Speed Bumps and Speed Hacks: Insights into Automotive Application Security
The Department of Computer Engineering (DEI) of the Engineering Institute of Porto (ISEP), in collaboration with the Master in Computer Engineering (MEI), invites to participate in another lecture, this time with the theme “Speed Bumps and Speed Hacks: Insights into Automotive Application Security”, which will take place on november 17th at 6:00 PM, at ISEP.
Abstract
Since the advent of the automobile, manufacturers have placed significant emphasis on physical safety. However, as vehicles become increasingly connected and software-driven, the focus must also extend to the security of their digital ecosystems.
This lecture explores the results of an extensive security assessment conducted across the web applications and digital platforms of several major automotive manufacturers. The research identified multiple vulnerabilities - some rooted in long-known security issues - that collectively demonstrate how traditional web application flaws continue to impact modern, high-profile industries.
The session will discuss:
- How legacy web vulnerabilities persist in contemporary automotive ecosystems.
- Techniques for chaining seemingly minor issues to achieve impactful, real-world exploits.
- TThe prevalence and risks associated with outdated or unpatched third-party components.
- The importance and tangible benefits of responsible disclosure programs in strengthening organizational security posture.
Through a combination of technical analysis and real-world case studies, this lecture aims to provide students with practical insights into the intersection of web application security and the automotive sector—illustrating how core AppSec principles remain critical, even in highly advanced technological domains.
As a bonus activity, if time allows and students have access to a computer with a web browser, attendees will have the opportunity to "play the hacker" and collectively hunt for a vulnerabilities. Participants will be responsible for preparing a responsible disclosure report for any valid findings, in full compliance with ethical standards.
- Oradores
- Data e local
- Inscrições
- Informação Adicional
Paulo Silva is a security practitioner with a solid background in software development, who has spent the last decade focused on identifying critical vulnerabilities and breaking software. Paulo is a long-time OWASP volunteer and co-leader of the OWASP API Security Project, where he advocates for secure API practices and contributes significantly to mitigating security risks in the API landscape.
https://pauloasilva.com
https://www.linkedin.com/in/devpauloasilva/
Data: 2025-11-17
Horário: 6:00 PM
Local: The event will take place in room B401.
O evento não necessita de inscrição prévia.
Para mais informações: qtdei@dei.isep.ipp.pt
Organização: This lecture is organized by QTDEI in collaboration with the Master in Informatics Engineering (MEI) of the Engineering Institute of Porto (ISEP).