Salvador Mendoza Blog

"Inadequate logic conveys weak designs: vulnerabilities"


My name is Salvador Mendoza, and I am security researcher; my opinions, projects and methodologies are mine. During these years, I learned that be secure is not a mental state, it is a complex process where each ramification conveys preventive fears and applied knowledges.

Thinking abstractly is the only way to be ahead of many things.

I am focusing in tokenization processes, mag-stripe information and embedded prototypes. I have presented on tokenization flaws and payment methods at Black Hat USA, DEF CON, DerbyCon, Ekoparty, BugCON, Troopers and 8.8 Conferences. Also I designed different tools to pentest mag-stripe information and tokenization processes. My designed toolset includes MagSpoofPI, JamSpay, TokenGetSamyKam and lately BlueSpoof.