So the OWASP at Krakow (which was a great experience!) came to an end. The conference was a mixture of technical and non-technical presentations; I liked the w3af presentation and thought it was well delivered, and I heard that the “HTTP Parameter Pollution” was particularly interesting. It seems that the Web Applications Firewall talk that we gave steered the attention of various organizations, media (DarkReading) and people (Twitter). The presentation went a big bonkers and Murphey’s Law kicked in. However we got the chance to demonstrate the missed content after the conference for an audience that provided a lot of good feedback.

I’ll also be presenting a session on VoIP scanning on the internet at CONFidence tomorrow. Most other presentations and research seems to focus on VoIP (in)security + layer 2 issues, such as sniffing clear text VoIP. In contrast to this, my session will be more focused on what attackers coming Internet (can) do to your SIP PBX and endpoints. The focus is on demonstrating using both live demos and recorded videos and destribing some interesting (rather new) attacks that apply to VoIP on the Internet.