Web Application Security Payloads
Web Application Payloads are the evolution of old school system call payloads
which are used in memory corruption exploits since the 70's. The basic problem
solved by any payload is pretty simple: "I have _access_, what now?". In memory
corruption exploits it's pretty easy to perform any specific task because after
successful exploitation the attacker is able to control the CPU / memory and
execute arbitrary system calls in order to create a new user or run an arbitrary
command; but in the Web Application field, the attacker is restricted to the
"system calls" that the vulnerable Web Application exposes.
Sobre Lucas Apa
Lucas Apa is a Security Consultant at Bonsai Information Security. His duties involves in providing professional computer information security services , and also break things. With young blood focuses on Penetration Testing and Vulnerability Research. He has grown parallel to Web Applications where he specializes and also has helped to fix multiple vulnerabilities in major vendor software products. Lucas is currently pursuing a degree in Computer Engeneering at Universidad Austral.