Angelo Prado

Angelo Prado


Angelo Prado is a Senior Product Security Manager at Salesforce.com and an independent security researcher. He has worked as a software and application security engineer for Salesforce, Microsoft, and Motorola. Mr. Prado has a proven record of leading engineering teams of highly trained product security engineers by providing effective application security and building a robust and respected security practice.

Mr. Prado is one of the leading contributors to BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext), a security exploit against SSL which leverages a compression side channel to derive secrets from the ciphertext in an HTTPS stream. As a thought leader of the security community, Mr. Prado frequently speaks at major conferences worldwide, including Black Hat USA, ToorCon, SecTor, Hacker Halted, TakeDownCon, Comillas University, and Georgetown University.

Angelo Prado holds a Master's degree in Computer Science from Universidad Pontificia Comillas, Madrid and has also attended University of Illinois at Urbana-Champaign. His passions and research include web application security, windows security, web browsers, machine learning, malware analysis and side channels. Some of Mr. Prado's recent disclosures include: "SSL, Gone in 30 Seconds -a BREACH Beyond CRIME" (US-CERT, MITRE: CVE-2013-3587) presented at Black Hat USA 2013 (Las Vegas). Resin Pro improperly performs Unicode transformations (US-CERT, NIST: CVE-2014-2966). Mail in Apple iOS6 allows remote attackers to spoof attachments (US-CERT, NIST: CVE-2012-3730). Microsoft Security Researcher Acknowledgments for Online Services (TechNet: 2012, 2013). Additional CVEs are pending assignment.

sessions with this speaker