Author Image

Hi, I am Justus

Justus Juvenary

Cybersecurity Researcher

I’m Justus Juvenary, a dedicated and results-driven cybersecurity professional with a Bachelor’s degree in information security and over three years of industry experience. Skilled in web application security, API penetration testing, DevSecOps, risk assessments, and compliance frameworks like GDPR, PCI DSS, and HIPAA. Beyond my professional work, I share my knowledge and insights through this blog focused on offensive security, contributing to the industry’s collective knowledge. I enjoy learning from other professionals, believing in the power of collaboration and continuous improvement.

Driven by my passion for cybersecurity, I constantly enhance my skills to stay ahead. With expertise in penetration testing, I proactively identify vulnerabilities and secure systems, always seeking ways to become better at what I do. I am eager to connect and collaborate with industry professionals, learning from their experiences and expertise. Together, we can advance cybersecurity practices and build a secure future. Let’s connect and explore how I can contribute to your organization’s security initiatives.

API Penetration Testing
Leadership
Team Work
Hard Working
Critical thinking

Skills

Recent Posts

Hero Image
Escalating Privileges with Sudo

Sudo is a powerful command in Linux that allows users to run commands with elevated privileges. When properly configured, sudo can help ensure system security by enabling users to perform only authorised tasks and preventing unauthorised changes to system files. However, if not configured correctly, sudo can be exploited to escalate privileges and gain access to sensitive system files. In this article, we’ll take a deep dive into sudo and explore some common privilege escalation techniques that attackers can use to exploit sudo.

Monday, May 15, 2023 Read
Hero Image
OWASP API Security Top 10 via VAPI Walkthrough

According to a Gartner report in 2020 APIs account for 90% of the attack surface and are the most frequent attack vector. APIs often handle sensitive data, such as personal information, financial data, and intellectual property. If an API is not properly secured, this data can be easily accessed and stolen by hackers. In fact, some of the recent big data breaches have been due to under-protected APIs. In this blog post, I am going to discuss OWASP top 10 API 2019 vulnerabilities by using VAPI.

Friday, April 28, 2023 Read
Hero Image
Service Misconfiguration

Privilege escalation is a common technique used by penetration testers to test unauthorised access to a system. One way to achieve privilege escalation is through service misconfigurations in Windows. A service is a program that runs in the background on a Windows system, and it can have a variety of functions such as managing network connections, printing, or running scheduled tasks. Services can be configured to run under different user accounts, and some may have higher privileges than others.

Thursday, February 23, 2023 Read

Experiences

1
CyberProtect-Africa

January 2023 - Present

Kaluta street, Kisutu Dar es salaam

CyberProtect Africa offers tailored cybersecurity training and awareness solutions for organizations across Africa. We ensure your protection through employee training, simulated attacks, and personalized recommendations, keeping your business safe from cyber threats.

Cybersecurity Lead

January 2023 - Present

Responsibilities:
  • Policy & Compliance. Develop and implement tailored security policies to ensure compliance with standards like PCI DSS, GDPR, and HIPAA. This minimises legal risks and enhances business credibility.
  • Risk Assessment. Conduct precise security assessments, including web app penetration testing, API penetration testing, and penetration testing, pinpointing vulnerabilities. Clients’ assets remain secure, reducing the potential for costly breaches.
  • Training & Awareness. Create industry-specific training materials and programs, also available in local languages. This empowers client teams, reduces security incidents, and has successfully reduced the two most prevalent cyberattacks in Africa, phishing and business email compromise, along with other forms of social engineering attacks
  • Phishing Testing. Execute targeted phishing simulations to enhance employee awareness. This results in employees becoming more vigilant, which leads to fewer successful phishing attempts, significantly reducing the risk of data breaches.
  • Innovation & Trends. Foster innovation and stay updated on emerging trends. Proactive measures keep clients ahead of evolving threats, safeguarding their operations.
CARRY Popote-Chochote

April 2021 - Dec 2022

Mwenge Dar Es Salaam

Logistics Technology company.

Technical Lead

Nov 2021 - Dec 2022

Responsibilities:
  • Technology Planning. Developed and executed a comprehensive long-term security strategic technology plan, aligning our IT initiatives with the company’s vision of reliable and secure parcel delivery. Additionally, I took on the role of Scrum Master, facilitating collaboration between our app development team and a startup management team with diverse backgrounds.
  • Vendor Partnerships and Payment Gateway Implementation. I was responsible for negotiating with various API providers for seamless collection from customers and disbursement of payments to drivers. This strategic effort resulted in the selection of the most suitable API provider. I worked closely with this provider and our development team to successfully implement a robust payment gateway within the app, enhancing our payment processing capabilities and customer experience.
  • Compliance Implementation (GDPR and PCI DSS). Collaborated extensively with the chosen payment gateway API provider and our internal development team to ensure GDPR and PCI DSS compliance within our app. This included rigorous assessments and adjustments to data handling and security measures, strengthening our commitment to safeguarding customer data and maintaining regulatory compliance.
  • Technology Innovation. Successfully tested and implemented new technologies to improve the performance and user experience of our parcel delivery app, ensuring swift and secure deliveries.
  • CEO Guidance. Provided crucial technology guidance to the CEO, ensuring that our technology strategy seamlessly integrated with the company’s mission of efficient and secure parcel delivery.
  • Technology Alignment. Aligned the company’s technology vision with its overarching goals and objectives, ensuring that our app-driven parcel delivery services remained at the forefront of the industry.
Penetration Tester

April 2021 - Dec 2022

Responsibilities:
  • Penetration Testing. Conducting thorough penetration testing exercises tailored to our delivery app to identify vulnerabilities and enhance its security.
  • Security Reports. Providing detailed vulnerability reports and recommending remediation strategies specific to our delivery platform, ensuring the continued reliability of our services.
  • Security Culture. Encouraging a stronger security culture within our technical teams to safeguard the integrity of our app and customer data.
  • Secure Software Development. Promoting a secure software development framework for our app and training our developers in secure coding best practices to prevent disruptions in parcel deliveries.
  • Flaw Alerting. Promptly alerting our development teams about any identified flaws or vulnerabilities that could affect the seamless operation of our delivery app.
2
3
TYD Innovation Incubator

June 2019 - March 2021

Ilala Dar Es Salaam

TYD Innovation Incubator is a Start-up Innovation Incubator with the solely purpose of providing mentorship to youths who aspire to become outstandingly competent thus enormously contribute to Tanzania’s Socio-economic development.

Junior System Developer

June 2019 - March 2021

Responsibilities:
  • Created a backend online platform called Prasdel with Lavavel, MySQL, and Apache2.
  • Enabled students to acquire practical training and attachments.