OWASP NYC AppSec 2008 Conference-SPEAKER-Andres Riancho - Revision history

Andres.riancho at 22:58, 15 April 2009

2009-04-15T22:58:22Z

Andres.riancho: /* Andres Riancho - Bio */

2008-11-29T22:36:28Z

‎Andres Riancho - Bio

Andres.riancho at 17:19, 10 May 2008

2008-05-10T17:19:33Z

Andres.riancho: /* Small Biography of Andres Riancho */

2008-05-10T17:16:53Z

‎Small Biography of Andres Riancho

Andres.riancho: /* Small Biography of Andres Riancho */

2008-05-10T17:13:21Z

‎Small Biography of Andres Riancho

Andres.riancho: New page: == Small Biography of Andres Riancho == Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af proje...

2008-05-10T17:12:43Z

New page: == Small Biography of Andres Riancho == Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af proje...

New page

== [[Small Biography of Andres Riancho]] ==

Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of w3af in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.

@@ Line 1: / Line 1: @@
 == Andres Riancho - Bio ==
-Andres Riancho is an experienced penetration tester, information security researcher and developer. He is the project leader of the [http://w3af.sf.net/ w3af] project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of [http://w3af.sf.net/ w3af] in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.
+[http://www.bonsai-sec.com/ Andrés Riancho] is an information security researcher and founder of [http://www.bonsai-sec.com/ Bonsai], where he is mainly involved in [http://www.bonsai-sec.com/en/services/penetration-testing.php Penetration Testing] and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
 == Talk abstract ==

@@ Line 1: / Line 1: @@
 == Andres Riancho - Bio ==
-Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the [http://w3af.sf.net/ w3af] project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of [http://w3af.sf.net/ w3af] in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.
+Andres Riancho is an experienced penetration tester, information security researcher and developer. He is the project leader of the [http://w3af.sf.net/ w3af] project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of [http://w3af.sf.net/ w3af] in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.
 == Talk abstract ==

@@ Line 1: / Line 1: @@
 == Andres Riancho - Bio ==
-Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of w3af in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.
+Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the [http://w3af.sf.net/ w3af] project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of [http://w3af.sf.net/ w3af] in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.
 == Talk abstract ==
@@ Line 7: / Line 7: @@
 Web application auditing and exploiting is an art, but even art needs help of tools to make the process faster and more accurate. Right now open source tools like nikto, wapiti, pantera and others try to find vulnerabilities in web applications but lack many features and configuration options. Comercial tools have the features, at the expense of high product costs, and aren't as dynamic as open source projects.
-w3af ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and explotation of all web application vulnerabilities. The project objective is to become an open platform where anyone can contribute with code and new technics. w3af is extended using plugins that are fully written in python, right now the project has more than 80 plugins and 30K lines of code!
+[http://w3af.sf.net/ w3af] ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and explotation of all web application vulnerabilities. The project objective is to become an open platform where anyone can contribute with code and new technics. [http://w3af.sf.net/ w3af] is extended using plugins that are fully written in python, right now the project has more than 80 plugins and 30K lines of code!
-The framework is divided into three phases: discovery, audit and attack. All plugins smoothly communicate with each other and _work together_ to achieve the objective; w3af replaces standalone tools and makes web penetration testing as easy as possible; any wierd characteristic can be added as a plugin and consume all the features of the framework.
+The framework is divided into three phases: discovery, audit and attack. All plugins smoothly communicate with each other and '''work together''' to achieve the objective; w3af replaces standalone tools and makes web penetration testing as easy as possible; any wierd characteristic can be added as a plugin and consume all the features of the framework.
-w3af implements many exploit plugins and features to aid this process, not less important are the discovery and audit plugins that will find those vulnerabilities for you to exploit! w3af, one tool to rule them all.
+[http://w3af.sf.net/ w3af] implements many exploit plugins and features to aid this process, not less important are the discovery and audit plugins that will find those vulnerabilities for you to exploit! [http://w3af.sf.net/ w3af] one tool to rule them all.
 My talk will introduce this tool to new users, while showing it's features and the new GUI.

← Older revision		Revision as of 17:16, 10 May 2008
Line 1:		Line 1:
−	== ~~Small Biography of~~ Andres Riancho ==	+	== Andres Riancho - Bio ==

	Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of w3af in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.		Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of w3af in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.
		+
		+	== Talk abstract ==
		+
		+	Web application auditing and exploiting is an art, but even art needs help of tools to make the process faster and more accurate. Right now open source tools like nikto, wapiti, pantera and others try to find vulnerabilities in web applications but lack many features and configuration options. Comercial tools have the features, at the expense of high product costs, and aren't as dynamic as open source projects.
		+
		+	w3af ( Web Application Attack and Audit Framework ) is an open source project that aims to automate the detection and explotation of all web application vulnerabilities. The project objective is to become an open platform where anyone can contribute with code and new technics. w3af is extended using plugins that are fully written in python, right now the project has more than 80 plugins and 30K lines of code!
		+
		+	The framework is divided into three phases: discovery, audit and attack. All plugins smoothly communicate with each other and _work together_ to achieve the objective; w3af replaces standalone tools and makes web penetration testing as easy as possible; any wierd characteristic can be added as a plugin and consume all the features of the framework.
		+
		+	w3af implements many exploit plugins and features to aid this process, not less important are the discovery and audit plugins that will find those vulnerabilities for you to exploit! w3af, one tool to rule them all.
		+
		+	My talk will introduce this tool to new users, while showing it's features and the new GUI.

← Older revision		Revision as of 17:13, 10 May 2008
Line 1:		Line 1:
−	== [[Small Biography of Andres Riancho]] ==	+	== Small Biography of Andres Riancho ==

	Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of w3af in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.		Andres Riancho is an experienced penetration tester, information security researcher and programmer. He is the project leader of the w3af project; which aims to find and exploit all web application vulnerabilities. Since the public presentation of w3af in 2007, Andres has been invited to talk at international information security conferences in Europe, South America and North America.