WXf: Web Exploitation Framework - Revision history

Mark.bristow: /* The speakers */

2010-11-08T03:45:35Z

‎The speakers

Ken Johnson at 21:22, 29 October 2010

2010-10-29T21:22:55Z

Mark.bristow: /* The speakers */

2010-10-21T01:11:33Z

‎The speakers

Mark.bristow: /* The speaker */

2010-10-20T21:32:40Z

‎The speaker

Dallendoug: added link header

2010-09-21T05:05:19Z

added link header

Mark.bristow: Created page with '== The presentation == rightThe web application security field has seen a large expansion in the last decade. In that time the amount of communi…'

2010-09-16T22:12:40Z

Created page with '== The presentation == rightThe web application security field has seen a large expansion in the last decade. In that time the amount of communi…'

New page

== The presentation ==

[[Image:Owasp_logo_normal.jpg|right]]The web application security field has seen a large expansion in the last decade. In that time the amount of community participation has significantly increased, however, efforts have become increasingly discontigous.

Several web application security centric frameworks have come and gone that were intended to address this challenge. The goal of Web Exploitation Framework (wXf) is to take the experience of using these tools, the perceived shortcomings and build something that is easy to use, install and extend.

Web Exploitation Framework (“wXf”) is written in Ruby and was originally an idea as a module for Rapid 7’s Metasploit but the idea quickly outgrew a network exploitation framework. Instead, we designed a core that focuses on the web standards along with exploits & payloads designed specifically for defeating web application protections. wXf maintains somewhat of the look and feel of Metasploit but the code is entirely different. Our goal is to have a security professional familiar with the Metasploit framework using wXf in under 10 minutes.

== The speaker ==

Speaker bio will be posted shortly.

[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

@@ Line 15: / Line 15: @@
 Ken Johnson is a Senior Application Security Consultant with FishNet Security performing dynamic analysis, source code analysis and web application penetration testing. Ken has worked for both government and corporate organizations both at home and abroad.
-Chris Gates (CG/carnal0wnage) is currently the Network Attack Team Lead for Applied Security Inc. and is a member of the Metasploit Project and Attack Research.  He enjoys business logic flaws, misconfigured databases and the occasional client-side attack.  He has spoken at various other security conferences including BlackHat USA, Defcon, CSI 2009, Brucon, SOURCE Boston, Toorcon, Notacon, and Chicagocon.
+Chris Gates (CG/carnal0wnage) is a member of the Metasploit Project and Attack Research.  He enjoys business logic flaws, misconfigured databases and the occasional client-side attack.  He has spoken at various other security conferences including BlackHat USA, Defcon, CSI 2009, Brucon, SOURCE Boston, Toorcon, Notacon, and Chicagocon.
 [[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

@@ Line 13: / Line 13: @@
 == The speakers  ==
-Ken is a Senior Application Security Consultant with FishNet Security performing dynamic analysis, source code analysis and web application penetration testing. Ken Johnson has worked for both government and corporate organizations both at home and abroad.
+Ken Johnson is a Senior Application Security Consultant with FishNet Security performing dynamic analysis, source code analysis and web application penetration testing. Ken has worked for both government and corporate organizations both at home and abroad.
 Chris Gates (CG/carnal0wnage) is currently the Network Attack Team Lead for Applied Security Inc. and is a member of the Metasploit Project and Attack Research.  He enjoys business logic flaws, misconfigured databases and the occasional client-side attack.  He has spoken at various other security conferences including BlackHat USA, Defcon, CSI 2009, Brucon, SOURCE Boston, Toorcon, Notacon, and Chicagocon.

@@ Line 13: / Line 13: @@
 == The speakers  ==
-Ken Johnson's bio will be posted shortly.
+Ken is a Senior Application Security Consultant with FishNet Security performing dynamic analysis, source code analysis and web application penetration testing. Ken Johnson has worked for both government and corporate organizations both at home and abroad.
 Chris Gates (CG/carnal0wnage) is currently the Network Attack Team Lead for Applied Security Inc. and is a member of the Metasploit Project and Attack Research.  He enjoys business logic flaws, misconfigured databases and the occasional client-side attack.  He has spoken at various other security conferences including BlackHat USA, Defcon, CSI 2009, Brucon, SOURCE Boston, Toorcon, Notacon, and Chicagocon.

← Older revision		Revision as of 05:05, 21 September 2010
Line 1:		Line 1:
		+	[[Image:468x60-banner-2010.gif\|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
		+
		+	[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] \| [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] \| [http://www.dcconvention.com/ Walter E. Washington Convention Center]
		+	<br>
	== The presentation ==		== The presentation ==

@@ Line 11: / Line 11: @@
 Web Exploitation Framework (“wXf”) is written in Ruby and was originally an idea as a module for Rapid 7’s Metasploit but the idea quickly outgrew a network exploitation framework. Instead, we designed a core that focuses on the web standards along with exploits & payloads designed specifically for defeating web application protections. wXf maintains somewhat of the look and feel of Metasploit but the code is entirely different. Our goal is to have a security professional familiar with the Metasploit framework using wXf in under 10 minutes.
-== The speaker  ==
+== The speakers  ==
 [[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]