Reflection on Amit Klein
For those who are in the web application security field need no introduction to his name. He is an expert and by far one of the best in web application security space. He is one of the early starters of the field and has played a major role in the awareness of webappsec. His contribution ranges from not only identifying vulnerabilities and publishing them but also contributing towards standards like OWASP guide, WASC threat classification or web application firewall criteria. And those who are not aware should know he was the one who also contributed towards the solution for UXSS (pdf xss vulnerability). He is also a WASC (Web Application Security Consortium) officer and a board member and co-leads the WASC articles project.
Based out of Israel, he started back in 1997 with Perfecto Technologies (which later became Sanctum), mostly heading security research activities. Sanctum was later acquired by Watchfire in 2004 which is when he left Sanctum / Watchfire. He is currently a CTO of a security company.
Below you will find a list of his articles, contributions, presentations and other details.
Articles:-
A Refreshing Look at Redirection
http://www.securityfocus.com/archive/1/450418
Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)
http://www.securityfocus.com/archive/1/443391
Under some conditions, it's possible to steal HTTP credentials using Flash
http://www.securityfocus.com/archive/1/443191
Forging HTTP request headers with Flash
http://www.securityfocus.com/archive/1/441014
IE + some popular forward proxy servers = XSS, defacement (browser cache
poisoning)
http://www.securityfocus.com/archive/1/434931
Path Insecurity
http://www.webappsec.org/lists/websecurity/archive/2006-03/msg00000.html
HTTP Response Smuggling
http://www.securityfocus.com/archive/1/425593
Domain Contamination
http://www.webappsec.org/projects/articles/020606.txt
XST Strikes Back
http://www.securityfocus.com/archive/1/423028
Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a
lot more...
http://www.securityfocus.com/archive/1/411585
Detecting and Preventing HTTP Response Splitting and HTTP Request
Smuggling Attacks at the TCP Level
http://www.securityfocus.com/archive/1/408135
NTLM HTTP Authentication is Insecure by Design
http://www.securityfocus.com/archive/1/405541
Can HTTP Request Smuggling be blocked by Web Application Firewalls
http://www.webappsec.org/lists/websecurity/archive/2005-06/msg00123.html
DOM Based Cross Site Scripting
http://www.webappsec.org/projects/articles/071105.html
Meanwhile, on the other side of the web server
http://www.itsecurity.com/security.htm?s=3957
HTTP Request Smuggling (with Chaim Linhart, Ronen Heled and Steve Orrin)
http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf
The Insecure Indexing Vulnerability - Attacks Against Local Search Engines
http://www.webappsec.org/projects/articles/022805-clean.html
Detecting and Testing HTTP Response Splitting Using a Browser
http://www.securityfocus.com/archive/107/378523
Blind XPath Injection
http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf
Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Other Topics
http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
Secure Coding Practices for Microsoft ASP.NET
http://www.cgisecurity.com/lib/WhitePaper_Secure_Coding_Practices_VSdotNET.pdf
XS(T) attack variants which can, in some cases, eliminate the need for TRACE
http://www.securityfocus.com/archive/107/308433
Cross Site Scripting Explained
http://crypto.stanford.edu/cs155/CSS.pdf
Hacking Web Applications Using Cookie Poisoning
http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf
Contributions:-
OWASP guide to building secure web application
http://internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0.1.pdf
WAFEC
http://www.webappsec.org/projects/wafec/
WASC's Threat Categorization (TC)
http://www.webappsec.org/projects/threat/
Co-lead the WASC articles project
http://www.webappsec.org/projects/articles/guidelines.shtml
Presentations:-
OWASP AppSec Europe Conference 2006 – “HTTP Message Splitting, Smuggling and Other Animals”
CERT 2002 Conference, August 2002 - "WWW Forensics"
FM'99 Congress, September 1999 - "A Perfect Verification: Combining Model Checking with Deductive Analysis to Verify Real-Life Software"
Memberships:-
Amit is WASC officer and board member.
Companies worked for:-
Sanctum, Cyota (RSA security)
Education:-
B. Sc. Mathematics and Physics
Email:-
aksecurity__at__gmail_dot_com
And this just doesn't end here, you will see a lot more coming from him. He is a must follow figure of the webappsec field.
Next Friday – Reflection on RSnake
Based out of Israel, he started back in 1997 with Perfecto Technologies (which later became Sanctum), mostly heading security research activities. Sanctum was later acquired by Watchfire in 2004 which is when he left Sanctum / Watchfire. He is currently a CTO of a security company.
