Jason Geffner

Learn how Microsoft scales Dynamic Application Security Testing (DAST) with automation. Check out Jason Geffner's blog post and BlueHat talk: ➡️MSRC blog: msrc.microsoft.com/blog/2025/01/s… ➡️BlueHat talk: youtube.com/watch?v=kfuOzD…

@JaredDeMott @MSFTBlueHat @JaredDeMott, you might get to hear more about this DAST work in an upcoming BlueHat Podcast ;)

@MSFTBlueHat Good stuff I love listening to the blue hat podcast!

To ensure the security of Microsoft's web services and protect our customers, we're using innovative solutions to automate Dynamic Application Security Testing (DAST) at scale. This effort targets thousands of internal and external API web services across Microsoft’s portfolio of 1st party services, which are applications or services that are created, owned, and managed by Microsoft itself. Learn more in our blog post from Jason Geffner, Principal Security Architect at Microsoft: msrc.microsoft.com/blog/2025/01/s…

Take a rare look inside how Microsoft is working to use automated reverse engineering techniques to secure its own web services! youtube.com/watch?v=kfuOzD… #BlueHat

📣SPEAKER ANNOUNCEMENT📣 Jason Geffner (@JasonGeffner), Principal Security Architect, Microsoft, will be presenting a talk titled “How Microsoft is Scaling DAST” at #BlueHat. Jason is an information security professional with an extensive history in application security, risk management, malware analysis, threat intelligence, incident response command, endpoint security, security automation, vendor security management, and security research & development.

I'm excited to announce that I'll be speaking at Microsoft BlueHat (@MSFTBlueHat) on October 29th! Full schedule here: cdn-dynmedia-1.microsoft.com/is/content/mic…

We’re sharing our discovery & analysis of four vulnerabilities in Perforce Server, including a critical vulnerability that could give unauthenticated remote attackers complete control over unpatched systems & connected infra. Patches available: msft.it/6013indnt

I recently discovered a new CVSS 10.0 vulnerability in Perforce Helix Core Server that allows for unauthenticated remote code execution (RCE) as LocalSystem. Read all about it and three new CVSS 7.5 vulnerabilities in my blog post below. microsoft.com/en-us/security…

It took me almost 4 hours, but I finally solved this sudoku. Hardest one yet!

So frustrated with acronyms. I asked everyone at work what IDK stands for, and they each said “I don’t know” ☹️ I guess it’ll continue to be a mystery.

DEADLINE EXTENDED!!!! ⏰⚠️🙌⏳🚨➡️ The application to attend #BlueHat October 2023 has been extended to Friday, September 8 at midnight Pacific Time. We hope you can join us from October 11-12, 2023 in Redmond, WA, US. Submit your application today: msft.it/60179ZRCF

He also said I should floss weakly 🤷‍♂️

My dentist told me to brush my teeth knightly, but maybe I misunderstood him.

Saturday morning means making pink princess pancakes for my little princess 🩷

@ianhoyle @Microsoft LOL, I’ve done management at four different companies. It has its pros and cons, but I’ve always loved the more technical work.

One of the great things about working for @Microsoft is the flexibility provided to move from an IC role to a management role, and to move from a management role to an IC role. After making the former move 18 months ago, I am thrilled to make the latter move this month!

I am excited to return to my technical roots and to be hands-on with driving the future of security at Microsoft as a Principal Security Architect!

Do you hate dad-jokes and occasional infosec ramblings? Then you definitely shouldn’t follow me on Threads. @g3ffn3r" target="_blank" rel="nofollow noopener">threads.net/@g3ffn3r

@halvarflake Bleem, VMProtect

Stuxnet and Turla.

@wbm312 Time to revert back to doom-scrolling Fark…