Andrés Riancho is an information security researcher and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Technical References Related to Prior Teaching Experience
Course Title: Discovery and exploitation of web application vulnerabilities
Course Abstract: This training course focus is on manual and automated, discovery and exploitation of web application vulnerabilities. During this course you are going to go through a series of lectures followed by hands on practice. In each practice you will find vulnerabilities to exploit, each with a different level of complexity, which will defy your understanding of the subject. After the hands on practice, a small lecture on how the vulnerability is fixed is presented, together with common errors introduced by developers in that process.
The training will also teach you how to use the most advanced tools used by professionals in the field, like w3af (developed by the trainer), the burp suite, sqlmap and many others.
Course Syllabus (detailed)
Course Timeline (how the syllabus will be covered in the allotted timeframe and conform to coffee and meal breaks):
Cofee and meal break hours (subject to change by conference organization):
Day one, 13.05.2009
Pedagogic Methods Used to Teach Material (lecture, hands-on labs, demonstrations, group exercises, etc.): This one-day course combines lectures with increasingly difficult hands-on exercises designed to teach the attendee different ways to discover and exploit web application vulnerabilities.
Student Requirements, experience/expertise: The course won’t cover an introduction to the HTTP protocol basis nor basic web application development, knowledge on these subjects is desired. The students should have a solid knowledge of general security subjects, and at least one year experience in a technical position related to any of the subjects in the syllabus.
Student Requirements, equipment/software students must furnish (be very specific): One laptop with at least 1GB of RAM, Ethernet card, and a CD reader. The trainer will provide a live CD that will be used to perform all the hands-on exercises, so the laptop needs to be able to boot from the CD.
Minimum Number of Students Required to Delivery Course: 7
Maximum Number of Students That Can be accommodated in Course: 15
300 EUR Registration on workshops 2009