Ali Akhavani

Ali Akhavani

PhD Candidate

Northeastern University

Boston, MA

About Me

I am a Ph.D. candidate at Northeastern University working as a Research Assistant at Secure Systems Lab (SecLab) under supervision of Professor Engin Kirda. My research is currently focused on Web Security and Privacy and I am working on finding methods to bypass Web Application Firewalls (WAFs) by mutating HTTP requests using fuzzing approaches. I have previously worked on browser fingerprinting, and preserving user privacy by limiting the data shared between ad exchanges by adding security layers to the browsers.

Besides research, I have around 4 years of work experience in the industry as a DevOps and Software Engineer which helped me improve my technical skills by working in agile teams with lots of technical challenges to explore.

Interests
  • Web Security and Privacy
  • Web Application Firewalls
  • Browser Security and Web Tracking
  • DevOps
Education

  • PhD in Computer Science, (2019-present)

    Northeastern University

  • BSc in Computer Engineering, (2014-2019)

    University of Tehran

Experience

Work and Research Experience

 
 
 
 
 
Systems Security Lab (SecLab)
Research Assistant
Systems Security Lab (SecLab)
Sep 2019 – Present Boston, MA

Responsibilities include:

  • Using automated fuzzing approaches to mutate HTTP requests and bypass web application firewalls. (WAF)
  • Enhancing User Privacy Using Automatic Isolated Profiles in Browsers by adding an extra layer of security to browsers to prevent re-targeted ads from being displayed which use cookie syncing methods. (PriveShield)
  • Analysis of the Impact of Browser Features on Browser Fingerprinting and generating a public list of browser fingerprinting APIs. (Browserprint)
  • Organizing and participating in voluntary CTF training groups and web security paper readings.
 
 
 
 
 
TAPSI
Software Engineer
TAPSI
Jun 2017 – Aug 2019 Tehran

Tapsi is a private-cab e-hailing and ride-sharing platform equivalent to Uber which is used by millions of users daily. I started there as intern, then was offered a full-time job, and was promoted to senior level later. My contributions were focused on DevOps projects and Software Development including:

  • Co-designed the base infrastructure of a project with more than 20 micro-services. This needed communication between multiple teams.
  • Improved the product’s performance and number of concurrent rides by 300%. From 5k online rides to more than 20k)
  • Reduced web application’s response time by 50% by optimizing inter-service communication between micro-services. Setting up message queues, pub-sub, and stateless http messaging. (Rabbitmq, Redis)
  • Deployment automation and containerization of the products’ huge code base. (Docker, Docker Swarm (formerly), Kubernetes, Salt, Gitlab CI).
  • Setting up VMware ESXi on company’s servers and managing them via VSphere.
  • Managing a hacking incident. Detecting the attack, blocking access, fixing damages, and coming up with security procedures to prevent future incidents.
  • Designed and established micro-service log and monitoring systems (Elastic Search, Prometheus, Grafana)
  • Data storage, caching, replication, and object storage. (Redis, Mongodb, PostgreSQL, MinIO)
  • Load balancing to handle millions of concurrent requests. (Nginx, Traefik)
  • Implemented a variety of features for the web application; including user management, media services, and developing a program which simulated the whole ride scenario. (Node.js, Python)
  • Implemented a dynamic automatic pricing model based on analyzing ride supply and demand. (Node.js, Python)
 
 
 
 
 
Lambede
Co-Founder and Software Engineer
Lambede
Jul 2016 – Aug 2017 Tehran
Lambede was a platform similar to Task Rabbit that connected people who needed services with experts willing to work. This project was me and my friend’s startup idea during our undergrad. I Designed and developed the entire web application from scratch. (Node.js, MongoDB, HTML, CSS)
 
 
 
 
 
Tandori
Software Engineer
Tandori
Sep 2016 – May 2016 Tehran
Tandori was my first freelance project that now has become successful and is having a decent user base. I Designed and implemented the web application for this cooking education network and social media. (Node.js, MongoDB, PostgreSQL)
 
 
 
 
 
Datanik
Software Engineer
Datanik
Sep 2014 – Aug 2015 Tehran

I was involved in developing a language learning website which used movie pieces to teach new languages to its users. My Tasks:

  • Using Text Mining to examine the language difficulty of a movie by going through its subtitle. (Python)
  • Full Stack website development. (Django, HTML, CSS, JavaScript, Bootstrap, MySQL)
  • Implement Video Streaming feature for the web app (JavaScript)

Publications

Seyed Ali Akhavani, Bahruz Jabiyev, Engin Kirda (2023). TroWAF: Bypassing web application firewalls using http request fuzzing. under submission.

Seyed Ali Akhavani, Engin Kirda, Amin Kharraz (2022). PriveShield: Enhancing User Privacy Using Automatic Isolated Profiles in Browsers. under submission.

Seyed Ali Akhavani, Jordan Jueckstock, Junhua Su, Alexandros Kapravelos, Engin Kirda, Long Lu (2021). Browserprint: An Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy. ISC 2021.

PDF Cite

Justin Raynor, Seyed Ali Akhavani, Alseny D. Bah, Tucker Brouillard, Brittany Gaston, Christopher O'Keefe (2021). Internet Regulation vs. Freedom of Speech: A Cyberlaw Case Study of Section 230. SSRN.

PDF DOI

Computer Skills

Programming Languages & Frameworks

  • Experienced in C, C++, Python, Node.js, Flask, Javascript
  • Familiar with Java, R, Ruby on Rails, Django, D3.js

Tools and Services

  • Experienced in Amazon AWS, Docker, Docker Swarm, Linux, Redis, Rabbitmq, Nginx, PostgreSQL, Mongodb, Traefik, MinIO, Salt, Prometheus, Grafana, Elastic, VMware, VSphere, Git, GDB
  • Familiar with Kubernetes, Kafka, Ansible, Memcached

Honors and Awards

  • Blackhat USA Student Scholarship (2022 & 2023)
  • Best Undergraduate Thesis Project Award (2018)

    BSc Thesis “Constructing and Analyzing Bitcoin Transaction Graph”. Extracting transaction data from different cryptocurrency blockchains and analyzing cryptocurrencies’ transaction graph. (Bitcoin and Ethereum)

  • ACM Student Chapter Excellence Award (2016)

Teaching Experience

Teaching Assistant

  • Software Vulnerabilities and Security - 2022 - Northeastern University
  • Network Security - 2018 - University of Tehran
  • Operating Systems - 2018 - University of Tehran
  • Internet Engineering - 2018 - University of Tehran
  • Software Engineering - 2018 - University of Tehran

Coding Mentor

  • Web Development Instructor - Jul-Oct 2017 - University of Tehran.
    • Teaching Node.js, HTML, and CSS to new computer engineering students in ACM summer of code event.

Volunteer Experience

  • Event Organizer at UTsec CTF Workshop and Contest - University of Tehran - Feb 2016
    • Organizing a CTF contest and security workshop with topics related to Web Exploitation, Forensics, Reverse Engineering, and other cybersecurity materials.
  • Executive Editor F1 Scientific Magazine - University of Tehran - Jul-Sept 2015
  • ‌Board Member of ACM Student Chapter - University of Tehran - 2015-2017
    • Organizing coding contests, talks, workshops, and classes.