Hassan began his career as a programmer developing enterprise software systems, during which he developed his passion for Information Security. He received his Master’s degree in Computer Science from the American University in Cairo with a thesis in the field of Secure Software Engineering. During this time he also published the research paper, Capturing Security Requirements for Software Systems.
Hassan went on to lead an application security team, performing security assessments and penetration tests for security critical applications. He has since become a security consultant and active security researcher in bug bounty programs. He was acknowledged and rewarded by severalvendors including Google, Apple, Facebook, Twitter, PayPal, eBay, AT&T, Yahoo, Oracle, GiftCards, Etsy, Groupon, Cisco Meraki and Olark.
In 2012, Hassan began teaching for SANS Institute. Hassan teaches SEC542: Web App Penetration Testing and Ethical Hacking and SEC642: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques.
What students say about this training:
“From my perspective this covered the full workflow of bug hunting. Impressive that you were able to fit it all in 2-days. This covered content relevant for bug hunters, threat hunters and developers alike. I think this course was also beneficial for any security org looking to establish internal or external bug hunting programs.”
“The content is very relevant. Much more than any other bug bounty type course I’ve taken. I love that every lesson/example are real world scenarios for us to look for. Too many courses show a couple command lines and say, “So that’s how it works.” Not good enough. This course was great.”
“I find the course valuable as I get to gain more insight into the area of bug bounties in the modern days and how could a bug bounties hunter do the preparation and also how to approach the web application to identify those bugs, especially business logic bugs. I enjoyed the case studies very much!”
“I really enjoyed the course for Hassan’s delivery method (stories tied to attacks to illustrate them in practical terms) and the labs. I’ve recently started participating in the bug bounty world, and this really helped push me in the right direction for how to approach testing. The labs having the purposeful “missteps” is also useful. I appreciate seeing what DOESN’T work and pivoting to what does!”
” This course has content that is friendly to people familiar with security concepts, but still enough new information for folks who haven’t been active in the bug finding business. It’s a good mix of reviewing basics without spending too much time, while giving time with practical tool sets and real world problems.”
“I would recommend this course as the bug bounties stories are interesting and relate well to the course content. One might be able to pick up some new knowledges and ideas on common application attacks.”
Past Trainings
- Bug Bounties and Responsible Disclosure 2022-05-09