Close
- Information Technology
- Data Infrastructure
- Data Tools
- Desktops, Laptops and OS
- Chip Sets
- Collaboration Tools
- Desktop Systems - PCs
- Email Client
- Embedded Systems
- Hardware and Periferals
- Laptops
- Linux - Open Source
- Mac OS
- Memory Components
- Mobile Devices
- Presentation Software
- Processors
- Spreadsheets
- Thin Clients
- Upgrades and Migration
- Windows 7
- Windows Vista
- Windows XP
- Word Processing
- Workstations
- Enterprise Applications
- IT Infrastructure
- IT Management
- Networking and Communications
- Bluetooth
- DSL
- GPS
- GSM
- Industry Standard Protocols
- LAN - WAN
- Management
- Mobile - Wireless Communications
- Network
- Network Administration
- Network Design
- Network Disaster Recovery
- Network Interface Cards
- Network Operating Systems
- PBX
- RFID
- Scalability
- TCP - IP
- Telecom Hardware
- Telecom Regulation
- Telecom Services
- Telephony Architecture
- Unified Communications
- VPNs
- VoIP - IP Telephony
- Voice Mail
- WAP
- Wi-Fi (802.11)
- WiMAX (802.16)
- Wide Area Networks (WAN)
- Wireless Internet
- Wireless LAN
- Security
- Servers and Server OS
- Software and Web Development
- .Net Framework
- ASPs
- Application Development
- Application Servers
- Collaboration
- Component-Based
- Content Management
- E-Commerce - E-Business
- Enterprise Applications
- HTML
- IM
- IP Technologies
- Integration
- Internet
- Intranet
- J2EE
- Java
- Middleware
- Open Source
- Programming Languages
- Quality Assurance
- SAAS
- Service-Oriented Architecture (SOA)
- Software Engineering
- Software and Development
- Web Design
- Web Design and Development
- Web Development and Technology
- XML
- Storage
- Agriculture
- Automotive
- Career
- Construction
- Education
- Engineering
- Broadcast Engineering
- Chemical
- Civil and Environmental
- Control Engineering
- Design Engineering
- Electrical Engineering
- GIS
- General Engineering
- Industrial Engineering
- Manufacturing Engineering
- Materials Science
- Mechanical Engineering
- Medical Devices
- Photonics
- Power Engineering
- Process Engineering
- Test and Measurement
- Finance
- Food and Beverage
- Government
- Healthcare and Medical
- Human Resources
- Information Technology
- Data Infrastructure
- Data Tools
- Desktops, Laptops and OS
- Chip Sets
- Collaboration Tools
- Desktop Systems - PCs
- Email Client
- Embedded Systems
- Hardware and Periferals
- Laptops
- Linux - Open Source
- Mac OS
- Memory Components
- Mobile Devices
- Presentation Software
- Processors
- Spreadsheets
- Thin Clients
- Upgrades and Migration
- Windows 7
- Windows Vista
- Windows XP
- Word Processing
- Workstations
- Enterprise Applications
- IT Infrastructure
- IT Management
- Networking and Communications
- Bluetooth
- DSL
- GPS
- GSM
- Industry Standard Protocols
- LAN - WAN
- Management
- Mobile - Wireless Communications
- Network
- Network Administration
- Network Design
- Network Disaster Recovery
- Network Interface Cards
- Network Operating Systems
- PBX
- RFID
- Scalability
- TCP - IP
- Telecom Hardware
- Telecom Regulation
- Telecom Services
- Telephony Architecture
- Unified Communications
- VPNs
- VoIP - IP Telephony
- Voice Mail
- WAP
- Wi-Fi (802.11)
- WiMAX (802.16)
- Wide Area Networks (WAN)
- Wireless Internet
- Wireless LAN
- Security
- Servers and Server OS
- Software and Web Development
- .Net Framework
- ASPs
- Application Development
- Application Servers
- Collaboration
- Component-Based
- Content Management
- E-Commerce - E-Business
- Enterprise Applications
- HTML
- IM
- IP Technologies
- Integration
- Internet
- Intranet
- J2EE
- Java
- Middleware
- Open Source
- Programming Languages
- Quality Assurance
- SAAS
- Service-Oriented Architecture (SOA)
- Software Engineering
- Software and Development
- Web Design
- Web Design and Development
- Web Development and Technology
- XML
- Storage
- Life Sciences
- Lifestyle
- Management
- Manufacturing
- Marketing
- Meetings and Travel
- Multimedia
- Operations
- Retail
- Sales
- Trade/Professional Services
- Utility and Energy
- View All Topics
Share Your Content with Us
on TradePub.com for readers like you. LEARN MORE
Register for Your Free Live Webinar Now:
"Finding IDORs with Agentic Reasoning"
Live Webinar | Thursday, March 19, 2026 | 2pm EST
Join XBOW’s Offensive Security Engineers for a deep, trace-level walkthrough of how real IDORs are discovered and exploited in practice, using two 0-day vulnerabilities found in the Spree eCommerce framework.
We’ll show how XBOW’s IDOR module reasons about authorization boundaries where traditional scanners stop at linear checks and error responses, covering:
Two real Spree zero-day IDORs: unauthenticated and cross-cart billing/shipping address access, walked through trace by trace.
Why scanners fail at IDORs: linear ID probing and response diffing break as soon as authorization logic and state come into play.
How XBOW finds them instead: agentic reasoning over objects, roles, and auth states, with access to real data.
Speakers
Fernando Diaz
Offensive Security Engineer, XBOW
Fernando Díaz is an Offensive Security Engineer originally from Argentina and currently based in Barcelona. With over 12 years of experience in cybersecurity, prior to joining XBOW, he spent the majority of his career at Core Security, where he worked as a penetration tester helping organizations identify and remediate complex security vulnerabilities across a wide range of industries.
In addition to his consulting work, Fernando has been actively involved in the bug bounty community, contributing to multiple programs and penetration tests on HackerOne. His experience spans offensive security assessments, real-world attack simulations, and vulnerability research, with a strong focus on delivering practical, high-impact findings.
Adrián Losada Pita
Offensive Security Engineer, XBOW
Adrián Losada Pita is a senior Offensive Security Engineer based in Spain with 10+ years of experience in offensive security across a wide variety of corporate environments. Before joining XBOW he worked at Tarlogic for 8 years where he specialized in infrastructure and web penetration testing. A former CTF player, he later shifted his focus to real-world vulnerability research through bug bounty, and is an active member of the community under the name remot3, contributing to programs on platforms such as HackerOne and participating in competitive security initiatives such as the Ambassador World Cup with Team Spain.
Terry Sweeney
Moderator, Black Hat
Offered Free by: XBOW
See All Resources from: XBOW
Recommended for Professionals Like You:
