Monday, June 11, 2007

Reflection on pdp

This week on reflection we have Petko D Petkov (popularly known as pdp). pdp has been active in the webappsec community for sometime now. He has written many articles and published many tools. Two of his more popular tools are Attack API and Technika (firefox extension). He is also a co-author of the book XSS Exploits: Attacks and Defense. Recently he presented on Advanced Web Hacking Revealed in OWASP Appsec Conference in Italy 2007. In his reflection pdp shares with us how he got started in webappsec field. In his own words

“I have always been fascinated by the power of Web but it was around year 2000 when I got into web application security. Other then that, my interests towards IT security has been growing since 1995. Funny enough, it was "Hackers", the movie that sort of inspired me to spend my time on solving interesting problems with my not-so-advance for that time PC, rather then wasting time on games. Back then, I had 286 MHz "Pravetz", produced in Bulgaria. One of the first projects of mine was a simple calculator that was also password protected. When I finished the project, I also learned how to trick the password protection mechanism by modifying the jumper inside the program binary. That was fun. The Bulgarian underground scene used to be a great resource for me to learn. I started reading an online-zine called Phreadom. I am still looking for the old issues but I guess they are somehow lost forever.

I started hacking from the time I learned how to program. My Dad told me that programming is one of the few professions out there that teaches you about the world in general since programmers try to reflect real world problems into easy to maintain and use software products. That made me start thinking outside the box. I define myself as a life-hacker. I guess this is the reason why I am where I am today. When I came to UK I didn't wanted to waste time so I did a lot of security related projects. This is when my IT Security career started. I was 18 I was doing the stuff that I wanted to do all my life.”

Based out of london, UK, pdp is only 22 years old. Below is a list of his contributions to the webappsec community.


XSS Attacks: Exploits and Defense


The Web has Betrayed Us

Persistent CSRF and The Hotlink Hell

Preventing CSRF

Sex, Candies and Bookmarklet Exploits

The Machine is Using Us

Playing in Large

Universal PDF XSS After Party

Danger Danger Danger

Web OS

Cross-site Request Forgery

The 0XSS Credo

The Backdooring Series:

The XSSing the Lan Series:


Advanced Web hacking revealed

Tools written by him:-

Some of the tools published by him

JavaScript YPipes Spider

JavaScript TinyURL Filesystem

Google Hacking Database Interface

JavaScript Port Scanner

Greasemonkey Backdoor

Exploit Development Environment for Firefox

Geo position Zombies on a map

Attack Framework for controlling zombies

simple JavaScript tesing framework

powerful JavaScript based attack library

The Cross-site Scripting database

Powerful and very customizable attack communication channel

Set of utilities useful when performing enumeration attacks

Company working for:-






Companies worked for:-


Pdp has a vast knowledge of different technologies and frameworks available on the internet. If you are not already following his blog, then I would recommend doing so. He brings up some good points for webappsec community.

Last Week – Saumil Shah
Next Week – Alex Stamos

No comments: