Oscar Salazar is a Principal Product Researcher at Bishop Fox. In this role, he has experience with red teaming, application penetration testing, source code review, network penetration testing, secure software design, and product security reviews. He focuses on research and development of the Continuous Attack Surface Testing (CAST) platform. Oscar has presented at many of the leading security conferences including Black Hat USA, DEF CON, RSA, BSides, Hacker Halted, SyScan 360, and SAS. His research, particularly surrounding anti-anti-automation, has appeared in Wired, eWeek, Fox News, Threatpost, and Gigaom.
Additionally, he has been a featured speaker on the Dark Reading Radio series. Prior to joining Bishop Fox, Oscar served as a web security research engineer at Hewlett Packard's Application Security Center where he designed and developed security checks for the WebInspect web application security scanner. In addition, his research involved developing more effective methods of scanning web applications. Oscar holds a Bachelor of Science from Georgia Institute of Technology with a major in Computer Science and a focus on Networking and Security.
SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns
Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.
Expose Yourself Without Insecurity: Cloud Breach Patterns
Presentation from BSides Atlanta 2020 explores the unprecedented level of exposures in the Cloud and how they can be found.
Ghost In The Browser - Broad-Scale Espionage With Bitsquatting
Presentation from Kapersky SAS 2019 on an unfortunate side effect to achieving HTTPS everywhere and learn what can be done to mitigate the risk.
Pose a Threat: How Perceptual Analysis Helps Bug Hunters
Presentation from OWASP AppSec California 2019 offers up dirty tricks to optimize the hunt for security exposures.
This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.