In 2008, Miguel P. Correia and myself decided to write a book on software security. Two years (of really hard work) after, it is finally available!

The book covers many themes related to software security, namely:

• Vulnerabilities, Attacks and Intrusions
• Buffer overflows, Cross-site scripting, SQL injection
• Protecting against Copy and Modification of Software
• Software Testing and Attack Injection
• Static Code Analysis
• Dynamic Protection Mechanisms
• Virtualization
• Trusted Computing

More details about the book (in portuguese) can be found at its official website, at the publisher (FCA) website, and it can be bought online at FCA | FNAC | Wook

IBWAS’09: Iberic Web Application Security, Dec 10-11, 2009.

Summary:

There is a change in the information systems development paradigm. The emergence of Web 2.0 technologies led to the extensive deployment and use of web-based applications and web services as a way to developed new and flexible information systems. Such systems are easy to develop, deploy and maintain and demonstrate impressive features for users, resulting in their current wide use.

As a result of this paradigm shift, the security requirements have also changed. These web-based information systems have different security requirements, when compared to traditional systems. Important security issues have been found and privacy concerns have also been raised recently. In addition, the emerging Cloud Computing paradigm promises even greater flexibility; however corresponding security and privacy issues still need to be examined. The security environment should involve not only the surrounding environment but also the application core.

This conference aims to bring together application security experts, researchers, educators and practitioners from the industry, academia and international communities such as OWASP, in order to discuss open problems and new solutions in application security. In the context of this track academic researchers will be able to combine interesting results with the experience of practitioners and software engineers.

Cheap Intrusion-Tolerant Protection for CRUTIAL Things
Alysson Bessani, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo
Available as Technical Report DI/FCUL TR-2009-14.

INForum 2009 – Computer and Communications Security Track, Sep 10-11, 2009.

Summary (in portuguese):

O INForum tem como objectivo ser um evento privilegiado de reunião da comunidade nacional nas diversas vertentes da informática e ambiciona ser o fórum de eleição para a divulgação, discussão e reconhecimento de trabalhos científicos. O INForum surge com particular oportunidade como palco para a estreia de jovens investigadores que buscam a divulgação, a crítica construtiva e o encorajamento ao seu trabalho.

O 1º INForum pretende ser abrangente e dinâmico no conjunto de tópicos abordados. Apresentará um conjunto de tópicos propostos e seleccionados anualmente, com sessões organizadas e realizadas de forma independente. Promove-se assim a massa crítica para o fortalecimento e evolução da informática no país criando-se, simultaneamente, espaço à evolução do contexto da conferência e fomentando a reunião de investigadores em áreas emergentes.

O 1º INForum decorrerá nos dias 10 e 11 de Setembro de 2009 na Faculdade de Ciências da Universidade de Lisboa.

Ricardo Manuel dos Santos Neves Oliveira, Prometheus: Operational Optimization of Firewalls in Large Corporate Networks, Mestrado em Segurança Informática (University of Lisboa) & Master Of Science in Information Technology – Information Security (Carnegie Mellon University), December 2008.

Fábio Souto, Internals of Intrusion-tolerant Firewalls, BSc internship (Co-advised with Alysson Neves Bessani)

A System for Protecting CRUTIAL Things
[fast abstract]
Alysson Neves Bessani, Paulo Sousa, Miguel Correia, Nuno Ferreira Neves, Paulo Veríssimo
In EuroSys 2007, Fast Abstract, Lisbon, Portugal, March 2007.