Friday, March 23, 2007

Reflection on Robert Auger



This week on Reflection we have someone who has contributed to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 webappsec community in many different ways. We all know Robert Auger through http://www.cgisecurity.com/. CGI Security is one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 very early website on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 topic and has a wealth of information on web application security. Robert is also a Co-Founder of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web Application Security Consortium and a founder and moderator of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WASC mailing list. He also co-leads cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WASC articles project. Recently he has started http://qasec.com/ where he discusses security testing in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PDLC with an emphasis in QA. He is also leading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WASC Threat Classification (TC v2) project which is currently underway.

Here he shares with us how he got started in webappsec. In his own words

My interest in security sparked in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 mid 90's after getting infected with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Stoned Empire Monkey Virus. I was very curious how it and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r viruses worked, executed, and hid on my machine. Around cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 same time I was given access to my high school's VAX/VMS network and met up with a few people creating/setting up fake login screens/key loggers on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 dumb terminals spread throughout cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 school. This VMS network was where I learned my first language 'DCL' and helped out on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 local school student run bbs. Sometime later I started reading about 'cgi vulnerabilities' such as cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 infamous 'phf vulnerability' and was amazed that with nothing more than a browser, I could take over a machine. Since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n web based attack research has been my primary hobby (ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365rs include finding ways to abuse crawlers and parsers, co running The Web Application Security Consortium, and whitehat/blackhat SEO research).

Based out of Silicon Valley, California, Robert is only in his late 20s, and currently works for a large multinational organization where he focuses on anything application security related. I have had cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 pleasure of meeting him on a few occasions and not only he is a very friendly guy but very passionate about web application security and can speak to you for hours on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 topic. He has enormous knowledge in webappsec field and one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 very few people who also possess good knowledge of security in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Software Development Life Cycle.


Below is a list of his contributions to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 webappsec community.



Articles:-


The Cross-site Request Forgery FAQ
The Cross-site Scripting FAQ

Identifying Risks in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Development Cycle

Writing Software Security Test Cases: Putting security test cases into your test plan

Feed Injection in Web 2.0: Hacking RSS and Atom Feed Implementations

Preventing Log Evasion in IIS

Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures.
http://www.cgisecurity.com/papers/fingerprint-port80.shtml

Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two.

Anatomy of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 Web Application Worm

Challenges faced by automated web application security assessment tools


Contributions:-

Founder and Moderator of WASC 'The Web Security Mailing List' http://www.webappsec.org/lists/websecurity/

The Web Application Firewall Evaluation Criteria
http://www.webappsec.org/projects/wafec/

WASC's Threat Classification (TC)
http://www.webappsec.org/projects/threat/

Co-lead cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 WASC articles project http://www.webappsec.org/projects/articles/guidelines.shtml

The Web Application Security Consortium Web Security Glossary
http://www.webappsec.org/projects/glossary/

Distributed Open Proxy Honeypots Project
http://www.webappsec.org/projects/honeypots/

Contributor to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 OWASP Application Security Testing Framework Project
http://web.archive.org/web/20030207091615/www.owasp.org/testing/

Cross-site Tracing (XST): - Research Contributor
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf

A core contributor to Snorts web-attacks.rules rule set


Presentations:-

Zero Day Subscriptions: Using RSS and Atom Feeds As Attack Delivery Systems (Power Point) - Blackhat 2006 presentation
http://www.cgisecurity.com/papers/RSS-Security.ppt


Memberships:-

Co founder of The Web Application Security Consortium http://www.webappsec.org


Email:-

robert_@_@_@_@_@_@_webappsec.org


Blog:-

http://www.cgisecurity.com/


Website(s):-

http://www.cgisecurity.com/
http://www.webappsec.org
http://www.qasec.com/


Companies Worked for:-

SPI Dynamics, Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r Consulting companies


Robert is a man of ideas and is already working on some very interesting projects. You should definitely keep an eye out on his websites as we will see a lot more contribution from him soon.

Last Week – Billy Hoffman
Next Week – Jeff Williams

1 comment:

Anonymous said...

Thanks for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 nice post!