Senior Staff Product Security Engineer at ServiceNow
Montreal, Quebec, Canada
Join Prog.AI to see contacts
Join Prog.AI to see contacts
Summary
🤩
Rockstar
🎓
Top School
Philippe Arteau is a Senior Staff Product Security Engineer with 15 years of experience, currently focused on web application penetration testing and security code review at ServiceNow. With a software development background, he builds tooling to accelerate security assessments and has contributed prominent improvements to open-source projects like Find Security Bugs, SpotBugs/Sonar integrations, and the OWASP Benchmark test suite. His work on J2EEScan and various SpotBugs plugins demonstrates deep expertise in Java webapp vulnerability detection, reducing false positives and expanding coverage for complex issues such as OGNL and XSLT injection. Philippe frequently presents on web application security and combines hands-on offensive testing with practical detector engineering. Based in Montreal, he brings a pragmatic, engineering-first approach to product security that surfaces subtle server/version-specific information disclosures often missed by generic scanners.
Contributions:8 releases, 1 review, 159 commits in 4 years 2 months
Contributions summary:Philippe contributed significantly to the SonarQube Findbugs plugin, focusing on security-related features and improvements. They introduced and updated security-focused profiles, incorporating rules for detecting vulnerabilities and improving the accuracy of the scan. Their work included refactoring code, adding support for JSP files, and fixing issues with the SMAP metadata, demonstrating a deep understanding of security analysis and Java. Furthermore, they updated the plugin's dependencies and adjusted the rulesets and tests.
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Role in this project:
Back-end & Security Engineer
Contributions:19 releases, 39 reviews, 933 commits in 10 years 3 months
Contributions summary:Philippe contributed extensively to security features in the Find Security Bugs plugin, including new detectors for servlet inputs, XSLT vulnerabilities, and OGNL injection. They improved the accuracy of existing detectors, such as those for SQL injection and trust boundary violations, while simultaneously addressing false positives. The user also implemented and integrated additional libraries, such as Apache Commons Codec, to identify security vulnerabilities.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Philippe Arteau - Senior Staff Product Security Engineer at ServiceNow