???global.info.a_carregar???
José Fonseca. Concluiu o(a) Doutoramento em Engenharia Informática em 2011 pelo(a) Universidade de Coimbra Faculdade de Ciencias e Tecnologia, Mestrado em Engª Electrónica e Telecomunicações em 1997 pelo(a) Universidade de Aveiro e Licenciatura em Engª Electrónica e Telecomunicações em 1993 pelo(a) Universidade de Aveiro. É Professor Coordenador no(a) Instituto Politécnico da Guarda. Publicou 15 artigos em revistas especializadas. Possui 1 capítulo(s) de livros. Recebeu 1 prémio(s) e/ou homenagens. No seu currículo Ciência Vitae os termos mais frequentes na contextualização da produção científica, tecnológica e artístico-cultural são: Internet; program diagnostics; security of data; Web security; Web; vulnerabilities; diverse static analysis tools; free static analysis; tools; software development scenario; Complexity theory; Diversity; reception; Measurement; Security; Software; Tools; SQLi; XSS; static; analysis; vulnerability detection; Web services; client-server systems; program; diagnostics; CMS; OOP Web application plugins; PHP plugin; vulnerability identification; phpSAFE; security analysis tool; security; static code analyzer; systematic code review; third-party; server-side; plugins; Arrays; Context; Databases; Filtering; Static; web application plugins; content management; security of; data; SQL injection vulnerabilities; Web application plugin; content management system; cross site; scripting; false positive rates; static code analysis tools; Content; management; Manuals; Testing; Web pages; applications; static analysis; SQL; fault diagnosis; software fault; tolerance; SQL Injection attacks; VAIT; Web application security mechanism; evaluation; attack injection methodology; fault injection; intrusion; detection system; vulnerability injection; methodology; vulnerability-&-attack injector tool; Educational; institutions; Input variables; Probes; TV; fault; injection; internet applications; review and evaluation; software fault tolerance; source; code (software); SQL injection; Web application vulnerabilities; security vulnerabilities; attack injectors; code inspectors; field data; intrusion detection systems; realistic vulnerability; mechanisms; security patches; software faults; source code; static code; analyzers; vulnerability scanners; Awards; activities; Blogs; Java; languages; .
Read full resume ↓
Identification

Personal identification

Full name
José Fonseca

Citation names

  • Fonseca, José

Author identifiers

Ciência ID
121A-2ECF-01D7
ORCID iD
0000-0003-4710-9292

Languages

Language Speaking Reading Writing Listening Peer-review
Portuguese Advanced (C1) Advanced (C1) Advanced (C1) Advanced (C1)
English Advanced (C1) Advanced (C1) Advanced (C1) Advanced (C1)
French Beginner (A1) Beginner (A1) Beginner (A1) Beginner (A1)
Spanish; Castilian Intermediate (B1) Beginner (A1) Beginner (A1) Intermediate (B1)
Education
Degree Classification
2011
Concluded
 Engenharia Informática (Doutoramento)
Universidade de Coimbra Faculdade de Ciencias e Tecnologia, Portugal
"Evaluating the [In]security of Web Applications" (THESIS/DISSERTATION)
 Aprovado com Distinção e Louvor
1997
Concluded
 Engª Electrónica e Telecomunicações (Mestrado)
Universidade de Aveiro, Portugal
"SIIM - Sistema Informático de Imagiologia" (THESIS/DISSERTATION)
 Aprovado com Muito Bom
1993
Concluded
 Engª Electrónica e Telecomunicações (Licenciatura)
Universidade de Aveiro, Portugal
"Engª Electrónica e Telecomunicações" (THESIS/DISSERTATION)
 14
Affiliation

Teaching in Higher Education

Category
Host institution 		Employer
2018/12/03 - Current Teacher Coordinator (Polytechnic Teacher) Instituto Politécnico da Guarda, Portugal
1998/02/27 - 2018/12/02 Adjunct Teacher (Polytechnic Teacher) Instituto Politécnico da Guarda, Portugal
1993/11/18 - 1998/02/26 Assistant (Polytechnic Teacher) Instituto Politécnico da Guarda, Portugal
Outputs

Publications

Book chapter
  1. Jos? Fonseca; Marco Vieira. "A Survey on Secure Software Development Lifecycles". United States, 2013.
    10.4018/978-1-4666-3679-8.ch003
Conference paper
  1. Frédéric Bogaerts, C. G.; Ivaki, Naghmeh; Fonseca, José. "Using AI to Inject Vulnerabilities in Python Code". Paper presented in 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Porto, 2023.
    Published • 10.1109/dsn-w58399.2023.00060
  2. Fonseca, José. "On Combining Diverse Static Analysis Tools for Web Security: An Empirical Study". 2017.
    10.1109/EDCC.2017.16
  3. Fonseca, José. "phpSAFE: A Security Analysis Tool for OOP Web Application Plugins". 2015.
    10.1109/DSN.2015.16
  4. Fonseca, José. "A Practical Experience on the Impact of Plugins in Web Security". 2014.
    10.1109/SRDS.2014.20
Journal article
  1. Frédéric C. G. Bogaerts; Naghmeh Ivaki; José Fonseca. "A Taxonomy for Python Vulnerabilities". IEEE Open Journal of the Computer Society (2024): https://doi.org/10.1109/OJCS.2024.3422686.
    10.1109/OJCS.2024.3422686
  2. Nunes, Paulo; Medeiros, Ibéria; Fonseca, José; Neves, Nuno; Correia, Miguel; Vieira, Marco. "An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios". Computing 101 2 (2018): 161-185. http://dx.doi.org/10.1007/s00607-018-0664-z.
    10.1007/s00607-018-0664-z
  3. Paulo Nunes; Iberia Medeiros; Jose C. Fonseca; Nuno Neves; Miguel Correia; Marco Vieira. "Benchmarking Static Analysis Tools for Web Security". IEEE Transactions on Reliability 67 3 (2018): 1159-1175. https://doi.org/10.1109/TR.2018.2839339.
    10.1109/TR.2018.2839339
  4. Fonseca, José. "Evaluation of Web Security Mechanisms Using Vulnerability amp; Attack Injection". IEEE Transactions on Dependable and Secure Computing 11 5 (2014): 440-453.
    10.1109/TDSC.2013.45
  5. Fonseca, José. "Analysis of Field Data on Web Security Vulnerabilities". IEEE Transactions on Dependable and Secure Computing 11 2 (2014): 89-100.
    10.1109/TDSC.2013.37
  6. Alfaiate, J.; Fonseca, J.. "Bluetooth security analysis for mobile phones". Iberian Conference on Information Systems and Technologies, CISTI (2012): http://www.scopus.com/inward/record.url?eid=2-s2.0-84869078836&partnerID=MN8TOARS.
  7. Elia, I.A.; Fonseca, J.; Vieira, M.. "Comparing SQL injection detection tools using attack injection: An experimental study". Proceedings - International Symposium on Software Reliability Engineering, ISSRE (2010): 289-298. http://www.scopus.com/inward/record.url?eid=2-s2.0-79952033218&partnerID=MN8TOARS.
    10.1109/ISSRE.2010.32
  8. Fonseca, J.; Vieira, M.; Madeira, H.. "The web attacker perspective - A field study". Proceedings - International Symposium on Software Reliability Engineering, ISSRE (2010): 299-308. http://www.scopus.com/inward/record.url?eid=2-s2.0-79952024918&partnerID=MN8TOARS.
    10.1109/ISSRE.2010.21
  9. Fonseca, J.; Vieira, M.; Madeira, H.. "Vulnerability & attack injection for web applications". Proceedings of the International Conference on Dependable Systems and Networks (2009): 93-102. http://www.scopus.com/inward/record.url?eid=2-s2.0-70450078118&partnerID=MN8TOARS.
    10.1109/DSN.2009.5270349
  10. Seixas, N.; Fonseca, J.; Vieira, M.; Madeira, H.. "Looking at web security vulnerabilities from the programming language perspective: A field study". Proceedings - International Symposium on Software Reliability Engineering, ISSRE (2009): 129-135. http://www.scopus.com/inward/record.url?eid=2-s2.0-77951455398&partnerID=MN8TOARS.
    10.1109/ISSRE.2009.30
  11. Fonseca, J.; Vieira, M.; Madeira, H.. "Training security assurance teams using vulnerability injection". Proceedings of the 14th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2008 (2008): 297-304. http://www.scopus.com/inward/record.url?eid=2-s2.0-60349107378&partnerID=MN8TOARS.
    10.1109/PRDC.2008.43
  12. Fonseca, J.; Vieira, M.. "Mapping software faults with web security vulnerabilities". Proceedings of the International Conference on Dependable Systems and Networks (2008): 257-266. http://www.scopus.com/inward/record.url?eid=2-s2.0-53349172210&partnerID=MN8TOARS.
    10.1109/DSN.2008.4630094
  13. Fonseca, J.; Vieira, M.; Madeira, H.. "Online detection of malicious data access using DBMS auditing". Proceedings of the ACM Symposium on Applied Computing (2008): 1013-1020. http://www.scopus.com/inward/record.url?eid=2-s2.0-56749169851&partnerID=MN8TOARS.
    10.1145/1363686.1363921
  14. Fonseca, J.; Vieira, M.; Madeira, H.. "Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks". Proceedings - 13th Pacific Rim International Symposium on Dependable Computing, PRDC 2007 (2007): 365-372. http://www.scopus.com/inward/record.url?eid=2-s2.0-50049110333&partnerID=MN8TOARS.
    10.1109/PRDC.2007.63
  15. Fonseca, J.; Vieira, M.; Madeira, H.. "Detecting malicious SQL". Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 4657 LNCS (2007): 259-268. http://www.scopus.com/inward/record.url?eid=2-s2.0-37249092950&partnerID=MN8TOARS.
  16. Fonseca, J.; Vieira, M.; Madeira, H.. "Integrated intrusion detection in databases". Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 4746 LNCS (2007): 198-211. http://www.scopus.com/inward/record.url?eid=2-s2.0-38149127253&partnerID=MN8TOARS.
  17. Fonseca, J.; Vieira, M.; Madeira, H.. "Monitoring database application behavior for intrusion detection". Proceedings - 12th Pacific Rim International Symposium on Dependable Computing, PRDC 2006 (2006): 383-384. http://www.scopus.com/inward/record.url?eid=2-s2.0-40349093333&partnerID=MN8TOARS.
    10.1109/PRDC.2006.46
Distinctions

Award

2022 INNCYBER INNOVATION HUB
Altice Labs, Portugal
2009 William C. Carter Award
IEEE Computer Society, United States