Archive

Archive for the ‘ekoparty’ Category

Ekoparty Security Conference 2010

September 23rd, 2010

Last week, the most important security conference of latin america was held in Buenos Aires where security specialists from all over the world had the chance to get involved with state-of-art techniques, vulnerabilities and tools in a relaxed environment. The sixth edition of ekoparty brought together over 850 security specialists from around the world in the most deep-knowledge technical conference of the region.

Among the lectures, Bonsai Information Security presented “Web Application Security Payloads”. This research led by Andres Riancho and Lucas Apa, exploits a new concept in a theorical and practical environment. Part of this research explores how to distinguish the system calls involved in a web application vulnerability and then leverage it’s power to get sensitive information in an automated way.

Lucas Apa & Andrés Riancho

ekoparty 2010 – Web Application Security Payloads

The “Web Application Security Payloads” implementation was developed as a part of the w3af framework, an Open Source Web application attack and audit framework developed by contributors around the world since 2007 and directed by Andrés Riancho.

Between some other long waited talks, Juliano Rizzo & Thai Duong presented “Padding Oracles Everywhere” where they easely exposed a 0day advanced technique to decrypt and tamper ASP.NET sensitive data.

lucas.apa bonsai, conferences, ekoparty, open source, security, w3af