This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "BeNeLux OWASP Day 2013"
| Line 186: | Line 186: | ||
<br> | <br> | ||
| + | <br> | ||
| + | |||
| + | <div id="TomVanGoethem"></div> | ||
| + | === Remote Code Exection in WordPress: an analysis, by Tom Van Goethem (PhD University Leuven) === | ||
| + | ''Abstract:''<br> | ||
| + | With over 13 million downloads, WordPress is one of the most popular open source blog platforms and content management systems. One of its key features is the installation of plugins. These are developed by third parties, but WordPress has to maintain its legacy codebase in order to remain compatible with these plugins. As this codebase makes use of unsafe functions, vulnerabilities may arise, affecting thousands websites - if not more. This presentation will focus on a vulnerability that has been present in WordPress versions up to September 2013. This vulnerability, which may lead to Remote Code Execution, was found by a simple combination of two publicly known elements: PHP Object Injection and unexpected behaviour of MySQL regarding Unicode characters. | ||
| + | <br> | ||
| + | <br> | ||
| + | ''Bio:''<br> | ||
| + | Tom Van Goethem is passionate about web security. After getting a master's degree of Applied Informatics, he enrolled in a PhD at the University of Leuven. As a student with a chronic drinking problem, he still found some time to hunt bugs for fun (and profit).<br> | ||
<br> | <br> | ||
<!-- | <!-- | ||
| − | <div id=" | + | <div id="TomVanGoethem"></div> |
| + | === Remote Code Exection in WordPress: an analysis, by Tom Van Goethem (PhD University Leuven) === | ||
| + | ''Abstract:''<br> | ||
| + | With over 13 million downloads, WordPress is one of the most popular open source blog platforms and content management systems. One of its key features is the installation of plugins. These are developed by third parties, but WordPress has to maintain its legacy codebase in order to remain compatible with these plugins. As this codebase makes use of unsafe functions, vulnerabilities may arise, affecting thousands websites - if not more. This presentation will focus on a vulnerability that has been present in WordPress versions up to September 2013. This vulnerability, which may lead to Remote Code Execution, was found by a simple combination of two publicly known elements: PHP Object Injection and unexpected behaviour of MySQL regarding Unicode characters. | ||
| + | <br> | ||
| + | <br> | ||
| + | ''Bio:''<br> | ||
| + | Tom Van Goethem is passionate about web security. After getting a master's degree of Applied Informatics, he enrolled in a PhD at the University of Leuven. As a student with a chronic drinking problem, he still found some time to hunt bugs for fun (and profit).<br> | ||
| + | <br> | ||
=== Body Armor for Binaries, by Asia Slowinska (Vrije Universiteit Amsterdam) === | === Body Armor for Binaries, by Asia Slowinska (Vrije Universiteit Amsterdam) === | ||
Revision as of 06:13, 11 October 2013
Welcome to OWASP BeNeLux 2013
The OWASP BeNeLux Program Committee
- Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
- Martin Knobloch / Ferdinand Vroom, OWASP Netherlands
- Jocelyn Aubert / Andre Adelsbach/ Thierry Zoller, OWASP Luxembourg
Tweet!
Event tag is #owaspbnl13
Donate to OWASP BeNeLux
<paypal>BeNeLux OWASP Day 2013</paypal>
OWASP BeNeLux training day and conference are free!
Registration is not yet open:
To support the OWASP organisation, consider to become a member, it's only US$50!
Check out the Membership page to find out more.
Venue is
Parking & roadmap:
There is a public parking close to the conference venue.
Roadmap and parking:
Hotels nearby:
Conferenceday, November 29th
Location
TBD (for details, check the Venue tab)
Agenda
| Time | Speaker | Topic |
|---|---|---|
| 09h00 - 10h00 | Registration | |
| 10h00 - 10h15 | OWASP Benelux Organization | Welcome |
| 10h15 - 10h30 | TBD | OWASP update |
| 10h30 - 11h10 | TBD | Title Abstract: |
| 11h10 - 11h50 | TBD | Title Abstract: |
| 11h50 - 12h30 | TBD | Title Abstract: |
| 12h30 - 13h30 | Lunch | |
| 13h30 - 14h10 | TBD | Title Abstract: |
| 14h10 - 14h50 | TBD | Title Abstract: |
| 14h50 - 15h30 | TBD | Title Abstract: |
| 15h30 - 15h50 | Break | |
| 15h50 - 16h30 | TBD | Title Abstract: |
| 16h30 - 17h10 | TBD | Title Abstract: |
| 17h10 - 17h50 | TBD | Panel Discussion about... |
| 17h50 - 18h00 | OWASP Benelux 2013 organization | Closing Notes |
Remote Code Exection in WordPress: an analysis, by Tom Van Goethem (PhD University Leuven)
Abstract:
With over 13 million downloads, WordPress is one of the most popular open source blog platforms and content management systems. One of its key features is the installation of plugins. These are developed by third parties, but WordPress has to maintain its legacy codebase in order to remain compatible with these plugins. As this codebase makes use of unsafe functions, vulnerabilities may arise, affecting thousands websites - if not more. This presentation will focus on a vulnerability that has been present in WordPress versions up to September 2013. This vulnerability, which may lead to Remote Code Execution, was found by a simple combination of two publicly known elements: PHP Object Injection and unexpected behaviour of MySQL regarding Unicode characters.
Bio:
Tom Van Goethem is passionate about web security. After getting a master's degree of Applied Informatics, he enrolled in a PhD at the University of Leuven. As a student with a chronic drinking problem, he still found some time to hunt bugs for fun (and profit).
Social Event, November 28th
TBD
Capture the Flag!
- Do you like puzzles?
- Do you like challenges?
- Are you a hacker?
Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux 2013 and participate in the Capture the Flag event November 29th 2013.
The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.
All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.
So come, show off your skills, learn new tricks and above all have a good time at the CTF event.
Become a sponsor of OWASP BeNeLux
Donate to OWASP BeNeLux
<paypal>BeNeLux OWASP Day 2013</paypal>
Promotion
Feel free to use the text below to promote our event!
We invite you to our next OWASP event: the BeNeLux OWASP Days 2013!
Free your agenda on the 28th and 29th of November, 2013.
The good news: free! No fee!
The bad news: there are only 280 seats available (first register, first serve)!
Made possible by our Sponsors
