https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Marcos+Mateos+Garcia 2026-04-25T23:37:06Z User contributions MediaWiki 1.27.2 https://wiki.owasp.org/index.php?title=User:Marcos_Mateos_Garcia&diff=199726 2015-08-31T16:00:50Z

<p>Marcos Mateos Garcia: </p> <hr /> <div>Degree in Computer Science at Escuela Universitaria de Informática in Universidad Politécnica de Madrid.<br /> <br /> With more than 10 years of experience in IT sector, I have developed my career in the field of ICT security in the company Germinus (Grupo Gesfor). My speciality field in ICT security include penetration testing/ethical hacking, consulting on security policies, deployment of perimeter security systems (firewalls, anti-spam, content filtering solutions, high availability...), and methodologies for the secure software development.<br /> <br /> I am also the author of articles on ICT security publications (including SIC and Red@Seguridad Spanish magazines).<br /> <br /> Currently working as Security Consultant, mainly in projects related to ethical hacking and secure software development.</div>

Marcos Mateos Garcia https://wiki.owasp.org/index.php?title=OWASP_Forward_Exploit_Tool_Project&diff=97693 2010-12-23T17:57:19Z

<p>Marcos Mateos Garcia: </p> <hr /> <div>==== Main ====<br /> <br /> '''Welcome to the Forward Exploit Tool Project'''<br /> <br /> This project is intended to develop a tool to exploit [[Top_10_2010-A10 | OWASP Top Ten 2010 - A10: Unvalidated Redirects and Forwards]] vulnerability, focused in the unvalidated &quot;forwards&quot;.<br /> <br /> The main reason for the Forward Exploit Tool is that there is no tool for this fact, as far as I know. On the other hand, I have seen this problem in several applications that I've analysed in last times, besides this problem has been included in the recent OWASP Top Ten 2010.<br /> <br /> ==Overview==<br /> <br /> Unvalidated Forwards can be used to bypass access controls, specific or standard access control. For an automatized tool is difficult to exploit specific facts, but can work well with standard situations. <br /> So, the focus is standard access control in Java applications, like restricted directory /WEB-INF. Below this directory is all deployed application files: binary/compiled files, configuration, etc. In Java, compiled files (''class'') can be easily de-compiled to obtain source code.&lt;br&gt;<br /> The '''impact''': compromise all files, including source code, information hardcoded (credentials, SQL clauses, IP addresses, etc.). This is a '''high-critical impact'''.<br /> <br /> ==How it works==<br /> TBD<br /> <br /> ==Download==<br /> <br /> TBD<br /> [https://sourceforge.net/projects/forwardexploit/ Download from SourceForge]<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Forward Exploit Tool Project | Project About}}<br /> <br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> [[Category:OWASP_Project|Forward Exploit Tool Project]] [[Category:OWASP_Tool]][[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]]</div>

Marcos Mateos Garcia https://wiki.owasp.org/index.php?title=OWASP_Forward_Exploit_Tool_Project&diff=97676 2010-12-23T15:55:49Z

<p>Marcos Mateos Garcia: </p> <hr /> <div>==== Main ====<br /> <br /> '''Welcome to the Forward Exploit Tool Project'''<br /> <br /> This project is intended to develop a tool to exploit [[Top_10_2010-A10 | OWASP Top Ten 2010 - A10: Unvalidated Redirects and Forwards]] vulnerability, focused in the unvalidated &quot;forwards&quot;.<br /> <br /> The main reason for the Forward Exploit Tool is that there is no tool for this fact. On the other hand, I have seen this problem in several applications that I've analysed in last times, besides this problem has been included in the recent OWASP Top Ten 2010.<br /> <br /> <br /> ==Overview==<br /> <br /> TBD<br /> <br /> ==Download==<br /> <br /> TBD<br /> [https://sourceforge.net/projects/forwardexploit/ Download from SourceForge]<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Forward Exploit Tool Project | Project About}}<br /> <br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> [[Category:OWASP_Project|Forward Exploit Tool Project]] [[Category:OWASP_Tool]][[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]]</div>

Marcos Mateos Garcia https://wiki.owasp.org/index.php?title=OWASP_Forward_Exploit_Tool_Project&diff=95013 2010-12-03T10:27:21Z

<p>Marcos Mateos Garcia: </p> <hr /> <div>==== Main ====<br /> <br /> '''Welcome to the Forward Exploit Tool Project'''<br /> <br /> Description, why [[Top_10_2010 | OWASP Top Ten 2010 - A10: Unvalidated Redirects and Forwards ]], goal, etc.<br /> <br /> ==Overview==<br /> <br /> TBD<br /> <br /> ==Download==<br /> <br /> TBD<br /> [https://sourceforge.net/projects/forwardexploit/ Download from SourceForge]<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Forward Exploit Tool Project | Project About}}<br /> <br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> [[Category:OWASP_Project|Forward Exploit Tool Project]] [[Category:OWASP_Tool]][[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]]</div>

Marcos Mateos Garcia https://wiki.owasp.org/index.php?title=OWASP_Forward_Exploit_Tool_Project&diff=95005 2010-12-03T09:23:43Z

<p>Marcos Mateos Garcia: </p> <hr /> <div>==== Main ====<br /> <br /> '''Welcome to the Forward Exploit Tool Project'''<br /> <br /> Description, why [[Top_10_2010 | OWASP Top Ten 2010 - A10: Unvalidated Redirects and Forwards ]], goal, etc.<br /> <br /> ==Overview==<br /> <br /> TBD<br /> <br /> ==Download==<br /> <br /> TBD<br /> <br /> <br /> ==== Project About ====<br /> {{:Projects/OWASP Forward Exploit Tool Project | Project About}}<br /> <br /> <br /> __NOTOC__ &lt;headertabs /&gt;<br /> <br /> [[Category:OWASP_Project|Forward Exploit Tool Project]] [[Category:OWASP_Tool]][[Category:OWASP_Alpha_Quality_Tool|OWASP Alpha Quality Tool]]</div>

Marcos Mateos Garcia