Robert Gilbert

About Me

With 20+ years of experience in information security, I specialize in penetration testing, red teaming, AI security, and threat modeling. As a recognized CVE contributor and OWASP collaborator, I am dedicated to advancing secure development practices and elevating organizational security standards.

Experience

• Amazon Web Services (AWS) – Application Security Engineer (2022–Present)
• Ingram Micro – Principal Penetration Tester (2020–2022)
• Optiv Security Inc. – Senior Security Consultant (2018–2020)
• HALOCK Security Labs – Senior Consultant (2010–2018)
• Gtron Solutions – CTO / Partner (2008–2010)
• Kraft Foods – System Project Leader (1999–2008)

Random Blog Posts

• Loading blog posts...

Notable Vulnerabilities

• CVE-2021-41527: Flexera - Multi Factor Authentication (MFA) Bypass
• CVE-2021-41528: Flexera - Vulnerable Authorization Schema
• CVE-2014-4980: Parameter Tampering in Nessus Web UI - Information Disclosure
• CVE-2013-1402: DigiLIBE Management Console - Vulnerable Authentication Schema
• CVE-2012-6493: Nexpose Security Console CSRF Vulnerability
• CVE-2012-6494: Nexpose Security Console - Session Hijacking
• CVE-2012-6342: Atlassian Confluence - CSRF Vulnerabilities
• CVE-2011-5251: vBulletin - Unvalidated Redirects

Certifications

• Certified Information Systems Security Professional (CISSP)

  A globally recognized certification for information security professionals that demonstrates expertise across multiple security domains, including governance, risk management, and the CIA triad (Confidentiality, Integrity, Availability).

• Offensive Security Web Expert (OSWE)

  A hands-on certification focused on advanced web application penetration testing, requiring the ability to identify and exploit vulnerabilities in custom web applications.

• GIAC Web Application Penetration Tester (GWAPT)

  Specializes in assessing web application vulnerabilities and security, covering topics like SQL injection, cross-site scripting (XSS), and authentication flaws.

• GIAC Python Coder (GPYC)

  Demonstrates expertise in using Python for cybersecurity tasks, including automation, exploit development, and security tool creation.

• Certified Ethical Hacker (CEH)

  Validates skills in identifying, exploiting, and mitigating vulnerabilities in systems, focusing on ethical hacking techniques and methodologies.

• Microsoft Certified Professional (MCP)

  Recognizes proficiency in Microsoft technologies and solutions, showcasing expertise in implementing and managing Microsoft-based systems.

• CompTIA A+

  A foundational certification for IT professionals, covering hardware, software, troubleshooting, and basic networking concepts.

OWASP Contributions

• Execution After Redirect (EAR):

  A vulnerability where attackers exploit improper handling of redirects, allowing unauthorized actions after a redirect.

• Information Exposure Through Query Strings in URL:

  Sensitive data passed in URLs can be exposed via logs, browser history, or referrer headers, leading to potential data leaks.

• Form Action Hijacking:

  An attack where the action URL of a form is manipulated, redirecting submitted data to an attacker-controlled endpoint.

Contact

• GitHub: https://github.com/amroot/
• LinkedIn: https://www.linkedin.com/in/robertgilbert808