Home > conferences, security, w3af > CONFidence and OWASP – Poland

CONFidence and OWASP – Poland

CONFidence and OWASP Europe were great. The venue was amazing (it was my first time in Poland) and both conferences were perfectly organized. I would like to thank Andrzej Targosz, the CONFidence organizer, for all his help and support during both conferences, without his help, nothing of this would have happen.

This trip was completely different from my previous ones, because (among other things) I slept in a hostel in the same room with six guys from Slovakia, one from Singapore and one from Austria; and run the Capture the Flag for both conferences together with Jaroslaw Sajko.

In my previous posts I listed the talks that I was interested in, so now I’m going to use that as a base to talk about the conferences. Here are my thoughts about CONFidence:

  • Social engineering for penetration testers, by Sharon Conheady. It was one of the most interesting talks I’ve attended  in both conferences. She works as a social engineer, and her talk was interesting from the beginning to the end (hmm, maybe she social engineered me to blog this?).
  • Public transport SMS ticket hacking, by Pavol Luptak. At first I was expecting something related to hardware hacking, but Pavol (one of the six Slovaks from the hostel) showed us a way to cheat the SMS ticketing system using some easy software based tricks. Good job!
  • VAASeline: VNC Attack Automation Suite, by Rich Smith. Some friends attended this talk, and told me it was really good, but I had to be at the CTF booth because some bugs were found in one of the levels.

About OWASP Europe:

  • The Truth about Web Application Firewalls: What the vendors do not want you to know by Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity. This was by far the best talk in OWASP, I was really interested in this subject, and the speakers gave a great presentation. Sandro and Wendel showed the audience different ways to bypass WAF’s, and performed a demo of some tools that the have been working on.
  • Advanced SQL injection exploitation to operating system full control by Bernardo Damele the creator of sqlmap.    Bernardo’s presentation was both detailed and technical, he showed the audience how to gain OS access from SQL injections in different DBMS. Note to self: update the sqlmap version that runs in w3af.
  • When Security Isn’t Free: The Myth of Open Source Security by Rob Rachwald, Fortify. Failed to attend, this time, I think that I was talking with Sandro and Wendel about wafw00f ;)
  • Exploiting Web 2.0 – Next Generation Vulnerabilities by Shreeraj Shah, Blueinfy. Failed to attend (one more time).
  • I thought you were my friend Evil Markup, browser issues and other obscurities by Mario Heiderich, Business-IN. His presentation was awesome, he showed the audience a lot of little tricks that can be used to bypass different types of filters and execute javascript in the victim browser.

The talks were amazing, but as I always say… the real value of the these conferences is not in the talks, is in the people you meet there.

andres.riancho conferences, security, w3af , , , , , , ,

  1. No comments yet.
  1. No trackbacks yet.