Lazar Milic
Belgrade
Summary
Application security engineer, specializing in Web application security. Performed many application security related activities, such as regular penetration tests, source code reviews(Java, Javascript), managing the company EDR platform... Spare time CTF player and bug bounty hunter.
Overview
2
2
years of professional experience
Work History
Application security Engineer
United.Cloud
10.2022 - Current
- Part of a small team responsible for protecting the entire infrastructure, and improving pipelines and CI/CD
- Regular Web penetration tests (Eon.tv and many more internal web applications)
- Regular Android penetration tests (EON and EON connect android applications)
- Administration and analysis of Crowdstrike Falcon EDR platform
- Phishing simulations and education of teams
- Administration of the company's docker repository (Harbor).
- Regular source code reviews (Java, Python, Javascript)
System Analyst
Euronet Worldwide
05.2022 - 10.2022
Education
Bachelor of Computer Science - Computer Science
Faculty of Applied Management, Economics And Finance - MEF
Belgrade, Serbia02.2024
Skills
- Web application security
- Android security
- Crowdstrike Falcon EDR
- Python
- CI/CD
- OpenID Connect
Work accomplishments
- Helped reduce the number of docker image related vulnerabilities by over 90%
- Helped setup the Falcon EDR platform on all of the company owned servers and devices
- Built a tool in Python used to monitor for newly open ports, new web applications, and changes found on already discovered web applications.
- Discovered several critical internal tools being publicly available using the python tool mentioned above
- Integrated nuclei for monthly automated web security scanning
- Helped on improving Jenkins pipelines, and added new SAST solutions
- Found several critical vulnerabilities regarding eon.tv web platform.
Social Links
- LinkedIn - https://www.linkedin.com/in/lazar-milic-b7310819a/
- HackerOne - https://hackerone.com/jagnjilo
- TryHackMe - https://tryhackme.com/p/jagnjilo
Tools
Tools regularly used for performing Web Penetration Testing:
- Burpsuite, Caido
- Censys, Shodan (Web scraping)
- Naabu, Masscan (Port scanning)
- Fffuf, Gobuster, Httpx (endpoint discovery, status code checking)
- Subfinder, Amass, BBRF (Recon and subdomain discovery)
Timeline
Application security Engineer
United.Cloud
10.2022 - Current
System Analyst
Euronet Worldwide
05.2022 - 10.2022
Bachelor of Computer Science - Computer Science
Faculty of Applied Management, Economics And Finance - MEF
Similar Profiles
Stan TwedtStan Twedt
Heavy Equipment Operator at Big Sky Land ManagementHeavy Equipment Operator at Big Sky Land Management
Tracy WrightTracy Wright
Elementary General Music Teacher at Augusta SchoolsElementary General Music Teacher at Augusta Schools
Boris PopovBoris Popov
Waterpolo Player at PVK BečejWaterpolo Player at PVK Bečej
Jovan RalevićJovan Ralević
Information Systems Coordinator at S.P. Lasta A.D.Information Systems Coordinator at S.P. Lasta A.D.
Kenan Can YararbaşKenan Can Yararbaş
Application Security Engineer at JotFormApplication Security Engineer at JotForm