Thursday, February 08, 2007

Reflection on Amit Klein

For those who are in the web application security field need no introduction to his name. He is an expert and by far one of the best in web application security space. He is one of the early starters of the field and has played a major role in the awareness of webappsec. His contribution ranges from not only identifying vulnerabilities and publishing them but also contributing towards standards like OWASP guide, WASC threat classification or web application firewall criteria. And those who are not aware should know he was the one who also contributed towards the solution for UXSS (pdf xss vulnerability). He is also a WASC (Web Application Security Consortium) officer and a board member and co-leads the WASC articles project.

Based out of Israel, he started back in 1997 with Perfecto Technologies (which later became Sanctum), mostly heading security research activities. Sanctum was later acquired by Watchfire in 2004 which is when he left Sanctum / Watchfire. He is currently a CTO of a security company.

Below you will find a list of his articles, contributions, presentations and other details.


A Refreshing Look at Redirection

Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)

Under some conditions, it's possible to steal HTTP credentials using Flash

Forging HTTP request headers with Flash

IE + some popular forward proxy servers = XSS, defacement (browser cache

Path Insecurity

HTTP Response Smuggling

Domain Contamination

XST Strikes Back

Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a
lot more...

Detecting and Preventing HTTP Response Splitting and HTTP Request
Smuggling Attacks at the TCP Level

NTLM HTTP Authentication is Insecure by Design

Can HTTP Request Smuggling be blocked by Web Application Firewalls

DOM Based Cross Site Scripting

Meanwhile, on the other side of the web server

HTTP Request Smuggling (with Chaim Linhart, Ronen Heled and Steve Orrin)

The Insecure Indexing Vulnerability - Attacks Against Local Search Engines

Detecting and Testing HTTP Response Splitting Using a Browser

Blind XPath Injection

Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Other Topics

Secure Coding Practices for Microsoft ASP.NET

XS(T) attack variants which can, in some cases, eliminate the need for TRACE

Cross Site Scripting Explained

Hacking Web Applications Using Cookie Poisoning


OWASP guide to building secure web application


WASC's Threat Categorization (TC)

Co-lead the WASC articles project


OWASP AppSec Europe Conference 2006 – “HTTP Message Splitting, Smuggling and Other Animals”

CERT 2002 Conference, August 2002 - "WWW Forensics"

FM'99 Congress, September 1999 - "A Perfect Verification: Combining Model Checking with Deductive Analysis to Verify Real-Life Software"


Amit is WASC officer and board member.

Companies worked for:-

Sanctum, Cyota (RSA security)


B. Sc. Mathematics and Physics



And this just doesn't end here, you will see a lot more coming from him. He is a must follow figure of the webappsec field.

Next Friday – Reflection on RSnake


Andrew van der Stock said...

Hi there,

The 1.1.1 edition of OWASP Guide is old and should not be referenced.

Amit's work was updated and referenced in OWASP Guide 2.0:

and the Testing Guide:

Amit is a really nice guy and one of the smartest cookies in webappsec today. I'm glad we invited him to speak at last year's OWASP EU.

Andrew van der Stock
Executive Director, OWASP

Anurag Agarwal said...

Andrew -

Thanks for pointing that out. I have updated the link to point to OWASP Guide 2.0