AppSec
Volunteering
-
OWASP API Security Project
(GitHub)
- OWASP API Security Top 10
- OWASP Go Secure Coding Practices Guide (GitHub)
-
OWASP Top Ten
(GitHub)
- 2017 Edition: English, Português (Portugal)
- OWASP Cheat Sheet Series (GitHub)
-
OWASP Secure Coding Practices - Quick Reference Guide
- v2 (Stable): English, Português (Portugal)
Educational Materials
-
OWASP Top 10 Security Fundamentals (EC-Council Course)
The Hands-on Approach to Master the Ten Most Critical Web Application Security Risks
- Kotlin Secure Coding Practices (GitHub) + Goatlin (aka Kotlin Goat)
- JavaScript Secure Coding Practices
Ethical Hacking (at least public ones)
Talks, Publications & Presentations
- Navigating the Shadows: Understanding API Security Through History - NMFTA Cybersecurity Conference 2024
- Speed Bumps and Speed Hacks: Adventures in Car Manufacturers Security - DEF CON 32 AppSec Village
- OWASP API Security Project - OWASP Global AppSec Lisbon 2024
- Knock, Knock. Who's There? Bot. Bot, Who? Bot everything already - Dashlane Security Seminar 2024
- Speeding Through Cybersecurity: A Comedy of Car Manufacturers Compromises! - RootedCON Portugal 2024
- Navigating the Risks of Web Applications and APIs in the Automotive Industry - Integration Tomorrow 2024
- Guardians of the Gateway: Unveiling API Security Secrets - NMFTA Cyber Webinar Series
- Which came first: cars' safety or manufacturers' security? - BSides Lisbon 2023
- OWASP API Security Top 10 from attackers' perspective - OWASP Beja meetup
- Web Apps: APIs' Nightmare - BSides Ahmedabad 2023
- API Security glimpse: quick guide for integrators - Integration Tomorrow 2023
- OWASP API Security TOP 10: hands-on approach - OWASP Cairo meetup
- OWASP API Security Top 10: from attackers' perspective - OWASP Lisboa Meetup
- GraphQL: great flexibility, new attack vectors - {api:world} 2022
- Evolution of the OWASP API Security Top 10 - apisecure 2022
- API (in)Security TOP 10: Guided tour - DEF CON 28SM AppSec Village
- BSides Lisbon 2017 - Crafting the next-generation Man-in-the-Browser Trojan
- A Race Condition in Kubernetes (PoC Video, Discussion, Pull Request by Lubomir I. Ivanov)
- Solidity and Smart Contracts from a Security Standpoint
- Solidity Top 10 Common Issues
- OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave