Monday, June 04, 2007

Reflection on Saumil Shah

This week on reflection we have Saumil Shah from net-square Solutions. Saumil has been involed in webappsec community for a long time and is a regular presenter at Blackhat. He focuses on researching vulnerabilities with various e-commerce and web based application systems, system architecture for Net-Square's tools and products, and developing short term training programmes. He specializes in ethical hacking and security architecture. In his reflection, Saumil shares with us how he got involed in webappsec. In his own words

“My original interest in security has always been Unix hacking and reverse engineering. In 1998, when I joined Ernst & Young as a penetration testing specialist, we used to have a field day with systems wide open on the Internet. NetBIOS and SunRPC made our day. Not to mention a slew of other services like open database ports, terminal ports, and more. By the end of 1999, the only ports we could find open on the Internet were 80 and 443. Not to be outdone, I ended up finding out ways to compromise systems, this time using HTTP and the application behind it.

Leaving apart the whole idiotic debate on hacking vs. cracking, I shall say that I truly started hacking at the age of 11. My first few "hacks" were to spot programming errors in home computer magazines, for the ZX Spectrum and the BBC Micro, fixing them while keying in long listings in BASIC, and enjoying the games until I had to unplug the power. The only storage medium was cassette tape back in 1984.”

Based out of Ahmedabad, India, Saumil is only 33 years old and is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996). He has served as a technical editor for "Hacking Exposed 2nd Ed", and has contributed to "Know your Enemy - the Honeynet Project" book. Saumil has also presented at Blackhat, CNET eDevCon,, EUSecWest, and many more. Below are a list of his contributions to the webappsec community.


Web Hacking - Attacks and Defense

The Anti Virus Book


Saumil did a monthly column for two years on C-NET, titled ”Security Issues”, along with Chris Prosise.

One Way Web Hacking

An Introduction to HTTP fingerprinting

Tools written by him:-

httprint - Advanced HTTP Fingerprinting


One of the very early members of The Honeynet Project in 2000.


Web Hacking


The Exploit Laboratory: Analyzing Vulnerabilities and Writing Exploits
(Black Hat Europe 2006 Briefings and Training, Black Hat USA Training 2006)

Defeating Automated Web Assessment Tools

HTTP Fingerprinting and Advanced Assessment Techniques – (BH Europe 2004, BH Asia 2003, BH Federal 2003, BH Windows 2004)

HTTP: Advanced Assessment Techniques

Top Ten Web Attacks

One-Way SQL Hacking: Futility of Firewalls in Web Hacking

Writing Metasploit Plugins - From Vulnerability to Exploit

CNET eDevCon 2000: "Hacking Exposed: Ecommerce - Live!

Company working for:-

Net-Square - Founder and CEO

Companies worked for:-

Ernst & Young, Foundstone





M.S. Computer Science, Purdue University, USA - graduated in 1998
B.E. Computer Engineering, Gujarat University, India - graduated in 1995

Saumil has also been doing pre-conference training since past 6 years at Blackhat, and have also taught classes at CanSecWest and Hack in the Box. I am sure we will see a lot more contribution from him going forward.

Last Week – Stefano Di Paola

Next Week – pdp

No comments: