September 23rd, 2010
In 2008, Miguel P. Correia and myself decided to write a book on software security. Two years (of really hard work) after, it is finally available!
The book covers many themes related to software security, namely:
- Vulnerabilities, Attacks and Intrusions
- Buffer overflows, Cross-site scripting, SQL injection
- Protecting against Copy and Modification of Software
- Software Testing and Attack Injection
- Static Code Analysis
- Dynamic Protection Mechanisms
- Virtualization
- Trusted Computing
More details about the book (in portuguese) can be found at its official website, at the publisher (FCA) website, and it can be bought online at FCA | FNAC | Wook
No Comments » | Publications | Permalink
Posted by pjsousa
May 27th, 2010
IBWAS’10:Ibero-American Web Application Security Conference , Nov 11-12, 2010.
Summary:
There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.
As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.
This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
Comments Off on IBWAS’10: Ibero-American Web Application Security Conference | Committees, Organization, Program | Permalink
Posted by pjsousa
December 1st, 2009
14-15th December, 2009
Faculdade de Ciências, Universidade de Lisboa
*see the Academy brochure*
The Carnegie Mellon|Portugal Security and Dependability Academy is an opportunity for professionals of computer science and engineering or related areas, interested in improving their skills, to get in touch with the experts involved in the Dual Carnegie Mellon University – University of Lisboa Master of Science in Information Technology–Information Security (MSIT-IS).
The Academy will provide a sample of the topics taught during the MSIT-IS program through a set of exciting technical lectures and hands-on experiments in the program’s lab, where the attendees will get the chance to try live cyber-attack and defense technologies.
Although inspired by the MSIT-IS, the academy will be interesting on its own as a forum for discussion of the latest concepts in Security and Dependability.
After the lectures and laboratory experiments, the academy will close with the Pen Testing Trophy, where a victim machine will be subject to penetration testing by willing participants competing for a mysterious trophy.
Check the Program, Lectures details, Instructors, etc.
No Comments » | Events | Permalink
Posted by pjsousa
November 19th, 2009
IBWAS’09: Iberic Web Application Security, Dec 10-11, 2009.
Summary:
There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.
As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.
This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.
No Comments » | Committees, Events, Program | Permalink
Posted by pjsousa
March 28th, 2009
INForum 2009 – Computer and Communications Security Track, Sep 10-11, 2009.
Summary (in portuguese):
O INForum tem como objectivo ser um evento privilegiado de reunião da comunidade nacional nas diversas vertentes da informática e ambiciona ser o fórum de eleição para a divulgação, discussão e reconhecimento de trabalhos científicos. O INForum surge com particular oportunidade como palco para a estreia de jovens investigadores que buscam a divulgação, a crítica construtiva e o encorajamento ao seu trabalho.
O 1º INForum pretende ser abrangente e dinâmico no conjunto de tópicos abordados. Apresentará um conjunto de tópicos propostos e seleccionados anualmente, com sessões organizadas e realizadas de forma independente. Promove-se assim a massa crítica para o fortalecimento e evolução da informática no país criando-se, simultaneamente, espaço à evolução do contexto da conferência e fomentando a reunião de investigadores em áreas emergentes.
O 1º INForum decorrerá nos dias 10 e 11 de Setembro de 2009 na Faculdade de Ciências da Universidade de Lisboa.
No Comments » | Committees, Events, Program | Permalink
Posted by pjsousa
February 28th, 2009
DSN 2009: 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, June 29 – July 2, 2009.
Summary:
DSN is the chosen forum for researchers around the world, for presenting the very best research results, solutions to problems, and insight into emergent new challenges. DSN has pioneered the fusion between security and dependability, understanding the need to simultaneously fight against cyber attacks, accidental faults, design errors, and unexpected operating conditions.
No Comments » | Committees, Program | Permalink
Posted by pjsousa
February 18th, 2008
WRAITS 2008: 2nd Workshop on Recent Advances on Intrusion-Tolerant Systems, April 1st, 2008 (in conjunction with the European Conference on Computer Systems – EuroSys 2008).
Summary:
The 2nd Workshop on Recent Advances on Intrusion- Tolerant Systems aims to bring together researchers in the related areas of Intrusion Tolerance, Distributed Trust, Survivability, Byzantine Fault Tolerance, and Resilience. These areas have the purpose of enhancing the Dependability and Security of computer systems by tolerating both malicious faults (attacks, intrusions) and accidental faults. The workshop will be specially interested in “intrusion-tolerant systems”: how to build them? How to evaluate and test their dependability and security? What systems need to be intrusion-tolerant? The workshop will provide a forum for researchers in these areas to present recent results, discuss open problems that still need research, the steps that need to be taken for intrusion-tolerant systems to be deployed in practice, and the target application domains for intrusion tolerance.
No Comments » | Committees, Program | Permalink
Posted by pjsousa