Salvador Mendoza Blog

"Inadequate logic conveys weak designs: vulnerabilities"


My name is Salvador Mendoza, and I am security researcher; my opinions, projects and methodologies are mine. During these years, I learned that be secure is not a mental state, it is a complex process where each ramification conveys preventive fears and applied knowledges.

Thinking abstractly is the only way to be ahead of many things.

I am focusing in tokenization processes, mag-stripe information and embedded prototypes. I have presented on tokenization flaws and payment methods at Black Hat USA, DEF CON, DerbyCon, Ekoparty, BugCON and Troopers. Also I designed different tools to pentest mag-stripe and tokenization processes. My designed toolset includes MagSpoofPI, JamSpay, TokenGet and lately SamyKam.