Ali Akhavani

Ali Akhavani

PhD Candidate

Northeastern University

Boston, MA

About Me

I am a Ph.D. candidate at Northeastern University, serving as a Research Assistant at Secure Systems Lab (SecLab) under supervision of Professor Engin Kirda. My research focuses on Web Security and Privacy, specifically on request smuggling and bypassing Web Application Firewalls (WAFs) through HTTP request mutations using fuzzing techniques. My past work includes analyzing browser fingerprinting and enhancing user privacy by limiting data shared through cookie syncing between ad exchanges. Additionally, I have experience in analyzing open-source software vulnerabilities and trends.

Beyond research, I bring four years of industry experience as a DevOps and Software Engineer, and I co-founded a startup during my undergraduate studies, building a strong foundation in technical problem-solving and agile development in different teams.

Interests
  • Web Security and Privacy
  • Web Application Firewalls
  • Request Smuggling
  • Browser Security
  • Ad Retargeting
  • DevOps
Education
  • PhD in Computer Science, (2019 - present)

    Northeastern University

  • BSc in Computer Engineering, (2014 - 2019)

    University of Tehran

Experience

Work and Research Experience

 
 
 
 
 
Systems Security Lab (SecLab)
Research Assistant
Sep 2019 – Present Boston, MA

Responsibilities include:

  • Developing and implementing automated fuzzing techniques to mutate and smuggle HTTP requests, effectively bypassing Web Application Firewalls (WAFs). (Node.js, Golang, Python, PHP, Amazon AWS, Microsoft Azure, Google Cloud, Docker)
  • Enhancing User Privacy Using Automatic Isolated Profiles in Browsers by adding an extra layer of security to browsers to prevent re-targeted ads from being displayed which use cookie syncing methods. (PriveShield)
  • Conducting research on browser fingerprinting and implementing cookie syncing prevention measures to enhance user privacy and limit data sharing with ad exchanges to prevent re-targeted ads.
  • Analyzing open source software vulnerability trends by examining Common Vulnerabilities and Exposures (CVEs) and Common Weakness Enumerations (CWEs), identifying patterns that inform security practices.
  • Leading and participating in Capture The Flag (CTF) training sessions and organizing web security paper discussion groups to advance technical knowledge within our group.
 
 
 
 
 
TAPSI
Software Engineer
Jun 2017 – Aug 2019 Tehran

Tapsi is a ride-sharing platform, similar to Uber, serving millions of users daily. I began as an intern, transitioned to a full-time role, and was later promoted to senior level. My contributions spanned DevOps and Software Development, including:

  • Infrastructure Design: Co-designed the infrastructure for a large-scale project with over 20 microservices, collaborating across multiple teams.
  • Performance Optimization: Enhanced product performance, boosting concurrent rides by 300% from 5k to over 25k.
  • Response Time Reduction: Cut web application response times by 50% through optimized inter-service communication, using message queues, pub-sub systems, and stateless HTTP messaging (RabbitMQ, Redis).
  • Deployment Automation & Containerization: Automated deployments and containerized the extensive codebase (Docker, Docker Swarm, Kubernetes, Salt, GitLab CI).
  • Incident Management: Led the response to a hacking incident, detecting the attack, securing systems, repairing damages, and establishing preventive security protocols.
  • Logging & Monitoring: Designed a comprehensive log and monitoring system for microservices (Elasticsearch, Prometheus, Grafana).
  • Data Management: Implemented robust data storage, caching, replication, and object storage solutions (Redis, MongoDB, PostgreSQL, MinIO).
  • Load Balancing: Configured load balancing to support millions of concurrent requests (Nginx, Traefik).
  • Feature Development: Developed key web application features including user management, media services and a dynamic pricing model that adjusts based on real-time ride supply and demand analytics (Node.js, Python).
 
 
 
 
 
Lambede
Co-Founder and Software Engineer
Jul 2016 – Aug 2017 Tehran
A platform similar to Task Rabbit, Lambede connected people seeking services with skilled experts. Conceived as a startup idea during my undergraduate studies, my friend and I developed and launched the entire application from the ground up and dealing with all design and development (Node.js, MongoDB, HTML, CSS).
 
