The Wayback Machine - https://web.archive.org/web/20250912205353/https://github.com/fabionoth
Skip to content
View fabionoth's full-sized avatar
attention
attention
111 followers · 114 following

Achievements

Achievement: Pull Sharkx2Achievement: YOLOAchievement: Starstruckx3Achievement: Arctic Code Vault Contributor

Achievements

Achievement: Pull Sharkx2Achievement: YOLOAchievement: Starstruckx3Achievement: Arctic Code Vault Contributor

Block or report fabionoth

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
fabionoth/README.md

👋 Hi, I’m Fabio N.

Sr. Application Security Engineer • CEH
Brazil · Web3 & AppSec · DevSecOps & Automation

LinkedIn Email Focus

🚀 About me

Security engineer with 10+ years across application security, penetration testing, and blockchain/Web3 auditing.
I build secure SDLCs, automate threat mitigation, and help dev teams ship safely.

  • Sr AppSec Engineer @ COFCO International — integrating DevSecOps on Azure, automating vulnerability remediation with logging/monitoring pipelines and code analysis.
  • Blockchain Security Auditor @ Hacken — research on Web3/DApps, code review, vulnerability analysis.
  • Past roles include AppSec/pentesting at Mercado Livre, Intuition Machines, TechBiz Forense Digital, and an earlier foundation in software engineering.

“Security is not a product, but a process.” — Bruce Schneier

🧰 Toolbelt

AppSec & Pentest: Burp Suite · OWASP ZAP · Metasploit · Nmap · Nikto · Fortify (SAST) · DAST
DevSecOps: Azure DevOps · CI/CD hardening · Code Scanning · Policy as Code · Ansible
Cloud/Infra & Ops: Linux (CentOS) · SIEM · Logging/Monitoring · Incident Response
Code: Python · Java · JavaScript · Flask · Git · HTML
Data: PostgreSQL · MySQL

🧪 What I like to work on

  • Threat modeling & secure design reviews
  • SAST/DAST/Secrets/Dependencies automation in CI
  • Web & mobile pentests, API security, OWASP Top 10
  • Web3/DApps code review, vuln research, PoCs
  • Developer enablement: fix-first guidance, guardrails, reusable templates

📌 Featured projects

  • Awesome Cyber Security — Curated list of security tools, libraries, docs, and resources.
    #security #appsec #pentest

  • Awesome Web3 Security — Curated resources for smart contracts and Web3 defense.
    #web3 #smartcontracts #dapps

Want a quick tour? Open an issue and I’ll add examples, sample PoCs, and walkthroughs.

🏅 Certifications & Education

  • CEH — Certified Ethical Hacker
  • CCNA (Intro to Networks)
  • B.Sc. in Computer Science — FAAFI
  • Courses: Web Application Intrusion Testing · OOP (Java) · JavaScript

🌐 Find me

📈 By the numbers (optional)

GitHub Stats Top Langs

🤝 How I can help

  • Set up or uplift secure SDLC and DevSecOps
  • Pentest & code review (Web, API, Mobile, Smart Contracts)
  • Threat modeling, security coaching, and playbooks

If you want to collaborate, open a discussion or reach out on LinkedIn.
Thanks for stopping by! ✨

Pinned Loading

  1. awesome-cyber-security awesome-cyber-security Public

    A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

    1.7k 233

  2. awesome-web3-security awesome-web3-security Public

    A curated list of awesome Web3 Security.

    16 3

  3. zap-api zap-api Public

    Simple OWASP-ZAP API that makes spider and scanner in your web application.

    Python 12 3

  4. Guide to using db_nmap Guide to using db_nmap
    1 
    #Start postgres
    2 
    root@kali ~# systemctl start postgresql
    3 
    
              
    
              
    
                4
                
    #Start metasploit database
    
              
    
              
    
                5
                
    root@kali ~# msfdb init 
    
              
    
          
    
    
    
  
    

    5.