Core Security Developers Selected to Present on Web Application Security at Hack.lu and Pacsec

CORE SECURITY DEVELOPERS SELECTED TO PRESENT ON WEB APPLICATION SECURITY AT HACK.LU AND PACSEC

Security Experts to Discuss "Zombie 2.0" and

"Agent-Oriented SQL Abuse"

BOSTON, MA - October 18, 2007 - Core Security Technologies, provider of CORE IMPACT, the most comprehensive product for performing enterprise security assurance testing, today announced that Fernando Russ, senior developer at Core Security, and Diego Tiscornia, senior researcher at CoreLabs, have been selected to serve as a speakers at the upcoming Hack.lu 2007 in Luxemburg from October 18-20 and Pacific Security (PacSec) Conference in Tokyo from November 29-30.

Who:



What:

Where:

When:


Fernando Russ, senior developer, Core Security

Diego Tiscornia, senior researcher, CoreLabs

Presentation: “Zombie 2.0”

Hack.lu 2007 – Novotel hotel, Kirchberg, Luxemburg

Thursday, October 20, 2007, 11 a.m.

Who:



What:

Where:

Fernando Russ, senior developer, Core Security

Diego Tiscornia, senior researcher, CoreLabs

Presentation: “Zombie 2.0”

PacSec- Conference – Aoyama Diamond Hall – Tokyo

Presentation Details

In most attack-scenarios, agents are used as the payload of choice. They provide a way to abstract the complexity of exploitation/post-exploitation tasks in a homogeneous way. This approach usually requires a client-server model, as an agent is installed on the compromised component.

However, in a world of RIA (Rich Internet Applications), a wide range of attack vectors (e.g., XSS, SQL-Injection) cannot be supported with this approach. This session will present a series of attack scenarios and show how to adapt the traditional model to new types of vulnerabilities that are not dependent on machine-code-execution vectors. It will provide the framework for isolating agent functionality into two components, and demonstrate that they may reside on either the attacker’s or the victim’s system.

Who:



What:

Where:

When:


Fernando Russ, senior developer, Core Security

Diego Tiscornia, senior researcher, CoreLabs

Presentation: “Agent-Oriented SQL Abuse”

Hack.lu 2007 – Novotel hotel, Kirchberg, Luxemburg

Thursday, October 20, 2007, 4:50 p.m.

Who:



What:

Where:

Fernando Russ, senior developer, Core Security

Diego Tiscornia, senior researcher, CoreLabs

Presentation: “Agent-Oriented SQL Abuse”

Pacific Security – PacSec- Conference – Aoyama Diamond Hall – Tokyo

Presentation Details

This session introduces the SQL Agent as an efficient translator of requests from SQL to HTTP that exploit a SQL injection vulnerability in a given web application.  Building on Core’s patented agent technology, this technology enables the abstraction of exploitation/post-exploitation tasks in a homogeneous manner. This implementation translates a SQL expression into an abstract tree-structured representation. A series of transformations are then applied to this representation to adapt it to the appropriate communication channel.

In addition to introducing the architecture and describing the implementation, this session will present working code of a SQL Agent implemented in Python. Examples will be shown that demonstrate the benefits of exploiting known SQL injection vulnerabilities with this agent and compare them with a traditional agent approach.

About the Conferences

Hack.lu is a three-day European conference on bridging ethics and security in computer science where people can discuss computer security, privacy, information technology and its cultural/technical impact on society.  The fourth annual PacSec conference addresses the increasing importance of information security in Japan. The 2007 conference will present the most significant discoveries in computer network hacking attacks and will provide foreign specialists an opportunity to discover Japanese innovation and markets and collaborate on practical solutions to computer security issues.

For more information about this presentation, or to schedule meetings with Core Security’s experts at the either conference, please contact Megan Prock or Tim Whitman at 781-684-0770 or email coresecurity@schwartz-pr.com.  



About Core Security Technologies


Core Security Technologies develops strategic solutions that help security-conscious organizations worldwide develop and maintain a proactive process for securing their IT infrastructure. The company’s flagship product, CORE IMPACT, is the most comprehensive product for performing enterprise security assurance testing. IMPACT evaluates servers, desktop systems, end users and web applications by identifying what resources are exposed. It enables organizations to determine if current security investments are detecting and preventing attacks. Core augments its leading technology solution with world-class security consulting services, including penetration testing and software security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core Security Technologies can be reached at 617-399-6980 or on the Web at http://www.coresecurity.com.



Contacts:


Tim Whitman or Megan Prock    

Schwartz Communications 

781-684-0770

coresecurity@schwartz-pr.com 

Thu, October 18
  • Request Info

Media Contact

InkHouse PR for Core Security
781-966-4100
core@inkhouse.net