Open Source Projects
- Author of Tinfoleak
- Co-author and reviewer of OWASP Testing Guide v2.0
- Contributor of ISSAF (Information System Security Assessment Framework) Project v0.2.1A
- Contributor of OSSTMM (Open Source Security Testing Methodology Manual) v2.1
Security-related articles
- «OWASP Top 10 2013: actualización de los riesgos más extendidos asociados a las aplicaciones web«.
SIC Magazine #106. September 2013
- «Android reverse engineering: and introductory guide to malware analysis«.
Hakin9 Vol. 2 No. 3. June 2013
- «Controles técnicos de seguridad para la protección de aplicaciones Web«.
SIC Magazine #94. April 2011
- «METPROSEG en RSI: construir la seguridad en el proceso de desarrollo desde unos cimientos sólidos«.
SIC Magazine #85. June 2009
- «Desarrollos (inseguros) de software: panorama actual«.
RedSeguridad Magazine. September 2007
- «MX Injection: Capturing and Exploiting Hidden Mail Servers«.
Web Application Security Consortium. December 2006
- «Análisis de redes wireless: Medidas de seguridad«.
ISECLab #6. September 2005
- «Análisis de redes wireless: Herramientas y técnicas de ataque«.
ISECLab #5. July 2005
- «(In)seguridad en las aplicaciones Web«.
SIC Magazine #65. June 2005
- «Control sobre dominios: gestión y recomendaciones«.
SIC Magazine #55. June 2003
Security Advisories
- Vicente Aguilera Diaz (vaguilera) is listed in Barracuda Networks Bug Bounty Hall of Fame.
- Vicente Aguilera Diaz is credited by Oracle for finding vulnerabilities related to Oracle Critical Patch Update in January 2007 and April 2007.
- «Reflected XSS vulnerability in Boxcryptor«.
February 2014
- «SQL Injection vulnerability in «Project’Or RIA» allow arbitrary access to the database and the file system«. CVE-2013-6164.
July 2013
- «Facebook HTML and Script code injection vulnerability«.
March 2013
- «CSRF vulnerability in LinkedIn«.
March 2013
- «XSS vulnerability in LinkedIn«.
March 2013
- «Facebook social network vulnerable to CSRF«.
August 2011
- «Facebook social network vulnerable to Open Redirect«.
July 2011
- «Reflected XSS in the login process of the Atmail WebMail < v6.1.9«.
September 2010
- «XSS in Oracle Portal Database Access Descriptor«.
August 2010
- «Gmail vulnerable to automated password cracking«.
July 2009
- «CSRF vulnerability in Gmail service«.
August 2007
- «Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS«. CVE-2007-0275.
January 2007
- «IMAP/SMTP Command Injection in Hastymail«. CVE-2006-5262. CVE-2006-5313.
September 2006
- «XSS vulnerability in error page of ISMail«. CVE-2006-6364.
September 2006
- «IMAP/SMTP Command Injection in SquirrelMail«. CVE-2006-0377.
January 2006
Other contributions
- Contributor of OWASP Top 10 2010 Spanish Translation
- Coordinator of WASC Threat Classification v1.0 Spanish Translation