This week on reflection we have Saumil Shah from net-square Solutions. Saumil has been involed in webappsec community for a long time and is a regular presenter at Blackhat. He focuses on researching vulnerabilities with various e-commerce and web based application systems, system architecture for Net-Square's tools and products, and developing short term training programmes. He specializes in ethical hacking and security architecture. In his reflection, Saumil shares with us how he got involed in webappsec. In his own words
“My original interest in security has always been Unix hacking and reverse engineering. In 1998, when I joined Ernst & Young as a penetration testing specialist, we used to have a field day with systems wide open on the Internet. NetBIOS and SunRPC made our day. Not to mention a slew of other services like open database ports, terminal ports, and more. By the end of 1999, the only ports we could find open on the Internet were 80 and 443. Not to be outdone, I ended up finding out ways to compromise systems, this time using HTTP and the application behind it.
Leaving apart the whole idiotic debate on hacking vs. cracking, I shall say that I truly started hacking at the age of 11. My first few "hacks" were to spot programming errors in home computer magazines, for the ZX Spectrum and the BBC Micro, fixing them while keying in long listings in BASIC, and enjoying the games until I had to unplug the power. The only storage medium was cassette tape back in 1984.”
Based out of Ahmedabad, India, Saumil is only 33 years old and is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996). He has served as a technical editor for "Hacking Exposed 2nd Ed", and has contributed to "Know your Enemy - the Honeynet Project" book. Saumil has also presented at Blackhat, CNET eDevCon, hack.lu, EUSecWest, and many more. Below are a list of his contributions to the webappsec community.
Web Hacking - Attacks and Defense
The Anti Virus Book
Saumil did a monthly column for two years on C-NET Builder.com, titled ”Security Issues”, along with Chris Prosise.
One Way Web Hacking
An Introduction to HTTP fingerprinting
Tools written by him:-
httprint - Advanced HTTP Fingerprinting
One of the very early members of The Honeynet Project in 2000.
The Exploit Laboratory: Analyzing Vulnerabilities and Writing Exploits
(Black Hat Europe 2006 Briefings and Training, Black Hat USA Training 2006)
Defeating Automated Web Assessment Tools
HTTP Fingerprinting and Advanced Assessment Techniques – (BH Europe 2004, BH Asia 2003, BH Federal 2003, BH Windows 2004)
HTTP: Advanced Assessment Techniques
Top Ten Web Attacks
One-Way SQL Hacking: Futility of Firewalls in Web Hacking
Writing Metasploit Plugins - From Vulnerability to Exploit
CNET eDevCon 2000: "Hacking Exposed: Ecommerce - Live!
Company working for:-
Net-Square - Founder and CEO
Companies worked for:-
Ernst & Young, Foundstone
M.S. Computer Science, Purdue University, USA - graduated in 1998
B.E. Computer Engineering, Gujarat University, India - graduated in 1995
Saumil has also been doing pre-conference training since past 6 years at Blackhat, and have also taught classes at CanSecWest and Hack in the Box. I am sure we will see a lot more contribution from him going forward.
Last Week – Stefano Di Paola
Next Week – pdp