ivan markovic security net biz logo

Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web applications and services. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public appreciations by Microsoft Company.

Contact via Linkedin.


Services: Ethical hacking, Hands-on training, Vulnerability research
Tool: WMAT - Web Mail Auth Tool, WMAT Readme, included on BackTrack 4 / 2009
Tool: DFF (Default files and folders) Scanner, DFF Readme, included on BackTrack 4 and OWASP Phoenix tools / 2009
Research: Http Parameter Contamination (HPC attack), new attack vector, EXPLOIT DB / 2011
Research: Overview of Serbian banks security vulnerabilities, test in 10 min. with internet browser only for 3 years in a row / 2011
Research: Serbian banks owned by public documents, brief research whitepaper that describe security risks in informations that can be found in document properties and document headers. / 2011
Award: Security Researcher Acknowledgments for Microsoft Online Services (September 2008, February 2009, March 2009, May 2009, September 2010, January 2011, August 2012)
Project: War Game @ Balkan Computer Congress / 2013
Project: Hack The Gate @ Microsoft Sinergija Conference / 2010
Project: Security News Feed / ZASTITA / 2008
Project: Hack The Gate @ Microsoft Sinergija Conference / 2008
Project: PHP Security Info / Simulation of phpinfo() function for security features / 2006
Speaking/Training: 36th INTERNATIONAL PROTECTION AND SAFETY FAIR / 2008
Speaking/Training: Network Security Solutions d.o.o. / Hand on Web Hacking / 2009
Speaking/Training: DevProTalk Security Day / Web application security - Exotic threats / 2009
Speaking/Training: Microsoft Sinergija / Attacking Windows and Web Applications / 2009
Speaking/Training: Microsoft Security for Developers praktikum / 2010
Speaking/Training: Microsoft MSFORGE / 2010
Speaking/Training: E-Trgovina / Vas e-commerce portal, forma za pretragu i osvrt na bezbednost / 2010
Speaking/Training: eTALK / e-Trgovina i osvrt na bezbednost / 2010
Speaking/Training: RISK / Top Ten Web Hacking Techniques of 2010 / 2011
Speaking/Training: Info Security Day / (Ne)Bezbednost banaka u Srbiji / 2011
Speaking/Training: Krojac Open Day / Web security for developers / 2011
Speaking/Training: OWASP Evening #1 Serbia / OWASP Tools / 2012
Speaking/Training: Z-Dan (The Zeitgeist Movement) / Internet pretnje / 2012
Speaking/Training: Security Awareness / Septia Academy / 2012
Speaking/Training: Web application security – high tech threats / Business Academy / 2012
Speaking/Training: Top web hacking techniques in 2012 / Business Academy / 2012
Speaking/Training: OWASP A4 A8 A9 A10 / ETF / 2013
Speaking/Training: BISEC / Demonstration / Pronalaženje i eksploatacija online ranjivosti / 2013
Speaking/Training: Balcan Computer Congress (BalCCon 2k13) / Hand's on Web Hacking / 2013
Advisory: dotCMS Multiple Cross-Site Scripting Vulnerabilities / 2013
Advisory: Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting / 2012
Advisory: IT Dashboard "value" Cross-Site Scripting Vulnerability / 2011
Advisory: UltraVNC Viewer Insecure Library Loading Vulnerability / 2010
Advisory: GetSimple CMS Multiple Cross-Site Scripting Vulnerabilities / 2010
Advisory: Elastix "id_nodo" Local File Inclusion Vulnerability / 2010
Advisory: Huawei HG510 Security Bypass and Cross-Site Request Forgery Vulnerabilities / 2010
Advisory: Axon Virtual PBX Multiple Vulnerabilities / 2009
Advisory: Exponent CMS Multiple Vulnerabilities / 2009
Advisory: ESET Remote Administrator Script Insertion Vulnerability / 2009
Advisory: Vivvo CMS "404 Page Not Found" Cross-Site Scripting Vulnerability / 2009
Advisory: Kerio MailServer WebMail Cross-Site Scripting Vulnerabilities / 2008
Advisory: SquirrelMail Malformed HTML Mail Message Script Insertion / 2008
Advisory: Link CMS Cross-Site Scripting and SQL Injection / 2006
Advisory: emuCMS "query" and "page" Cross-Site Scripting Vulnerabilities / 2006
Advisory: vtiger CRM Multiple Vulnerabilities / 2006
Advisory: SD Studio CMS SQL Injection Vulnerabilities / 2006
Advisory: sNews "search_query" Cross-Site Scripting Vulnerability / 2006
Papers: "Race Condition" i web tehnologije / Nove Tehnologije / 2006
Papers: Zlatni Web rudnik / E-Magazin / 2006
Volunteer Experience: NGO (Alternative spontaneous guerilla projects in area of global education and humanity) / 2008