Yousif D.

LinkedIn

Projects


  • Python secure-headers:

    A Python-based command-line tool designed to assess the security posture of web applications by detecting the presence (or absence) of essential HTTP security headers. With just a URL, this tool automatically scans the headers of your web application to ensure that vital security headers—such as Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), Referrer-Policy, Permissions-Policy and X-Content-Type-Options are present in the response. These headers help in protecting clients to your web applicaiton from various attacks like cross-site scripting (XSS), clickjacking, and man-in-the-middle (MITM) attacks. A link to the project can be found HERE.

  • Python Ad-Blocker:

    A Python-based command-line tool that provides a simple and effective solution for blocking ads and trackers across your system. The tool works by downloading a custom hosts file from a specified URL, which contains a list of domains to be blocked. The tool then updates your system’s hosts file, redirecting requests to these domains and preventing ads, tracking scripts, and other unwanted content from loading. With this easy-to-use tool, users can improve their browsing experience by reducing interruptions and enhancing privacy. Developed as a hands-on exploration of system-level networking, file handling, and automation in Python, this project demonstrates an understanding of how DNS resolution and hosts file overrides can be leveraged to enhance privacy and improve the user experience. A link to the project can be found HERE.

  • Web-Armour: Mitigiting Reconnaissance and Vulnerability Scanning in Web Deployments:

    In this work, we propose Web-Armour, a mitigation approach to adversarial reconnaissance and vulnerability scanning of web deployments. The proposed approach relies on injecting scanning impeding delays to infrequently or rarely used portions of a web deployment. We demonstrated in this work that a solution like Web-Armour can effectively lead to thwarting reconnaissance and internet-wide scanning. This work resulted in a paper that was accepted for publication at the Annual Computer Security Application Conference (ACSAC). The paper can be accessed HERE.

  • Prosumer Nanogrids: A cybersecurity Assessment:

    Nanogrids are customer deployments that can generate and inject electricity into the power grid. This work involved performing a cyber-security assessment of nanogrids that are connected to the internet. For this purpose we deployed a real-world like residential PV system and performed a cybersecurity assessment to investigate how these deployments can be compromised by an attacker. Our findings revealed major security concersn that allow an attacker to compromise the nanogrid deployment. Our work was selected for publication in IEEE Access and is available HERE.



Invited Talks


  • Presenter at the "Annual Computer Security Applications Conference (ACSAC)", Waikiki, Hawaii, USA, December 2024
  • Tech Talk at the University of Kansas "Penetration Testing of Web Applicaitons", Lawrence, KS, USA, April 2025.