David Chen
416-879-7536
SAP Canada
Dear Ms Villanueva,
I would like to join SAP’s cloud security team as a purple-team security research intern to act as a vulnerability analyst and penetration tester.
I come from a math-heavy computer science background. My niche is within low-level software and security. Many of my projects in lie within web development, machine learning and compiler development, but I have also been developing Miasmasploit in my free time - which is a web-security toolkit used for probing and attacking websites. I work best with Python for scripting and machine learning, and C++ for OOP and large-scale software development. I am also well aquainted with Java and Javascript, having developed webscrapers compatible with JRE 17 and ES5 Javascript for frontend components.
Ive been a part of the security community for two years so far, and I find myself excited about web and low-level software security. Ive attended 18 CTF competitions thus far and have had 3 top-5 placements. I tend to use Burp Suite and OWASP ZAP a lot for the recon and exploitation phases for web challenges. Additionally, I maintain a writeup blog where I document my security work and CTF solutions to mentor others in the field (https://digitalyoshixi.github.io/ctfs). I also understand how to perform a few attacks related to cloud and web security, most notably XSS, CSRF, JWT session hijacking, IAM user permissions explotation and firebase permissions explotation.
From an IT and networking standpoint, I have aquired first-hand practical experience with configuration and setup of own home-network. It is a ethernet-driven unmanaged setup where I have configured my modem, router, raspberry pi VPN, NAS and web-server to run through a Grafana management interface for monitoring. I am in the process of setting everything to run through Proxmox for virtualization of each service. I also manage a web server and test-C2 server on AWS for various projects. Additionally, my Comptia A+ certification has given me adequate skills to repair and diagnose hardware issues. I am also working through my CCNA currently which will allow me to have a much greater understanding of the theoretical aspect of networking.
I believe I can do a lot within cloud security specifically. Cloud-based software development as I understand it is much more interwoven. The security operations team tends to have close contact with the software and management team which I believe is essential to understanding its threat model. I also like that the industry is moving towards data science – where I see a lot of value in.
I would love to schedule some time to talk to you. Below I have attached my portfolio for a look into my further works.
Many thanks,