Angelo Prado

Angelo Prado is a Director, Product Security Manager at Salesforce.com and an independent security researcher. He has worked as a software and application security engineer for Salesforce, Microsoft, and Motorola. Mr. Prado has a proven record of leading engineering teams of highly trained product security engineers by providing effective application security and building a robust and respected security practice. He is directly responsible for launching and managing one of the largest bug bounty programs in the industry. Mr. Prado is one of the leading contributors to BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext), a security exploit against SSL which leverages a compression side channel to derive secrets from the ciphertext in an HTTPS stream. As a thought leader of the security community, Mr. Prado frequently speaks at major conferences worldwide, including Black Hat USA, Black Hat Asia, ToorCon, SecTor, Hacker Halted, TakeDownCon, SC Congress, Comillas University, and Georgetown University. Angelo Prado holds a Master's degree in Computer Science from Universidad Pontificia Comillas, Madrid, where he currently teaches a graduate class (Master's Degree in Security & Telecommunications Engineering) as an associate professor. He has also attended University of Illinois at Urbana-Champaign. His passions and research include web application security, windows security, web browsers, machine learning, malware analysis and side channels. Some of Mr. Prado's recent disclosures include: "SSL, Gone in 30 Seconds -a BREACH Beyond CRIME" (US-CERT, MITRE: CVE-2013-3587) presented at Black Hat USA 2013 (Las Vegas). "Browsers Gone Wild" presented at Black Hat Asia 2015 (Singapore). Resin Pro improperly performs Unicode transformations (US-CERT, NIST: CVE-2014-2966). Mail in Apple iOS6 allows remote attackers to spoof attachments (US-CERT, NIST: CVE-2012-3730). Microsoft Security Researcher Acknowledgments for Online Services (TechNet: 2012, 2013, 2015). Internet Explorer Information Disclosure Vulnerability (CVE-2015-2414).

Appearing at:

Fad or Future? Getting Past the Bug Bounty Hype