#2 Tango

OWASP Porto Chapter meetup: May 29th, 2024, at 18:00, with support from FinTrU.

We are excited to bring you two great talks and hope you join us in our next meetup!

Schedule:
18:00 - Intro and Welcome by the OWASP Porto chapter leadership
18:15 - From Theory to Practice: Navigating the Challenges of Vulnerability Research by Raphael Silva
19:00 - Harnessing Reachability Analysis to Discern Real Threats in Software Dependencies by Joseph Hejderup
20:00 - Drinks & Dinner by FinTrU

CHECKIN REQUIRED: You will be asked to register your information (such as name, email, and company) at the reception desk. This is required to attend the event. Please arrive early!

(scroll down for venue details)
-------------------------------------------------------------------------------------------------------
Talks:

Title: From Theory to Practice: Navigating the Challenges of Vulnerability Research
Presenter: Raphael Silva

Abstract:
Transitioning from theoretical knowledge to the practical aspect in web security often presents some extra challenges. Real-world scenarios introduce complexities such as bad character filters and Web Application Firewalls (WAFs), demanding the researcher to investigate some way to bypass these restrictions. Here are some of our learnings: 1) Drawing from collaborative efforts and senior industry research becomes pivotal. 2) Embracing failure as a learning experience is fundamental. 3) Learn a bit about how ethical security research faces legal hurdles in countries like Portugal, hindering progress and discouraging potential researchers. Navigating this bridge from theory to practice in web security requires technical prowess and resilience, and I hope to share some of my learnings from this journey with you in this talk.

Bio:
I’m Raphael Silva, an AppSec Analyst at Checkmarx. I've participated in public speaking and public-facing activities, notably a Code Review workshop at AppSec Village at DEFCON30 and talks about AI and AppSec at my former university. I’ve found multiple vulnerabilities in open-source products over the years. I’m always looking for ways to expand my knowledge in the field, be that sharpening my technical skills by reading innovative research, practicing in CTFs, engaging in some bug bounty hunting, and taking certifications. I'm eWPTXv2 certified and currently enrolled in OSCP.

Linkedin: https://www.linkedin.com/in/raphaelcssilva/
Twitter: https://twitter.com/0x_rcss

---

Title: Harnessing Reachability Analysis to Discern Real Threats in Software Dependencies
Speaker: Joseph Hejderup

Abstract:
In this talk, we will dive into the shortcomings of traditional dependency analysis methods, which usually focus on building manifests and metadata, to spot security or performance vulnerabilities in Java projects. While tools like Maven Dependency Checker and Gradle's dependency-analysis plugin are invaluable for managing dependencies, they often fall short when we need quick and precise answers, forcing developers to lean on time-consuming tests and manual code reviews. We believe that a thorough look at how dependencies are actually used in the code—with the help of static and reachability analyses—can be a more effective way to pinpoint real threats in Java dependencies.
Our goal is to provide attendees with practical strategies for using static and reachability analyses, promoting a more detailed method for managing dependencies and finding vulnerabilities in software applications.

Bio:
Part-time developer, part-time PhD student, and full-time enthusiast in developing and researching techniques that make package management systems more intelligent and resilient against supply chain problems! Joseph Hejderup (Researcher/Software Engineer at Endor Labs & PhD student at Delft University of Technology) is applying program analysis techniques to understand better how we use third-party components and what risks third-party components entail from a security and maintenance perspective.

Linkedin: https://www.linkedin.com/in/josephhejderup/
Twitter: https://twitter.com/jhejderup
-------------------------------------------------------------------------------------------------------
How to get there

FinTRU, R. de Santa Catarina 1232, Porto.

Please head to FinTRU's reception. Our FinTrU hosts will happily guide you to Room SC.02.08.

CHECKIN REQUIRED: Please arrive early. Our host must register every visitor. You will be asked for some information about yourself, which is required to attend the event.