Currently developing Probely technology and business, mostly focusing on improving the vulnerability detection capabilities.
Before that, I have worked for almost 12 years at Portugal Telecom, most of them in the web security team of SAPO which I co-founded with another teammate. In those days I tested site security, trained developers to code securely, provided all-around security consultancy and earned CPEs. Before SAPO, I spent a few years reverse-engineering traffic from proprietary applications and taking care of a countrywide network of honeypots.
I’m also a Security Researcher at Cobalt and a trainer at Citeforma, delivering courses about Linux and Network Security.
I hold a Master in Information Technology/Information Security by the Carnegie Mellon University and CISSP certification.
I’m a frequent speaker at security events, such as Codebits, Just4Meeting, ISEL Tech, Confraria da Segurança da Informação and recently at the BSides Lisbon conference. Slides and more info are available at http://www.linkedin.com/in/tiagomendo.
For the last few years, my team organizes a Capture The Flag security contest inside Pixels Camp (previously Codebits) where participants have to break in a number of web applications to get the flags, competing against other teams.
The Probely team will, again, organize the security capture the flag (CTF) competitions on this edition of Pixels Camp. The CTF will take place at Pixels Camp, a 3 day non-stop tech event with talks, workshops and a 48 hour programming competition, held in Lisbon, Portugal, which had over 1000 attendees last year. Pixels Camp is organized by Bright Pixel, one of our investors.
Our CEO and Co-Founder Nuno Loureiro was recently interviewed by Safety Detectives. He talked about our history and goals when we decided to build Probely, and briefly explains what keeps Probely ahead of the competition.
Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities. Until now.
Explore the web app security checklist from probely to ensure website security. The checklist enables developers to self-assess the code before any deployment
Cryptojacking is the digital version of it — it’s when the hacker steals your computer’s resources and uses them to harvest cryptocurrency. Mining is only a viable business if the cost of the computing power and electricity required to operate and cool down your systems is significantly lower than the monetary gain you get from mining.
Facebook announced it suffered an attack that affected almost 50 million users. The hack required the chaining of multiple vulnerabilities, being one of them in the “View As” feature, that help users control their privacy by previewing how other users see their profile.
