This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP NYC AppSec 2008 Conference-SPEAKER-Yiannis Pavlosoglou

From OWASP
Revision as of 20:22, 11 May 2008 by Yiannis (talk | contribs) (New page: == Yiannis Pavlosoglou - short bio == There is a world of numbers, hiding behind letters, inside computers that stimulates the brain of Yiannis. Currently, he is focusing on research rela...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Yiannis Pavlosoglou - short bio

There is a world of numbers, hiding behind letters, inside computers that stimulates the brain of Yiannis. Currently, he is focusing on research relating to coding standards, practices and ways of exploiting development code. This focus entails the breaking and making of client-side standalone, as well as server-side web applications.

As such things need doing for a living and can take their toll, he holds the position of Senior Director in EMEA for Ounce Labs, based in London. His area of expertise is in source code audits, bytecode interpretations and reverse engineering. He has performed a number of source code audits and application security assessments on an international level.

JBroFuzz 0.1 - 1.1: The History of Building a Java Fuzzer for Web Applications

The process of creating a stable and functional fuzzing tool for web applications, when examined in greater detail holds a number of caveats. With the ever-growing need for reliable penetration testing tools, JBroFuzz in its short history, has been designed with the key objective of being able to fuzz the web.

This talk aims to cover the evolution of development of this application, starting from the architectural design criteria, to the definition of fuzzers and generators, encompassing also the graphical user interface. Key areas covered will include:

  • Designing fuzz categories (OWASP Testing Guide v2)
    • Recursive fuzzing
    • Replasive fuzzing
  • How to build a core java fuzzing framework
    • The need for BigInteger
    • Fuzzers are iterators
  • Limitations in implementing default HTTP/S connections
    • Why not use a HTTP Commons implementation
    • Calculating POST length re-writes
  • GUI Design
    • Sticking to Swing and AWT
    • Building a standalone application
  • Expanding JBroFuzz
    • What is inside the jar file
    • Implement your own fuzzer by extending JBroFuzz

This presentation will be interactive, with a number of demonstrations, relating to JBroFuzz's functionality and operation.

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou&oldid=29254"