Home > conferences > TOP 5 talks @ OWASP Poland

TOP 5 talks @ OWASP Poland

April 27th, 2009

I’ll be attending the OWASP conference in Poland next month, and I’ve already put together my TOP 5 list of talks:

  • The Truth about Web Application Firewalls: What the vendors do not want you to know by Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity. I’ve been doing some WAF research of my own, and I would like to hear what these guys have to say about WAF’s. I would like to know if Ivan Ristic is going to be there also… ;)
  • Advanced SQL injection exploitation to operating system full control by Bernardo Damele the creator of sqlmap. I know he’s been doing some excellent research on getting OS control from SQL injections, and I want to hear all about that.
  • When Security Isn’t Free: The Myth of Open Source Security by Rob Rachwald, Fortify. This seems to be “one of those talks” where the speaker is so tainted that you won’t believe one word… but… I want to hear what he is going to say.
  • Exploiting Web 2.0 – Next Generation Vulnerabilities by Shreeraj Shah, Blueinfy. It’s always nice to hear the latest XSS stuff ;)
  • I thought you were my friend Evil Markup, browser issues and other obscurities by Mario Heiderich, Business-IN. I’ll attend this talk mostly to meet Mario and hear what he has to say about evil markup (?).

Between talks, I’ll be idling around and giving some w3af T-Shirts away, so pay attention!

andres.riancho conferences , , , ,

  1. May 19th, 2009 at 14:24 | #1

    I am sorry, but I couldn’t be there. What did you think of the WAF presentation, by the way?

  2. May 19th, 2009 at 16:18 | #2

    The WAF presentation was pretty impressive, Sandro and Wendel created a tool that can identify most WAF’s, including the vendor, patch level, core ruleset, etc. using less than 10 HTTP requests. They also found several vulnerabilities to bypass WAF detection in both positive or negative security model.

  1. No trackbacks yet.