Below you will find a list of his articles, contributions, presentations and other details.
Articles:-
A Refreshing Look at Redirection
http://www.securityfocus.com/archive/1/450418
Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)
http://www.securityfocus.com/archive/1/443391
Under some conditions, it's possible to steal HTTP credentials using Flash
http://www.securityfocus.com/archive/1/443191
Forging HTTP request headers with Flash
http://www.securityfocus.com/archive/1/441014
IE + some popular forward proxy servers = XSS, defacement (browser cache
poisoning)
http://www.securityfocus.com/archive/1/434931
Path Insecurity
http://www.webappsec.org/lists/websecurity/archive/2006-03/msg00000.html
HTTP Response Smuggling
http://www.securityfocus.com/archive/1/425593
Domain Contamination
http://www.webappsec.org/projects/articles/020606.txt
XST Strikes Back
http://www.securityfocus.com/archive/1/423028
Exploiting the XmlHttpRequest object in IE - Referrer spoofing, and a
lot more...
http://www.securityfocus.com/archive/1/411585
Detecting and Preventing HTTP Response Splitting and HTTP Request
Smuggling Attacks at the TCP Level
http://www.securityfocus.com/archive/1/408135
NTLM HTTP Authentication is Insecure by Design
http://www.securityfocus.com/archive/1/405541
Can HTTP Request Smuggling be blocked by Web Application Firewalls
http://www.webappsec.org/lists/websecurity/archive/2005-06/msg00123.html
DOM Based Cross Site Scripting
http://www.webappsec.org/projects/articles/071105.html
Meanwhile, on the other side of the web server
http://www.itsecurity.com/security.htm?s=3957
HTTP Request Smuggling (with Chaim Linhart, Ronen Heled and Steve Orrin)
http://www.cgisecurity.com/lib/HTTP-Request-Smuggling.pdf
The Insecure Indexing Vulnerability - Attacks Against Local Search Engines
http://www.webappsec.org/projects/articles/022805-clean.html
Detecting and Testing HTTP Response Splitting Using a Browser
http://www.securityfocus.com/archive/107/378523
Blind XPath Injection
http://www.packetstormsecurity.org/papers/bypass/Blind_XPath_Injection_20040518.pdf
Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning
Attacks, and Other Topics
http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf
Secure Coding Practices for Microsoft ASP.NET
http://www.cgisecurity.com/lib/WhitePaper_Secure_Coding_Practices_VSdotNET.pdf
XS(T) attack variants which can, in some cases, eliminate the need for TRACE
http://www.securityfocus.com/archive/107/308433
Cross Site Scripting Explained
http://crypto.stanford.edu/cs155/CSS.pdf
Hacking Web Applications Using Cookie Poisoning
http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf
Contributions:-
OWASP guide to building secure web application
http://internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0.1.pdf
WAFEC
http://www.webappsec.org/projects/wafec/
WASC's Threat Categorization (TC)
http://www.webappsec.org/projects/threat/
Co-lead the WASC articles project
http://www.webappsec.org/projects/articles/guidelines.shtml
Presentations:-
OWASP AppSec Europe Conference 2006 – “HTTP Message Splitting, Smuggling and Other Animals”
CERT 2002 Conference, August 2002 - "WWW Forensics"
FM'99 Congress, September 1999 - "A Perfect Verification: Combining Model Checking with Deductive Analysis to Verify Real-Life Software"
Memberships:-
Amit is WASC officer and board member.
Companies worked for:-
Sanctum, Cyota (RSA security)
Education:-
B. Sc. Mathematics and Physics
Email:-
aksecurity__at__gmail_dot_com
And this just doesn't end here, you will see a lot more coming from him. He is a must follow figure of the webappsec field.
Next Friday – Reflection on RSnake
2 comments:
Hi there,
The 1.1.1 edition of OWASP Guide is old and should not be referenced.
Amit's work was updated and referenced in OWASP Guide 2.0:
http://www.owasp.org/index.php/Interpreter_Injection#DOM-based_XSS_Injection
and the Testing Guide:
http://www.owasp.org/index.php/Testing_for_XPath_Injection
Amit is a really nice guy and one of the smartest cookies in webappsec today. I'm glad we invited him to speak at last year's OWASP EU.
thanks,
Andrew van der Stock
Executive Director, OWASP
Andrew -
Thanks for pointing that out. I have updated the link to point to OWASP Guide 2.0
--Anurag
Post a Comment