Federico Dotta is a Principal Security Analyst based in Turin with 15 years in IT security and 11 years focused on application security, leading teams and customer-facing projects. He specializes in proactive services—penetration testing, red teaming and bespoke R&D—across complex web and mobile applications, networks and IoT. Federico blends hands-on exploitation skills with tooling development, contributing core features to notable Burp Suite extensions like Autorize and Brida that bridge Frida and Burp for mobile/vulnerable app analysis. He has a strong academic foundation (Master’s and Bachelor’s with honors from the University of Turin) and a track record of improving detection and automation for Java deserialization and authorization issues. A regular speaker at national and international conferences, he pairs pragmatic security delivery with continuous research and training. Colleagues describe him as a technically curious leader who turns offensive research into practical defenses and reusable tools.
11 years of coding experience
1 year of employment as a software developer
Master’s degree in Computer Science, Networks and Systems, 110/110 with honors, Master’s degree in Computer Science, Networks and Systems, 110/110 with honors at University of Turin
Contributions:12 releases, 108 commits, 1 PR in 4 years 11 months
Contributions summary:Federico contributed significantly to the Brida project, focusing on bridging Burp Suite and Frida. Their work included initial release, code changes in the Java interface, and updates to the GUI with added features like console output and JS editor implementation. The user also incorporated Android and iOS specific hooks and functions. They demonstrated skills in UI development and extending functionalities.
All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities
Role in this project:
Back-end Developer
Contributions:8 releases, 57 commits, 4 PRs in 6 years
Contributions summary:Federico primarily contributed to the development of a Burp Suite plugin for detecting and exploiting Java deserialization vulnerabilities. Their work focused on enhancing the plugin's functionality by adding various payloads and attack vectors for different Java versions and libraries, including support for Commons Collections and Spring. The user also added a manual testing mode and improved the GUI. Furthermore, the user implemented DNS, URLDNS, and CPU-based testing capabilities to detect vulnerabilities.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Federico Dotta - Principal Security Analyst at HN Security