Ali Akhavani

Ali Akhavani

PhD Candidate

Northeastern University

Boston, MA

About Me

I am a Ph.D. candidate at Northeastern University working as a Research Assistant at Secure Systems Lab (SecLab) under supervision of Professor Engin Kirda. My research is currently focused on Web Security and Privacy and I am working on finding methods to bypass Web Application Firewalls (WAFs) by mutating HTTP requests using fuzzing approaches. I have previously worked on browser fingerprinting, and preserving user privacy by limiting the data shared between ad exchanges by adding security layers to the browsers.

Besides research, I have around 4 years of work experience in the industry as a DevOps and Software Engineer which helped me improve my technical skills by working in agile teams with lots of technical challenges to explore.

Interests
  • Web Security and Privacy
  • Web Application Firewalls
  • Browser Security and Web Tracking
  • DevOps
Education
  • PhD in Computer Science, (2019-present)

    Northeastern University

  • BSc in Computer Engineering, (2014-2019)

    University of Tehran

Experience

Work and Research Experience

 
 
 
 
 
Systems Security Lab (SecLab)
Research Assistant
Sep 2019 – Present Boston, MA

Responsibilities include:

  • Using automated fuzzing approaches to mutate HTTP requests and bypass web application firewalls. (WAF)
  • Enhancing User Privacy Using Automatic Isolated Profiles in Browsers by adding an extra layer of security to browsers to prevent re-targeted ads from being displayed which use cookie syncing methods. (PriveShield)
  • Analysis of the Impact of Browser Features on Browser Fingerprinting and generating a public list of browser fingerprinting APIs. (Browserprint)
  • Organizing and participating in voluntary CTF training groups and web security paper readings.
 
 
 
 
 
TAPSI
Software Engineer
Jun 2017 – Aug 2019 Tehran

Tapsi is a private-cab e-hailing and ride-sharing platform equivalent to Uber which is used by millions of users daily. I started there as intern, then was offered a full-time job, and was promoted to senior level later. My contributions were focused on DevOps projects and Software Development including:

  • Co-designed the base infrastructure of a project with more than 20 micro-services. This needed communication between multiple teams.
  • Improved the product’s performance and number of concurrent rides by 300%. From 5k online rides to more than 20k)
  • Reduced web application’s response time by 50% by optimizing inter-service communication between micro-services. Setting up message queues, pub-sub, and stateless http messaging. (Rabbitmq, Redis)
  • Deployment automation and containerization of the products’ huge code base. (Docker, Docker Swarm (formerly), Kubernetes, Salt, Gitlab CI).
  • Setting up VMware ESXi on company’s servers and managing them via VSphere.
  • Managing a hacking incident. Detecting the attack, blocking access, fixing damages, and coming up with security procedures to prevent future incidents.
  • Designed and established micro-service log and monitoring systems (Elastic Search, Prometheus, Grafana)
  • Data storage, caching, replication, and object storage. (Redis, Mongodb, PostgreSQL, MinIO)
  • Load balancing to handle millions of concurrent requests. (Nginx, Traefik)
  • Implemented a variety of features for the web application; including user management, media services, and developing a program which simulated the whole ride scenario. (Node.js, Python)
  • Implemented a dynamic automatic pricing model based on analyzing ride supply and demand. (Node.js, Python)
 
 
 
 
 
Lambede
Co-Founder and Software Engineer
Jul 2016 – Aug 2017 Tehran
Lambede was a platform similar to Task Rabbit that connected people who needed services with experts willing to work. This project was me and my friend’s startup idea during our undergrad. I Designed and developed the entire web application from scratch. (Node.js, MongoDB, HTML, CSS)
 
 
 
 
 
Tandori
Software Engineer
Sep 2016 – May 2016 Tehran
Tandori was my first freelance project that now has become successful and is having a decent user base. I Designed and implemented the web application for this cooking education network and social media. (Node.js, MongoDB, PostgreSQL)
 
 
 
 
 
Datanik
Software Engineer
Sep 2014 – Aug 2015 Tehran

I was involved in developing a language learning website which used movie pieces to teach new languages to its users. My Tasks:

  • Using Text Mining to examine the language difficulty of a movie by going through its subtitle. (Python)
  • Full Stack website development. (Django, HTML, CSS, JavaScript, Bootstrap, MySQL)
  • Implement Video Streaming feature for the web app (JavaScript)

Publications

(2023). TroWAF: Bypassing web application firewalls using http request fuzzing. under submission.

(2022). PriveShield: Enhancing User Privacy Using Automatic Isolated Profiles in Browsers. under submission.

(2021). Browserprint: An Analysis of the Impact of Browser Features on Fingerprintability and Web Privacy. ISC 2021.

PDF Cite

(2021). Internet Regulation vs. Freedom of Speech: A Cyberlaw Case Study of Section 230. SSRN.

PDF DOI

Computer Skills

Programming Languages & Frameworks

  • Experienced in C, C++, Python, Node.js, Flask, Javascript
  • Familiar with Java, R, Ruby on Rails, Django, D3.js

Tools and Services

  • Experienced in Amazon AWS, Docker, Docker Swarm, Linux, Redis, Rabbitmq, Nginx, PostgreSQL, Mongodb, Traefik, MinIO, Salt, Prometheus, Grafana, Elastic, VMware, VSphere, Git, GDB
  • Familiar with Kubernetes, Kafka, Ansible, Memcached

Honors and Awards

  • Blackhat USA Student Scholarship (2022 & 2023)
  • Best Undergraduate Thesis Project Award (2018)

    BSc Thesis “Constructing and Analyzing Bitcoin Transaction Graph”. Extracting transaction data from different cryptocurrency blockchains and analyzing cryptocurrencies’ transaction graph. (Bitcoin and Ethereum)

  • ACM Student Chapter Excellence Award (2016)

Teaching Experience

Teaching Assistant

  • Software Vulnerabilities and Security - 2022 - Northeastern University
  • Network Security - 2018 - University of Tehran
  • Operating Systems - 2018 - University of Tehran
  • Internet Engineering - 2018 - University of Tehran
  • Software Engineering - 2018 - University of Tehran

Coding Mentor

  • Web Development Instructor - Jul-Oct 2017 - University of Tehran.
    • Teaching Node.js, HTML, and CSS to new computer engineering students in ACM summer of code event.

Volunteer Experience

  • Event Organizer at UTsec CTF Workshop and Contest - University of Tehran - Feb 2016
    • Organizing a CTF contest and security workshop with topics related to Web Exploitation, Forensics, Reverse Engineering, and other cybersecurity materials.
  • Executive Editor F1 Scientific Magazine - University of Tehran - Jul-Sept 2015
  • ‌Board Member of ACM Student Chapter - University of Tehran - 2015-2017
    • Organizing coding contests, talks, workshops, and classes.