pauloasilva.com

┏┓    ┓    ┏┓   ┏┓•┓    
┃┃┏┓┓┏┃┏┓  ┣┫   ┗┓┓┃┓┏┏┓
┣┛┗┻┗┻┗┗┛  ┛┗•  ┗┛┗┗┗┛┗┻

Twitter, GitHub, LinkedIn

AppSec

Volunteering

OWASP API Security Project (GitHub)
- OWASP API Security Top 10
  - 2019 Edition (PDF: English, Português (Portugal))
  - 2023 Edition
OWASP Go Secure Coding Practices Guide (GitHub)
- Download: PDF, MOBI, ePub
OWASP Top Ten (GitHub)
- 2017 Edition: English, Português (Portugal)
OWASP Cheat Sheet Series (GitHub)
- GraphQL Cheat Sheet
OWASP Secure Coding Practices - Quick Reference Guide
- v2 (Stable): English, Português (Portugal)

Educational Materials

OWASP Top 10 Security Fundamentals (EC-Council Course)
The Hands-on Approach to Master the Ten Most Critical Web Application Security Risks
Kotlin Secure Coding Practices (GitHub) + Goatlin (aka Kotlin Goat)
JavaScript Secure Coding Practices
- Download: PDF, MOBI, ePub

Ethical Hacking (at least public ones)

Porsche (The Hacker News)
Topdesk (CVE-2023-34923)
Oppia (CVE-2021-41735, CVE-2021-41734, CVE-2021-41733)
Deskpro (SC Magazine, Digital Anarchist)
Coursera (ZDNet, Threatpost, TechRadar)
SoundCloud (Threatpost, BleepingComputer)

Talks, Publications & Presentations

Navigating the Shadows: Understanding API Security Through History - NMFTA Cybersecurity Conference 2024
Speed Bumps and Speed Hacks: Adventures in Car Manufacturers Security - DEF CON 32 AppSec Village
OWASP API Security Project - OWASP Global AppSec Lisbon 2024
Knock, Knock. Who's There? Bot. Bot, Who? Bot everything already - Dashlane Security Seminar 2024
Speeding Through Cybersecurity: A Comedy of Car Manufacturers Compromises! - RootedCON Portugal 2024
Navigating the Risks of Web Applications and APIs in the Automotive Industry - Integration Tomorrow 2024
Guardians of the Gateway: Unveiling API Security Secrets - NMFTA Cyber Webinar Series
Which came first: cars' safety or manufacturers' security? - BSides Lisbon 2023
OWASP API Security Top 10 from attackers' perspective - OWASP Beja meetup
Web Apps: APIs' Nightmare - BSides Ahmedabad 2023
API Security glimpse: quick guide for integrators - Integration Tomorrow 2023
OWASP API Security TOP 10: hands-on approach - OWASP Cairo meetup
OWASP API Security Top 10: from attackers' perspective - OWASP Lisboa Meetup
GraphQL: great flexibility, new attack vectors - {api:world} 2022
Evolution of the OWASP API Security Top 10 - apisecure 2022
API (in)Security TOP 10: Guided tour - DEF CON 28SM AppSec Village
BSides Lisbon 2017 - Crafting the next-generation Man-in-the-Browser Trojan
A Race Condition in Kubernetes (PoC Video, Discussion, Pull Request by Lubomir I. Ivanov)
Solidity and Smart Contracts from a Security Standpoint
Solidity Top 10 Common Issues
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and Ave

Personal Projects (FOSS)