AARON 
HNATIW

Senior Security Researcher

Toronto, Ontario

Profile image for Aaron Hnatiw
About:

As a Senior Security Researcher at Security Compass, Aaron Hnatiw is constantly looking into the future to find ways to secure the world of tomorrow. Whether that's through security automation, blockchain technology, or machine learning/artificial intelligence, he is always working on the leading edge of information security. He has helped secure organizations large and small as a security consultant, having worked with both fortune 100 and boutique clients. His background in the technology field has covered a wide range of roles, including system administrator, software developer, network engineer, and college professor in application security. Aaron strives to advance the field of information security and give back to the community by sharing his knowledge and research at conferences and private industry events around the world. In his spare time, Aaron enjoys writing security tools and contributing to open source software from his home in Ontario, Canada.

Areas of Expertise:
Advisory Services
  • Application Security Baseline and Framework Development
  • Software Development Life Cycle (SDLC) Gap Analysis and Best Practices
  • Security Program Management and Execution
  • Periodic Security Assessments & Delta Analysis Program
Verification Services
  • Architecture Review and Threat Modelling
  • Web Application Vulnerability Assessment
  • Desktop Application Security Assessment
  • Source Code Review
  • Vulnerability Triaging for Static and Dynamic Analysis Results
  • Network Vulnerability Assessment
  • Wireless Security Assessment
  • Distributed Denial of Service (DDoS) Advisory
  • Red Team, Blue Team & Purple Team Exercises
  • Physical Security Assessment
Industries
  • Financial Services
  • Technology
  • Retail
  • Telecom
  • Media & Entertainment
  • Manufacturing
Education:

Diploma - Computer Systems Technician with Networking
Algonquin College
Ottawa, Ontario, Canada

Diploma - Computer Programming
Georgian College
Barrie, Ontario, Canada

Publications:
  • Race the Web test
    • Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options.
      view repo watch
  • Input Field Finder view repo
    • Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) simultaneously, and then compares the responses from the server for uniqueness. Includes a number of configuration options.Spiders the domain of a single URL or a set or URLs and prints out all <input> elements found on the given domain and scheme (http/https).
  • Anchor Redirect view repo
    • This is a Google Chrome extension that exploits a flaw in JavaScript that allows anchor elements to be changed after the user clicks on them.
  • A Guide to Implementing the Top Ten Security Principles for Business read
  • Beyond the OWASP Top 10 read
  • SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability read
  • Security Training: Making Your Weakest Link the Strongest read
Events & Associations:
Back to Our People

Contact Us

You’re different, and we know it.

We are your guide to planning, assessing, and helping you build secure information systems to keep your business productive.

Contact us to find out how we can help you.

 
Mostly
Some of
 
(Choose One)
(All that apply)
Web Search
Online Ad
White Paper
Analyst Report
Trade Show
Worked With Us Elsewhere
Referral
Other

Security Compass Logo