyr Health CISO Kim Green
By Jason Haddix
Activity
-
A great FREE initiative from The SecOps Group I highly recommend checking it out and sharing!
A great FREE initiative from The SecOps Group I highly recommend checking it out and sharing!
Shared by Jason Haddix
-
𝗜 𝗮𝗺 𝗻𝗼𝘄 𝗮 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗲𝗱 𝗔𝗜/𝗠𝗟 𝗵𝗮𝗰𝗸𝗲𝗿 😈 🙌 After my last post with my thoughts on deficiencies of the certification industry…
𝗜 𝗮𝗺 𝗻𝗼𝘄 𝗮 𝗰𝗲𝗿𝘁𝗶𝗳𝗶𝗲𝗱 𝗔𝗜/𝗠𝗟 𝗵𝗮𝗰𝗸𝗲𝗿 😈 🙌 After my last post with my thoughts on deficiencies of the certification industry…
Shared by Jason Haddix
Experience
Volunteer Experience
-
Charity Bug Hunter
Bugcrowd Inc
Through BugCrowd's organization I have competed in several events to help security test charity websites for vulnerabilities. I enjoy donating my time and skills to these organizations, especially the one's that aim to help kids.
In 2013 all charity researchers were ranked by impact and number of vulnerabilities found for charity organizations. I placed 3rd on that list 5,000 researchers.
Publications
-
(Citation) Instant Burp Suite Starter
Packt
Cited for presentation and research on extending Burp Suite tool.
-
(Interview) Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Ethical Hacker Online Magazine
-
(Review) eLearnSecurity’s Penetration Testing Pro Course
Ethical Hacker Online Magazine
-
(Review) Strategic Security Advanced Penetration Testing Course
Ethical Hacker Online Magazine
Courses
-
Carnegie Mellon - SEI Malware Analysis
-
-
Certified Ethical Hacker
-
-
Offensive Security - 101
-
-
OpenSecurityTraining.info - Android Forensics
-
-
SANS - GPEN, Penetration Testing
Certified
-
SANS - GSEC, Security Essentials
Certified
-
SANS - GWAPT, Web Application Penetration Testing
Certified
-
SecurityTube - iOS Security Expert
-
-
Strategic Security - Advanced Penetration Testing
Certified
-
Strategic Security - Mobile Application Penetration Testing
Certified
-
Strategic Security - Web Application Penetration Testing
Certified
-
Web Application Hacker's Handbook Live
Certified
-
WireShark University
-
-
eLearnSecurity - Penetration Testing Proffessional
Certified
-
eLearnSecurity - Web Application Penetration Testing Proffessional
-
Projects
-
Project Leader: OWASP Mobile Top Ten Risks
I currently work with Jack Mannino and other highly gifted mobile application auditors to to refresh the OWASP Mobile Security Project and the OWASP Mobile Top Ten Vulnerability listing. This entails describing, categorizing, rating, and contributing/reviewing statistics of the most current and prevalent mobile security issues in today's mobile application world.
-
Contributor: OWASP iOS Testing CheatSheet
This cheat sheet provides a checklist of tasks to be performed when testing an iOS application and a collection of tools known to aid iOS auditors.
-
Co-Leader: SecLists Project
The SecLists project is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
Other creatorsSee project -
Open Penetration Testing Bookmarks Project
The Open Penetration Testing Bookmarks Collection is just that, a collection of handy bookmarks I initially collected that aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research.
-
Nmap (HTTP Enummeration Module)
Helped create fingerprints for the HTTPEnum module of the Nmap Scripting Engine. This module fingerprints web servers and identifies known security vulnerabilities of commonly used web platforms.
-
Nessus Parsers
Created a series of Nessus scripts (before the tooling was inter-operable with nmap and metasploit) to identify several reliable vulnerabilities and output them to a format to be consumed by other pentesting tools.
-
Pentester Scripting Portal
-
A group effort by some skilled penetration testers to open-source scripts that automate parts of certain pentests.
-
ShellPhish Member
-
I am honorary member of UCSB Hacking group named ShellPhish. I have been competing with them for 3 years during the qualifier rounds for the Defcon CTF. I organize the contribution of HP/Fortify's staff to augment their already stellar security group. We have qualified for the Defcon Finals 3 years in a row. We also competed in several other CTF competitions (Mozilla - 5th place, Stripe - completed, etc).
Honors & Awards
-
Awards:
-
Best Technical Solution - HP Fortify (2013)
Awarded for reducing time to completion on mobile assessment services by developing a binary analysis tool-set that aided testers.
PayPal Security Bug Bounty Hall of Fame (2013)
Best Public Presenter - HP Fortify (2012) -
Honors:
-
Ranked #1 Security Researcher - BugCrowd (2014)
Ranked Top Ten Security Researcher - BugCrowd (2013)
Participated in several bug bounty programs. Placed in the top ten of over 5,000 application security researchers for quality and number of security findings. Final position for 2013 - 4th place.
PayPal Security Bug Bounty Hall of Fame (2013)
Responsibly disclosed vulnerabilities for web domains. -
Speaking:
-
I have been privileged to speak at over a hundred security and technology conferences worldwide. This includes such prestigious conferences as DEF CON, BlackHat, OWASP, SANS, IANS, B-Sides, Rootcon, ISC2, Toorcon, NullCon, NahamCon, LevelUp, HouSecCon, H@cktivityCon, and more. In addition I have keynoted numerous smaller internal security conferences for clients.
Recommendations received
19 people have recommended Jason
Join now to viewOther similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Jason Haddix in United States
-
Jason Haddix
Behavioral Health Specialist at Eating Recovery Center
-
Jason Haddix
Chief Plant Operator
-
Jason Haddix
IT Specialist at DoD
-
Jason Haddix
Former United States Navy Boatswain Mate | Current Business Major @ East Tennessee State University | Aspiring for a position in Sales, Management, Supply Chain, or Marketing.
10 others named Jason Haddix in United States are on LinkedIn
See others named Jason Haddix