sponsors

An open API service aggregating public data about GitHub Sponsors.

kravietz

View JSON Representation

Information security, DevOps and DevSecOps professional from Poland living in the UK

Funding Links: https://github.com/sponsors/kravietz

GitHub Sponsors Profile

Hello, I'm Paweł Krawczyk, an information security professional with 20+ years of experience, our information security consultancy and I do a broad range of application and infrastructure security services.

Penetration testing of systems of any complexity, from a single-layered websites to multi-tier applications incorporating multi-tier web architectures and physical devices. We tested for major investments banks in the UK, electric grid operators, physical access controls management vendor and dozens of other companies globally.
Threat modeling and security design including data flows, trust boundaries, qualitative and quantitative risk assessment and standardised catalogue of safeguards for use by our clients' architects. We use and contribute to major industry standards such as OWASP ASVS.
Continuous vulnerability assessment of infrastructure and business applications. We have vast experience with designing and deploying DAST, SAST and IAST solutions directly into your Continuous Integration pipeline running along with functional testing. We work with all major CI/CD platforms including Jenkins, Buildbot, GitLab, Travis, BitBucket etc.
Software security scanners consulting and evaluation allowing you to find the best DAST, SAST and IAST solution at the best price and ensuring it will be not only tightly integrated with your existing pipeline but also produce the best possible results for your development language and framework of choice. We have hands-on experience with products such as CheckMarx, Contrast, HP Fortify, RIPS, Nessus as well as broad range of open-source tools such as SpotBugs, Bandit, Brakeman and others.
Protective monitoring solutions including network level probes (Snort, Suricata) as well as host-level log analysis and intrusion detection systems based on Wazuh (OSSEC) to which we frequently contribute. We deploy protective monitoring infrastructure to systems composed of thousands of servers in AWS cloud and on-premise environments, including data analysis (ELK), instant alerting (Slack, PagerDuty) as well as design of incident response procedures.
Systems hardening and security control enforcement. We use and contribute to a number of industry standards such as InSpec and we support all major configuration management systems such as Ansible, Puppet and Salt, on Linux, FreeBSD and Solaris.

Contact details on https://krvtz.net/pages/contact.html

Featured Works

kravietz/poppassd-ceti

POP3 password change daemon

Language: C - Stars: 4
dev-sec/ansible-collection-hardening

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL

Language: Jinja - Stars: 4077
kravietz/blacklist-scripts

Various IP blacklisting scripts for Linux and OpenWRT

Language: Shell - Stars: 119
kravietz/pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol d…

Language: C - Stars: 132

Sponsorships

Active Sponsorships
Past Sponsorships
View All

Sponsorship Breakdown by Kind