') UNION SELECT `This_Talk` AS ('New Exploitation and Obfuscation Techniques’)%00
') UNION SELECT `This_Talk` AS ('New Exploitation and Obfuscation Techniques’)%00
Thursday, November 21 • 9:00 am - 9:50 am
This talk will present some of the newest and most advanced optimization and obfuscation techniques available in the field of SQL Injections. These techniques can be used to bypass web application firewalls and intrusion detection systems at an alarming speed. This talk will also present the ALPHA version of an open-source framework called Leapfrog which Roberto is developing; Leapfrog is designed to assist security professionals, IT administrators, firewall vendors and companies in testing their firewall rules and implementation to determine if they are an adequate enough defense measure to stop a real cyber-attack.
Speaker:
Roberto Salgado
Roberto is the co-founder and CTO of Websec, an Information Security company. He was born in Harlingen, Texas in 1986, but was raised on the island of Cozumel, Mexico. At the age of 17 Roberto moved to Vancouver Island and has lived there ever since. In 2010 Roberto founded Websec with two lifelong friends and since then he has enjoyed building it to what it has become today.
As an Information Security specialist, Roberto has always been passionate about his line of work and has had several years of experience researching and experimenting in this field. In saying this, Roberto’s expertise is brought forth by his continuing commitment to exploring the cutting edge of today's security challenges, and finding solutions to these security problems. This driving passion has given him the opportunity to participate and contribute to great projects such as Modsecurity, PHPIDS, SQLMap and the Web Application Obfuscation book. He also created and maintains the SQL Injection Knowledge Base, an invaluable resource for penetration testers when dealing with SQL Injections.
In his free time Roberto enjoys creating SQL Injection challenges for both the security community and himself to learn from. Additionally, Roberto enjoys programming in Python and has created projects like Panoptic, a penetration testing tool that automates the search and retrieval of common log and config files through LFI vulnerabilities.