Monday, June 04, 2007

Reflection on Saumil Shah


This week on reflection we have Saumil Shah from net-square Solutions. Saumil has been involed in webappsec community for a long time and is a regular presenter at Blackhat. He focuses on researching vulnerabilities with various e-commerce and web based application systems, system architecture for Net-Square's tools and products, and developing short term training programmes. He specializes in ethical hacking and security architecture. In his reflection, Saumil shares with us how he got involed in webappsec. In his own words

“My original interest in security has always been Unix hacking and reverse engineering. In 1998, when I joined Ernst & Young as a penetration testing specialist, we used to have a field day with systems wide open on the Internet. NetBIOS and SunRPC made our day. Not to mention a slew of other services like open database ports, terminal ports, and more. By the end of 1999, the only ports we could find open on the Internet were 80 and 443. Not to be outdone, I ended up finding out ways to compromise systems, this time using HTTP and the application behind it.

Leaving apart the whole idiotic debate on hacking vs. cracking, I shall say that I truly started hacking at the age of 11. My first few "hacks" were to spot programming errors in home computer magazines, for the ZX Spectrum and the BBC Micro, fixing them while keying in long listings in BASIC, and enjoying the games until I had to unplug the power. The only storage medium was cassette tape back in 1984.”



Based out of Ahmedabad, India, Saumil is only 33 years old and is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996). He has served as a technical editor for "Hacking Exposed 2nd Ed", and has contributed to "Know your Enemy - the Honeynet Project" book. Saumil has also presented at Blackhat, CNET eDevCon, hack.lu, EUSecWest, and many more. Below are a list of his contributions to the webappsec community.

Books:-

Web Hacking - Attacks and Defense
http://www.awprofessional.com/bookstore/product.asp?isbn=0201761769&rl=1

The Anti Virus Book
http://saumil.net/antivirus/contents.html


Articles:-

Saumil did a monthly column for two years on C-NET Builder.com, titled ”Security Issues”, along with Chris Prosise.
http://builder.cnet.com/

One Way Web Hacking
http://net-square.com/papers/one_way

An Introduction to HTTP fingerprinting
http://net-square.com/httprint/httprint_paper.html


Tools written by him:-

httprint - Advanced HTTP Fingerprinting
http://net-square.com/httprint/


Contributions:-

One of the very early members of The Honeynet Project in 2000.


Presentations:-

Web Hacking
http://www.blackhat.com/html/win-usa-01/win-usa-01-speakers.html

Adware/Spyware
http://www.blackhat.com/html/bh-japan-05/bh-jp-05-en-speakers.html

The Exploit Laboratory: Analyzing Vulnerabilities and Writing Exploits
(Black Hat Europe 2006 Briefings and Training, Black Hat USA Training 2006)
http://www.blackhat.com/html/bh-usa-06/train-bh-us-06-ss-el.html

Defeating Automated Web Assessment Tools
http://www.blackhat.com/html/bh-usa-04/bh-usa-04-speakers.html


HTTP Fingerprinting and Advanced Assessment Techniques – (BH Europe 2004, BH Asia 2003, BH Federal 2003, BH Windows 2004)
http://www.blackhat.com/html/bh-europe-04/bh-europe-04-speakers.html


HTTP: Advanced Assessment Techniques
http://www.blackhat.com/html/win-usa-03/win-usa-03-speakers.html#Saumil%20Udayan%20Shah


Top Ten Web Attacks
http://www.blackhat.com/html/bh-asia-02/bh-asia-02-speakers.html

One-Way SQL Hacking: Futility of Firewalls in Web Hacking
http://www.blackhat.com/html/bh-europe-01/bh-europe-01-speakers.html#Marc%20Witteman


Writing Metasploit Plugins - From Vulnerability to Exploit
http://conference.hackinthebox.org/hitbsecconf2006kl/?page_id=81


CNET eDevCon 2000: "Hacking Exposed: Ecommerce - Live!


Company working for:-

Net-Square - Founder and CEO
http://net-square.com/


Companies worked for:-

Ernst & Young, Foundstone


Email:-

saumil__at__net-square_dot_com


Website:-
http://saumil.net/


Education:-

M.S. Computer Science, Purdue University, USA - graduated in 1998
B.E. Computer Engineering, Gujarat University, India - graduated in 1995


Saumil has also been doing pre-conference training since past 6 years at Blackhat, and have also taught classes at CanSecWest and Hack in the Box. I am sure we will see a lot more contribution from him going forward.


Last Week – Stefano Di Paola

Next Week – pdp

No comments: