From Theory to Practice - Navigating the Challenges of Vulnerability Research
The Department of Computer Engineering (DEI) of the Engineering Institute of Porto (ISEP), in collaboration with the Master in Computer Engineering (MEI), invites to participate in another lecture, this time with the theme “From Theory to Practice - Navigating the Challenges of Vulnerability Research”, which will take place on 21th November, at 6 pm, at ISEP.
The event will take place in room B301.
Abstract
Transitioning from theoretical knowledge to the practical aspect in web security often presents some extra challenges. Real-world scenarios introduce complexities such as bad character filters and Web Application Firewalls (WAFs), demanding the researcher to investigate some way to bypass these restrictions. Here are some of our learnings: 1) Drawing from collaborative efforts and senior industry research becomes pivotal. 2) Embracing failure as a learning experience is fundamental. 3) Learn a bit about how ethical security research faces legal hurdles in countries like Portugal, hindering progress and discouraging potential researchers. Navigating this bridge from theory to practice in web security requires technical prowess and resilience, and I hope to share some of my learnings from this journey with you in this talk.
- Oradores
- Data e local
- Inscrições
- Informação Adicional
Raphael Silva
I’m Raphael Silva, an AppSec Analyst at Checkmarx. I've participated in public speaking and public-facing activities, notably a Code Review workshop at AppSec Village at DEFCON30 and talks about AI and AppSec at my former university. I’ve found multiple vulnerabilities in open-source products over the years. I’m always looking for ways to expand my knowledge in the field, be that sharpening my technical skills by reading innovative research, practicing in CTFs, engaging in some bug bounty hunting, and taking certifications. I'm eWPTXv2 certified and currently enrolled in OSCP.
AppSec Analyst at Checkmarx
Data: 2024-11-21
Horário: 6pm
Local: room B301
O evento não necessita de inscrição prévia.
Para mais informações: qtdei@dei.isep.ipp.pt
Organização: This lecture is organized by QTDEI in collaboration with the Master in Informatics Engineering (MEI) of the Engineering Institute of Porto (ISEP).