- Offensive Security Certified Professional (OSCP)
- Independent Cyber Security Consultant specialized in Penetration Testing, Ethical Hacking, Computer Forensics and related areas
- Information and Computer Systems Engineer from the National Polytechnic School (EPN), performs independent analysis and research on Cybersecurity issues especially focused on new computer threats that attack Ecuador and Latin America
- Founder & CEO of the Free Software and Information Security Research Group: Hackem Cybersecurity Research Group
- Researcher and collaborator in Internet of Things (IoT) Projects with Technische Universiteit Delft (TU Delft) (Netherlands) and Technische Universität München (TUM) (Germany)
- Ex-President IEEE Computer Society [EPN], Leader OWASP Ecuador [EPN], Ambassador of the Fedora GNU Linux Project, Ambassador of SciPy Latam, Ambassador of Mozilla in Ecuador. ISACA Ecuador and Criptored member
- Organizer of multiple technological events such as: Latin American Festival of Free Software Installation (FLISoL), Software Freedom Day (SFD), Cryptoparty, Gira Antivirus, Fedora Release Party, PyDay, PythonQuito, Django Girls, etc.)
- Invited as Keynote Speaker in talks about Ethical Hacking, Penetration Testing and Information Security in national events (e.g. Campus Party Ecuador, Conferences on Computer Systems at Escuela Politécnica Nacional, Universidad de las Fuerzas Armadas ESPE, Universidad de las Américas UDLA, Universidad Central del Ecuador, Pontificia Universidad Católica del Ecuador, Universidad Técnica del Norte, Universidad Técnica de Machala, etc.), and international conferences in Latin America, Europe and Taiwan (e.g. PyCon Colombia, FLISoL Panama, FLISoL El Salvador, FLISoL Medellín, OWASP Taiwan Week, etc)
- Winner of several International Ethical Hacking and Malicious Software Analysis Contests organized by Kaspersky & ESET
Penetration Testing to Web Applications
In this talk, the presenter will show the most common techniques followed by Ethical Hackers to perform intrusion tests in web applications based on the OWASP Top 10 (2017).
The programming language which will be used for part of the demo is Python and how an attacker can create custom scripts to search for certain vulnerabilities. Within the live demonstration a real environment will be shown, where a popular CMS will be exploited to gain access to the server, in this demonstration the public will be able to see how a small vulnerability within the web app can lead to the full compromise of the server until the attacker gains root privileges.