Profile
He has 8 years of experience in the security field, specializing in penetration testing for APIs and web applications, complemented by extensive experience in mobile device security, physical IoT devices, corporate networks, and cloud infrastructure. His career began as a backend and blockchain developer, later transitioning into key roles in defensive security and pentesting, particularly in the banking and e-commerce sectors.
He holds several security certifications and has completed specialized training such as CAPEN, CNPEN, eJPT, Zephyr, DFIR, and Azure hacking, which complement his bachelor’s degree in Information Technology Security. His achievements include collaborating on mathematical research related to cryptographic algorithms, developing custom cybersecurity tools and exploits, conducting penetration tests aligned with certifications and standards such as PCI, and designing and delivering internal training programs on secure software development, PCI DSS compliance, penetration testing, and the use of artificial intelligence.
Workshop:
Bugged Bar: Advanced Web Hacking
This workshop is designed for anyone interested in cybersecurity who wants to take their skills to the next level.
Throughout the session, we will explore the digital bar “Bugged Bar”, an environment specially crafted to develop your offensive capabilities, where every drink represents a real vulnerability. We will dive into modern attack vectors, including design and implementation flaws in applications, analyzing their real-world impact and root causes.
Workshop Contents
- Understanding how modern web applications are structured and operate.
- Efficient use of BurpSuite and its advanced modules.
- Hands-on exploitation of real vulnerabilities such as business logic flaws, authentication issues, race conditions, SQL Injection, XSS, SSRF, and more.
- Evaluation of API design and security controls.
- Building custom scripts and BurpSuite extensions to automate offensive testing.