From Risk to Resilience: Achieving HIPAA Standards in Your App
Discover essential steps for creating HIPAA-compliant APIs and web applications, ensuring patient data safety in the evolving healthcare sector.
Blog / Tiago Mendo
Tiago Mendo
Currently developing Probely technology and business, mostly focusing on improving the vulnerability detection capabilities.
Before that, I have worked for almost 12 years at Portugal Telecom, most of them in the web security team of SAPO which I co-founded with another teammate. In those days I tested site security, trained developers to code securely, provided all-around security consultancy and earned CPEs. Before SAPO, I spent a few years reverse-engineering traffic from proprietary applications and taking care of a countrywide network of honeypots.
I’m also a Security Researcher at Cobalt and a trainer at Citeforma, delivering courses about Linux and Network Security.
I hold a Master in Information Technology/Information Security by the Carnegie Mellon University and CISSP certification.
I’m a frequent speaker at security events, such as Codebits, Just4Meeting, ISEL Tech, Confraria da Segurança da Informação and recently at the BSides Lisbon conference. Slides and more info are available at http://www.linkedin.com/in/tiagomendo.
For the last few years, my team organizes a Capture The Flag security contest inside Pixels Camp (previously Codebits) where participants have to break in a number of web applications to get the flags, competing against other teams.
Security Testing for Single Page Applications
One of the biggest challenges when it comes to embracing the development of Single-Page Apps is security testing. SPA security testing can’t just be about crawling the frontend URLs and using spiders like in traditional security testing. So how can you make sure you're properly testing your SPAs?
2FA Target Scans Simplified with Probely's DAST
Probely offers a streamlined approach to setting up and performing comprehensive scans on targets protected with 2FA without compromising the robust protection that 2FA offers to your websites and applications.
A Comprehensive Intro Guide to API Security
API security should not be viewed as a luxury, but rather as a requirement. As APIs have become indispensable for modern applications and services in our increasingly interconnected digital landscape, they need safeguards shielding them against the numerous threats and malicious actors of the digital world.
Probely Joins Forces with Security Headers to Enhance Vulnerability and API Scanning Technology
As part of our mission to make security available for everyone in the community, Probely is proud to announce that we are joining forces with Security Headers. Security Headers is a wildly popular tool with the security community having launched almost 250M Security Headers scans to date. This collaboration will allow users of Security Headers to benefit from our shared commitment to keeping security testing open and accessible.
Lessons from our Pod Game Challenge Session in the AppSec Village at RSA
This year was a remarkable experience for us at Appsec Village, and one that we learned a lot: from the level of knowledge of our participants, about how our game ran, and how to make it more efficient for next time. “The Ultimate Appsec Challenge'' was a fun and interactive way to test your Appsec knowledge while racing against the clock.
Security CTF — Start Your Hoodies!
The Probely team will, again, organize the security capture the flag (CTF) competitions on this edition of Pixels Camp. The CTF will take place at Pixels Camp, a 3 day non-stop tech event with talks, workshops and a 48 hour programming competition, held in Lisbon, Portugal, which had over 1000 attendees last year. Pixels Camp is organized by Bright Pixel, one of our investors.
SafetyDetectives Interview with Probely’s CEO
Our CEO and Co-Founder Nuno Loureiro was recently interviewed by Safety Detectives. He talked about our history and goals when we decided to build Probely, and briefly explains what keeps Probely ahead of the competition.
Scan internal applications for vulnerabilities
Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities. Until now.
Web Application Security Testing Checklist
Explore the web app security checklist from probely to ensure website security. The checklist enables developers to self-assess the code before any deployment
