Gutes es famoso

A Dynamic Technique for Enhancing the Security and Privacy of Web ApplicationsEzequiel D. Gutesman, Researcher at Corelabs, a division of Core Security TechnologiesAriel Waissbein, Researcher, Core Security Technologies
Web applications are often preferred targets in today’s threat landscape. Many widely deployed applications were developed in haste and are often ridden with SQL injection, file inclusion and cross-site scripting bugs, creating weak links in any Internet-exposed environment.
In this presentation, CoreLabs researchers Ezequiel Gutesman and Ariel Waissbein will address this issue by introducing a new application protection technology that efficiently identifies and blocks several attack vectors “on the fly.” The protection technique is based on very granular run-time taint analysis of an application’s data and does not require access or changes to the application’s source code.
Applications written in the most common web scripting languages, including PHP, ASP, Python, Perl and Java, can be protected using this technology to prevent database injection, shell injection, cross-site scripting and directory-transversal attacks. A fully functional implementation of the protection technique for PHP will be described in detail.
Ezequiel Gutesman is a researcher at Corelabs, the research unit at Core Security Technologies and Computer Science student at University of Buenos Aires. The research I do is actually focused on web application security, this includes dynamic protection and static analysis.

http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html