Monday, June 18, 2007

Reflection on Alex Stamos

This week on reflection we have Alex Stamos from iSEC Partners Inc. Alex has been involved in webappsec for sometime now and has presented at Blackhat, ToorCon, OWASP, ISACA, etc. He is a founder and Vice President of Professional Services at iSEC. He is a leading researcher in the field of web application and web services security and is also a co-author of an upcoming book Hacking Exposed Web 2.0. Alex shares with us how he got started in webappsec field. In his own words

"Back in 2001 I started working at Loudcloud, which was basically a large ISP/ASP made famous by the fact that Mark Andreessen was a founder. While there, I ended up with the primary security responsibility for about 50 Fortune-500 web applications. Through a series of late night pages, self-exploration through our customer's code, and a couple of hairy incidents, I decided that web app security was way more important to these apps than double-checking the firewall rulesets or slightly decreasing how fast we patched OpenSSH.

At @stake, a major focus of my work was penetration testing of web applications and teaching classes to web app developers on how to stop making the same mistakes others had already made. Since we started iSEC about three years ago, web application and web services security has been a major focus of my research and work with clients, although I also dabble in other security areas such as forensics. "

Based out of San Francisco, CA, US, Alex is only 28 years old. Below is a list of his contribution to the community.


Co-authored - Hacking Exposed Web 2.0 (to be released soon)

Tools written by him:-

Alex has worked on a few SOAP security tools with Scott Stender and Jesse Burns, and is releasing some new file and file system fuzzing tools to attack forensic software at BlackHat this summer.
All the tools can be found on ISEC website


Upcoming - "Breaking Forensics Software: Weaknesses in Critical Evidence Collection"
BlackHat USA 2007

"Vulnerabilities 2.0 in Web 2.0: Next Generation Web Apps from a Hacker's Perspective" - Web 2.0 Expo, BlackHat USA, BlackHat Japan, ToorCon, ACM Reflections/Projections, OWASP SF

Cyber Crime- Security, Strategy & Solutions - ISACA Silicon Valley Annual Conference

"Cross-Domain Request Forgery and Web Crimes" - SF Bay Infraguard with Jesse Burns

Attacking Web Services - BlackHat USA, CanSecWest, OWASP App Sec, SyScan





Company working for:-

Founder and Vice President of Professional Services at iSEC
Partners, Inc. (




Companies worked for:-

@stake, Loudcloud, E.O. Lawrence Berkeley National Laboratory


BS in Electrical Engineering and Computer Science- University of
California, Berkeley.

Last Week – pdp
Next Week – Cesar Cerrudo

No comments: