Presented by

The OWASP Porto Chapter aims to promote application security in the Porto region through engagement with the local community, organizing meetings and events, and participating in projects.

Hosted By

42 Going

Tech

#11 Déjà vu

Name: #11 Déjà vu
Start: 2026-05-26T18:00:00.000+01:00
End: 2026-05-26T21:00:00.000+01:00
Location: Euronext Tech Center Porto

OWASP Porto

Euronext Tech Center Porto

Porto, Portugal

Welcome! To join the event, please register below.

You will be asked to verify token ownership with your wallet.

About Event

OWASP Porto Chapter meetup: #11 - Déjà vu, May 26th, 2026, 18:00.

With support from Euronext (Venue) and Jumo (Food and drinks).

Agenda:

18:00 - Intro and Welcome by the OWASP Porto chapter leadership
18:15 - Peeking Behind the Portal: Assessing E-Gov Security in Practice by Diogo Ribeiro
19:00 - Web browser fingerprinting and client defense techniques via web browser plugin by Pedro Correia
20:00 - Dinner and Drinks

Talks

Peeking Behind the Portal: Assessing E-Gov Security in Practice
by Diogo Ribeiro

Abstract: Modern e‑Government (E‑Gov) services are the digital front door to public administration, but how strong is that door really? This session presents a systematic approach to evaluating the security posture of online public services using well‑established tools such as nmap and testssl.sh. The analysis focuses on SSL/TLS configurations, certificate chains and their validation, exposed services, and common misconfigurations that may compromise the safety and trust of citizens interacting with these platforms. Drawing from large‑scale assessments of over 3,000 public services worldwide, the talk walks through both methodology and key findings, highlighting recurring weaknesses, cross‑regional patterns, and opportunities for improvement. During the session, the concept and structure of certificate chains will be explored in detail to clarify how trust is established (and broken) in practice. By the end of the session, attendees will gain actionable insights into the current state of E‑Gov security and learn how to conduct similar evaluations in their own environments. These links point to the publications that include the methodology and results mentioned in the abstract: Paper 1, Paper 2

Bio: Diogo Ribeiro is a researcher at INESC TEC and a PhD student at the University of Minho, specializing in digital identity and data consolidation. He also serves as an invited assistant at the same institution, teaching information security courses. He holds an integrated Master’s degree in Informatics Engineering from the University of Minho, with a focus on distributed systems and application engineering. As a researcher, he has published in conferences and journals on large-scale assessments of e-government security postures worldwide, identifying key vulnerabilities and remediation strategies to enhance citizen-facing online services. His research interests include digital identity, reputation systems, data fusion, cybersecurity, and zero-knowledge proofs.
Linkedin, Personal Website

Web browser fingerprinting and client defense techniques via web browser plugin
By Pedro Correia

Abstract: Online privacy has become an increasingly critical issue, particularly with the advancement of tracking techniques such as browser fingerprinting. While tools like AdBlock Plus and Privacy Badger provide protection against visible ads and trackers, they fall short in addressing sophisticated tracking methods, including fingerprinting. This work develops the Fingerprint Interception and Notification for Guarding User Rights (FINGER), a browser extension to address this gap. The extension is designed to intercept and analyze fingerprinting activities in live within the browser, allowing users to view and control these invasive practices. By employing techniques such as object property modification, proxy and method overriding, the extension detects fingerprinting patterns and provides alerts about potential tracking attempts. The results demonstrate that the extension is effective in identifying and managing fingerprinting techniques and tracking, addressing the limitations of existing tools. The study also highlights the extension's ability to surpass some built-in browser defenses, underscoring its significant contribution to online privacy protection.

Bio: Pedro Correia is an Information Security R&D Engineer at VORTEX-CoLab and a graduate of Universidade do Porto's Master's program in Information Security. With a diverse background spanning full-stack development , Android reverse engineering , and digital forensics, Pedro is passionate about building secure systems. He is a former Capture The Flag competitor with the university team XSTF and the creator of the privacy-enhancing Chrome extension, FINGER.
Linkedin

Location