Archive for April, 2009

TOP 3 talks @ Confidence – Poland

April 28th, 2009

Following the spirit of the previous post regarding the interesting talks at OWASP Poland, here is the list of talks I find interesting at CONFidence:

  • Social engineering for penetration testers, by Sharon Conheady. I always enjoy the social engineering talks. It’s like learning Jedi mind control tricks!
  • Public transport SMS ticket hacking, by Pavol Luptak. Hardware hacking is something I won’t be able to in my life, and that is why I find it so interesting.
  • VAASeline: VNC Attack Automation Suite, by Rich Smith. Are they really so many VNC servers out there? Was it really necessary to build VAASeline? I want my answers, so I’ll be there :)

The whole conference line-up sounds interesting, and I’m sure I’ll enjoy it a lot. See you there!

andres.riancho conferences , , ,

TOP 5 talks @ OWASP Poland

April 27th, 2009

I’ll be attending the OWASP conference in Poland next month, and I’ve already put together my TOP 5 list of talks:

  • The Truth about Web Application Firewalls: What the vendors do not want you to know by Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity. I’ve been doing some WAF research of my own, and I would like to hear what these guys have to say about WAF’s. I would like to know if Ivan Ristic is going to be there also… ;)
  • Advanced SQL injection exploitation to operating system full control by Bernardo Damele the creator of sqlmap. I know he’s been doing some excellent research on getting OS control from SQL injections, and I want to hear all about that.
  • When Security Isn’t Free: The Myth of Open Source Security by Rob Rachwald, Fortify. This seems to be “one of those talks” where the speaker is so tainted that you won’t believe one word… but… I want to hear what he is going to say.
  • Exploiting Web 2.0 – Next Generation Vulnerabilities by Shreeraj Shah, Blueinfy. It’s always nice to hear the latest XSS stuff ;)
  • I thought you were my friend Evil Markup, browser issues and other obscurities by Mario Heiderich, Business-IN. I’ll attend this talk mostly to meet Mario and hear what he has to say about evil markup (?).

Between talks, I’ll be idling around and giving some w3af T-Shirts away, so pay attention!

andres.riancho conferences , , , ,

Two different trainings @ Confidence – Poland

April 22nd, 2009

Well, it seems that I’m going to be traveling a lot this year ;) I’ve just talked with the CONFidence conference organizers and we decided that it would be nice to deliver two different trainings at CONFidence:

Both trainings are hands on, and will be 7 hours long (with a one hour meal break in between), the prices are really affordable, only 300€ each, so I expect a crowded class. Please register early because the seats are limited!

I’m really looking forward to the w3af training, it’s going to be the first time I deliver that particular training at a conference. The adrenaline rush will be higher than usual, as I see more and more people getting interested in w3af as an every-day tool that they can use during their penetration test engagements.

admin conferences , , ,


April 20th, 2009

This saturday (April 25th) I’m going to be delivering a small presentation about w3af at FLISOL. The presentation is going to be a project introduction, and will contain a lot of demos.

FLISOL is the acronym of the Latin American Festival of Installation of Free Software is the largest event of diffusion of free software that is made since 2005 in different countries simultaneously. In 2008 involved more than 200 cities in 18 countries of Latin America.

It is an opportunity for all those interested in learning more about the operating system GNU / Linux and free software. Participating is possible to contact the world of free software, meet others, to resolve doubts and questions, share opinions and experiences, to attend lectures and other activities.

Once again, Bonsai is supporting the Open Source initiative!

andres.riancho open source , , , , , ,

w3af talk @ OWASP Poland

April 17th, 2009

I’m going to be talking about w3af at OWASP Poland next May 2009. If you still haven’t heard about w3af, this is your opportunity! In this talk Andrés will talk about the framework features and how to use them to identify most web application vulnerabilities.

andres.riancho w3af , ,