Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Technical References Related to Prior Teaching Experience
Course Title: w3af ninja
Course Abstract: The w3af ninja training course is focused on manual and automated discovery and exploitation of web application vulnerabilities using w3af. During this course you’ll also learn how to write your own exploits, web application payloads and customized plugins in order to achieve your goals during a web application penetration test.
This course is an intense hands-on class in which you won’t stop learning for a minute. In each practice you will find vulnerabilities to discover and exploit, interesting plugin code snippets to analyze and modify and framework features that will help you automate your penetration testing work.
Course Syllabus (detailed)
Course Timeline (how the syllabus will be covered in the allotted timeframe and conform to coffee and meal breaks):
Cofee and meal break hours (subject to change by conference organization):
Day one, 12.05.2009
Pedagogic Methods Used to Teach Material (lecture, hands-on labs, demonstrations, group exercises, etc.): This one-day course combines lectures with increasingly difficult hands-on exercises designed to teach the attendee different ways to discover and exploit web application vulnerabilities. In the sections in which the attendee will create new exploits and plugins, the teaching methodology is “learn by example”, in which the trainer will show them how previous exploits work so they can write their own.
Student Requirements, experience/expertise: The course WON’T cover any introduction to the HTTP protocol, web application development nor web application vulnerabilities. The students MUST have a solid knowledge of web application security. Previous experience with w3af is desired but not required.
Student Requirements, equipment/software students must furnish (be very specific): One laptop with at least 1GB of RAM, Ethernet card, and a CD reader. The trainer will provide a live CD that will be used to perform all the hands-on exercises, so the laptop needs to be able to boot from the CD.
300 EUR Registration on workshops 2009