Archive for September, 2010

Ekoparty Security Conference 2010

September 23rd, 2010

Last week, the most important security conference of latin america was held in Buenos Aires where security specialists from all over the world had the chance to get involved with state-of-art techniques, vulnerabilities and tools in a relaxed environment. The sixth edition of ekoparty brought together over 850 security specialists from around the world in the most deep-knowledge technical conference of the region.

Among the lectures, Bonsai Information Security presented “Web Application Security Payloads”. This research led by Andres Riancho and Lucas Apa, exploits a new concept in a theorical and practical environment. Part of this research explores how to distinguish the system calls involved in a web application vulnerability and then leverage it’s power to get sensitive information in an automated way.

Lucas Apa & Andrés Riancho

ekoparty 2010 – Web Application Security Payloads

The “Web Application Security Payloads” implementation was developed as a part of the w3af framework, an Open Source Web application attack and audit framework developed by contributors around the world since 2007 and directed by Andrés Riancho.

Between some other long waited talks, Juliano Rizzo & Thai Duong presented “Padding Oracles Everywhere” where they easely exposed a 0day advanced technique to decrypt and tamper ASP.NET sensitive data.

lucas.apa bonsai, conferences, ekoparty, open source, security, w3af

Rapid7 partnership

September 5th, 2010
Comments Off

We’re excited to announce that Bonsai Information Security has partnered with Rapid7! This partnership will allow our company to expand it’s market in north america by leveraging Rapid7’s impressive growth in the last years.

This partnership was possible because of our constant search for excellence, our customer need driven approach to consulting and our service quality. More deals like this, and Bonsai will be soon named Oak!

andres.riancho bonsai, security , , , , , ,