[ :: mainpage :: register :: conference :: training :: call for papers (CFP) :: the venue ]
[ :: capture the flag (CTF) :: press/media :: conference agenda :: contact us ]
[ :: forum :: sponsors :: past conferences :: conference kit (PDF) ]

Fyodor Yarochkin (Co-Author, XProbe)

Filed under: Main Page — Administrator @ 4:32 pm

May 16, 2006

Presentation Title: Yet Another Web Application Testing Toolkit (YAWATT)
Presentation Detail:

Fyodor and Meder will present the results of their research in the area of automated web application security testing. YAWAT was created due to the fact that the existing automated web application security testing approaches are extremely limited, and practically unable to identify application security problems beyond typical coding errors (i.e. SQL injection, XSS and CRLF injection bugs).

The purpose of the YAWATT is to provide security analysts with flexible modular framework based on meta-language that is used to describe web application testing scenarios and aims to assist in discovery of both coding errors and application “logic” vulnerabilities. Due to modular design the application testers are provided with granular control over whole testing process, and ability to modify execution scenario, submit additional application data and/or re-execute testing process using new “knowledge” obtained during previous execution.

About Fyodor

Fyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the “security” service delivery field. These years, however, weren’t completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects, that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering.

Note: Fyodor is not ‘nmap Fyodor’. (http://www.snort.org/docs/faq.html#1.2)



Event Organizer


Hack In The Box (M) Sdn. Bhd.

Supported & Endorsed By


Malaysian Communications and Multimedia Commission (MCMC)


Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors


Foundstone - A division of McAfee Inc.

Microsoft Corporation

Main Sponsors

Cisco Systems

Lucent Technologies - Bell Labs Innovations

Official Airline Partner


Internet Bandwidth Sponsor


AIMS - Malaysia's Telecommunications Hub

Official Hotel


Westin Kuala Lumpur

CTF Sponsor


Ascendsys

CTF Prize Sponsor


Scan Associates Berhad.


Our Speakers Are Supported By:


Bellua Asia Pacific


Core Security Technologies

Media Partners:

InfoSec News

(ISN) InfoSec News

Virus Bulletin online magazine is dedicated exclusively to reporting and analysing malicious computer programs and spam. The annual Virus Bulletin conference is cited by many in the industry as the anti-malware event of the year.

Insecure Magazine

Phrack Magazine

Hakin9 Magazine

Supporting Organizations


HERT


ISECOM - Insititue for Security and Open Methodologies


IT Underground


Chaos Computer Club (Germany)


X-Focus China

Zone-H Defacement Mirror


Xatrix Security


SyScan


Special Interest Group in Security & Information InteGrity Singapore