This talk is going to be centered around Yasuo, an open,source vulnerable application scanner purely written in Ruby, that we will be releasing at the conference. If you search through Exploit,db, there are over 10, 000 remotely exploitable vulnerabilities that exist in tons of web applications and could allow an attacker to completely compromise the back,end server. These vulnerabilities range from RCE to malicious file uploads to SQL injection to LFI and so on. We often talk about exploiting JBoss jmx,console, Apache tomcat manager but that’s just scratching the surface. A random wise man once said, It’s not about what, it’s about where. With all the modern network protections these days, a smart hacker, good or bad, is always looking for that one IP, one port, one application that could be exploited to penetrate through the network. Yasuo is built to quickly scan the network for such vulnerable applications thus serving pwnable targets on a silver platter. During this talk, we will elaborate on the develop , ment of Yasuo, the problem, the challenges and how it can be effective in hacking an organization in the real,world scenario

Back to Derbycon 2014 video list