Philippe Arteau

Senior Staff Product Security Engineer at ServiceNow

Montreal, Quebec, Canada
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Philippe Arteau is a Senior Staff Product Security Engineer with 15 years of experience, currently focused on web application penetration testing and security code review at ServiceNow. With a software development background, he builds tooling to accelerate security assessments and has contributed prominent improvements to open-source projects like Find Security Bugs, SpotBugs/Sonar integrations, and the OWASP Benchmark test suite. His work on J2EEScan and various SpotBugs plugins demonstrates deep expertise in Java webapp vulnerability detection, reducing false positives and expanding coverage for complex issues such as OGNL and XSLT injection. Philippe frequently presents on web application security and combines hands-on offensive testing with practical detector engineering. Based in Montreal, he brings a pragmatic, engineering-first approach to product security that surfaces subtle server/version-specific information disclosures often missed by generic scanners.
code15 years of coding experience
bookDEC, DEC at Collège de Maisonneuve
bookBAC, BAC at École de technologie supérieure
stackoverflow-logo

Stackoverflow

Stats
6,451reputation
1.6mreached
102answers
6questions
Badges
python-requests
top-5%
sqlite
top-1%
java
top-5%
stored-procedures
top-1%
pdf
top-5%
github-logo-circle

Github Skills (53)

stored-procedures10
javascript10
sqlite10
burp10
sonarqube10
web-application-security10
vulnerability10
it-security10
findbugs10
java10
security10
regular-expression10
javas10
security-testing10
security-vulnerability10

Programming languages (17)

C#JavaCSSCRustScalaGoHTML

Github contributions (5)

github-logo-circle
spotbugs/sonar-findbugs

Feb 2015 - Apr 2019

SpotBugs plugin for SonarQube
Role in this project:
userBackend Developer & Security Engineer
Contributions:8 releases, 1 review, 159 commits in 4 years 2 months
Contributions summary:Philippe contributed significantly to the SonarQube Findbugs plugin, focusing on security-related features and improvements. They introduced and updated security-focused profiles, incorporating rules for detecting vulnerabilities and improving the accuracy of the scan. Their work included refactoring code, adding support for JSP files, and fixing issues with the SMAP metadata, demonstrating a deep understanding of security analysis and Java. Furthermore, they updated the plugin's dependencies and adjusted the rulesets and tests.
sonarqube-pluginspotbugsfindbugssonarqubespotbugs-plugin
find-sec-bugs/find-sec-bugs

May 2012 - Jul 2022

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Role in this project:
userBack-end & Security Engineer
Contributions:19 releases, 39 reviews, 933 commits in 10 years 3 months
Contributions summary:Philippe contributed extensively to security features in the Find Security Bugs plugin, including new detectors for servlet inputs, XSLT vulnerabilities, and OGNL injection. They improved the accuracy of existing detectors, such as those for SQL injection and trust boundary violations, while simultaneously addressing false positives. The user also implemented and integrated additional libraries, such as Apache Commons Codec, to identify security vulnerabilities.
groovyjava-webstatic-analysissecurity-auditweb-applications
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Philippe Arteau - Senior Staff Product Security Engineer at ServiceNow