Federico De Meo

I’m a computer scientist with focus on security engineering, the art and craft of finding security gaps and proposing security controls. I am currently a Security Engineer at Amazon and previously at Arduino.

I hold a Ph.D. in Computer Science from the University of Verona, where my research focused on developing a formal model to identify complex attacks on web applications. The result of my thesis was published in the “Journal of Computer Security”. This experience was an invaluable opportunity to enable the development of my analytical skills while gaining a deeper, and philosophical understanding, of cybersecurity.

Find me on and .

• 2022-07-18
  The "First Secret" Problem
• 2019-06-10
  Web Application Formal Exploiter: a formal and automated approach to exploit multiple vulnerabilities of web applications
• 2019-02-27
  D-Link DVA-5592 missing authentication check [CVE-2019-6969] D-Link DVA-5592 Self XSS [CVE-2019-6968] Alcatel LINKZONE no authentication control whatsoever [CVE-2019-7163]
• 2018-10-25
  Project Dribble: hacking Wi-Fi with cached JavaScript

• The Etiology of Cybersecurity (Michele Ambrosi, Marco Rocchetto, Mattia Pacchin, Francesco Beltramini, Oliviero Nardi and Federico De Meo) CIMSS 2022
• A formal and automated approach to exploiting multi-stage attacks of web applications. (Federico De Meo and Luca Vinganò) Journal of Compututer Security, (2020)
• Mobster: A model-based security testing framework for web applications. (Michele Peroli, Federico De Meo, Luca Viganò, and Davide Guardini.) Software Testing, Verification and Reliability (2017)
• A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications. (Federico De Meo and Luca Viganò) ESSoS (2017)
• Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection. (Federico De Meo, Marco Rocchetto and Luca Viganò) STM (2016)