#03 Is a Strike – OWASP Porto

Agenda

18:00 Intro and Welcome by the OWASP Porto chapter leadership

18:15 CVSS v4 – A Better Version of an Imperfect Solution — Mário Leitão-Teixeira

19:00 Searching data on remote encrypted storages with privacy requirements — António Pinto

20:00 Drinks & Dinner

Talks

CVSS v4 – A Better Version of an Imperfect Solution

Mário Leitão-Teixeira LinkedIn ↗

The Common Vulnerability Scoring System (CVSS) is the number-one standard for attributing criticality scores to vulnerabilities, helping organizations properly assess and prioritize their Vulnerability Management processes. Today, it plays a fundamental role in organizations and project maintainers worldwide, especially with the general adoption of CVE and NVD. We will explore key aspects of the new CVSS v4, the challenges it intends to solve, and some persisting limitations — one major challenge being how to optimize its pivotal role in Vulnerability Management. Looking forward, the talk discusses the future landscape and opens questions for the journey ahead.

Speaker Bio

Mário works as an AppSec Analyst at Checkmarx. 'Vulnerability' is part of his daily vocabulary. He dubs himself a 'self-certified idiot' because he loves learning and hatching ideas — kickstarting a team initiative to keep on the pulse of InfoSec. He contributed to the AppSec Village at RSAC in San Francisco and is currently studying for the CEH certification.

Searching data on remote encrypted storages with privacy requirements

António Pinto LinkedIn ↗

A combined adoption of cloud-based infrastructure and the requirements imposed by legislation such as the GDPR create momentum for greater adoption of data encryption. When remote data confidentiality is required, the candidate solution is to encrypt all data before transferring it to a remote cloud storage service. If searching within this remotely stored data is required, the simplest approach transfers all data back to the client for decryption — presenting efficiency and performance problems. This talk presents the concept of searchable encryption of remotely stored encrypted data, addressing the related concepts of trapdoor, index, reverse index, and the performance cost of these operations.

Speaker Bio

António Pinto has a PhD from Porto University (2010). Currently a Professor (Professor Coordenador com Agregação) at ESTG of the Polytechnic Institute of Porto, he teaches computer networks, data privacy, ethical hacking, and digital forensics. He is also a researcher at CRACS/INESC TEC. He has published 50+ papers, participated in 10+ research projects including European projects, and holds ISO 27001 Lead Implementer and ISO 27001 Lead Auditor certifications.

Photos