Andrés Riancho is a Principal Security Researcher with 18 years of experience specializing in web application and cloud security, currently leading cybersecurity research at Vercel after senior roles at Wiz, Kavak and Wildlife Studios. He has a deep hands-on background in offensive research—discovering critical vulnerabilities in network appliances and hundreds of web apps—and has led the long-running open-source scanner w3af as well as contributed to widely used projects like moto and HTTPretty. Andrés blends research, engineering and product sensibilities: he implements performance and reliability fixes in core tooling, authors vulnerability detection features (e.g., XXE detection), and drives cloud-focused tooling and assessments for AWS environments. As a founder and former VP/Director at security teams and a consultancy owner, he pairs leadership and mentoring with practical remediation and automation experience. He’s a seasoned conference speaker and trainer with a global footprint, and an uncommon mix of deep exploit knowledge plus pragmatic cloud security architecture. Based in Martínez, Buenos Aires, he also holds executive security training (CMU CISO) and organizational coaching credentials.
18 years of coding experience
12 years of employment as a software developer
Organizational Coaching Program, Organizational Coaching Program at Universidad de 'San Andrés'
Electronic technician, Electronic technician at La Salle - Buenos Aires - Florida
Chief Information Security Officer (CISO) Certificate, Chief Information Security Officer (CISO) Certificate at Carnegie Mellon University
Computer Science, Computer Science at University of Buenos Aires
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Role in this project:
Back-end Developer & Security Engineer
Contributions:2 releases, 5 reviews, 6065 commits in 7 years 6 months
Contributions summary:Andres's contributions primarily focused on improving the security and performance of the web application attack and audit framework (w3af). They implemented performance enhancements in timestamp parsing, improved error handling and logging, and introduced new features, such as the ability to detect and report on vulnerabilities like XML External Entity (XXE) injection. Additionally, the user worked on enhancing the functionality of the existing plugins and addressing code quality issues.
Intercept HTTP requests at the Python socket level. Fakes the whole socket module
Role in this project:
Back-end Developer & QA Engineer / Test Automation Engineer
Contributions:5 commits, 5 PRs, 4 comments in 4 years 9 months
Contributions summary:Andres primarily contributed to the `httpretty` library by fixing bugs related to socket functionality and addressing specific issues reported in the repository. Their work involved modifying core Python code, particularly within the `httpretty/core.py` and `httpretty/compat.py` files, to ensure correct behavior when intercepting HTTP requests. Furthermore, the user added and modified tests to reproduce and resolve identified issues, demonstrating a focus on improving the library's reliability through unit testing, as seen in `tests/unit/test_httpretty.py`. The user also shows their abilities to resolve problems in the query string parsing.
decoratorspythonmockingmockpython2
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Andres Riancho - Principal Security Researcher at Vercel