 
 
 
 
Tandori
Software Engineer
Sep 2016 – May 2016 Tehran
My first freelance project, Tandori has grown into a successful cooking education and social media platform with a strong user base. I designed and developed the entire web application. (Node.js, MongoDB, PostgreSQL).
 
 
 
 
 
Datanik
Software Engineer
Sep 2014 – Aug 2015 Tehran

Contributed to the development of an innovative platform that utilizes movie clips to teach users new languages. My responsibilities included:

  • Analyzing language difficulty through text mining of movie subtitles (Python).
  • Full-stack website development (Django, HTML, CSS, JavaScript, Bootstrap, MySQL).
  • Implementing video streaming functionality for the application (JavaScript).

Publications

(2024). Open Source, Open Threats? Investigating Security Challenges in Open-Source Software. submitted to WWW 2025.

(2024). The Browsers’ Blindspot: An Analysis of Modern Browsers’ Checks Against Hijacked Certificates. submitted to WWW 2025.

(2024). WAFFLED: Leveraging Parsing Discrepancies to Bypass Web Application Firewalls. submitted to USENIX 2025.

(2024). PriveShield: Enhancing User Privacy Using Automatic Isolated Profiles in Browsers. submitted to Elsevier Computer & Security.

(2021). Browserprint: An Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy. ISC 2021.

PDF Code Slides Cite

(2021). Internet Regulation vs. Freedom of Speech: A Cyberlaw Case Study of Section 230. SSRN.

PDF DOI

Computer Skills

Programming Languages & Frameworks

  • Experienced in C, C++, Python, Node.js, Flask, Javascript
  • Familiar with Java, R, Ruby on Rails, Django, PHP, D3.js

Tools and Services

  • Experienced in Amazon AWS, Docker, Docker Swarm, Linux, Redis, Google Cloud, Microsoft Azure, Rabbitmq, Nginx, PostgreSQL, Mongodb, Selenium, Traefik, MinIO, Salt, Prometheus, Grafana, Elastic, VMware, VSphere, Git, Raspberry Pi, GDB
  • Familiar with Kubernetes, Kafka, Ansible, Memcached

Honors and Awards

  • Blackhat USA Student Scholarship (2022 & 2023 & 2024)
  • Best Undergraduate Thesis Project Award (2018)

    BSc Thesis “Constructing and Analyzing Bitcoin Transaction Graph”. Extracting transaction data from different cryptocurrency blockchains and analyzing cryptocurrencies’ transaction graph. (Bitcoin and Ethereum)

  • ACM Student Chapter Excellence Award (2016)

Teaching Experience

Teaching Assistant

  • Software Vulnerabilities and Security - 2022 & 2023 - Northeastern University
  • Network Security - 2018 - University of Tehran
  • Operating Systems - 2018 - University of Tehran
  • Internet Engineering - 2018 - University of Tehran
  • Software Engineering - 2018 - University of Tehran

Coding Mentor

  • Web Development Instructor - Jul-Oct 2017 - University of Tehran.
    • Teaching Node.js, HTML, and CSS to new computer engineering students in ACM Summer of Code event.

Volunteer Experience

  • Event Organizer at UTsec CTF Workshop and Contest - University of Tehran - Feb 2016
    • Organizing a CTF contest and security workshop with topics related to Web Exploitation, Forensics, Reverse Engineering, and other cybersecurity materials.
  • Executive Editor F1 Scientific Magazine - University of Tehran - Jul-Sept 2015
  • ‌Board Member of ACM Student Chapter - University of Tehran - 2015-2017
    • Organizing coding contests, talks, workshops, and classes.

Hobbies

  • I enjoy playing sports such as Snowboarding, Tennis, and Swimming.

  • I also love watching Soccer, the real football! I am a big fan of Juventus in Serie A, but I also watch English Premier League and follow Manchester United as well.

  • I build random DIY tech stuff using Raspberry Pi. So far, I have built a modern NFC record player and also have a home lab setup.

  • I love solving Rubik Cubes casually, the most challenging one that I have solved is 5x5x5.

  • I’ve been challenging myself to learn piano recently, let’s see how it goes.