IsacaRoma: Good morning Mr. Shreeraj. Could you present yourself and the "Net Square [2]"?
Shreeraj Shah: My self is Shreeraj Shah, I am founder and director of Net Square. I am leading consulting, training and R&D activities at Net Square.
IR: You are an expert of "application security"; why is it so important? Do we need it? What about a perimeter security approach?
SS: Application security is emerging as one of the weakest spots in infrastructure. Application running on port 80/443 is always available to attackers and it is imperative to provide strong protection against attack vectors. Perimeter security approach can not guard internal variables of web application and these variables are having access to database of employee, products, credit cards etc. Application level filtering is new need of current time.
IR: Web 2.0 application is the new frontier... Do you think we need a specific web 2.0 security approach [3]?
SS: Web 2.0 is just a different dimension of thinking, it has no inherent weakness as such. So good application security controls along with secure coding practices are still better approaches.
IR: Have you any recommendations to improve security awareness for non-specialized people?
SS: Good books and corporate trainings from good instructor who has done hands-on web application assessment work.
IR: What about your private life? Which are your hobbies? Do you like reading? And cinema? Do you know Italy? Rome?
SS: Reading, Music and watching Cricket are my hobbies. Love to do R&D in free time. I don't know Italy much, I visited Europe once but not Italy in that visit.
IR: Thanks Mr. Shreeraj
SS: Thank you very much.
Who is Shreeraj Shah?
Shreeraj Shah is founder and director of Net Square and leads Net Square’s consulting, training and R&D activities. Shreeraj is also the author of Hacking Web Services (Thomson) and co-author of Web Hacking: Attacks and Defense (Addison-Wesley). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, and Syscan.Bio Details [4]
Contacts: blog [5].
IsacaRoma Newsletter links (English)
- ENISA: Interview with Dr Louis Marinos, Senior Expert on Risk Management [6]
- Interview with Lily Bi on GTAG project [7]
- The future of COBIT [8]
- Interview with Ross Anderson [9]
- Bruce Schneier: Questions & Answers [10]
- A conversation with Simon Singh [11]
IsacaRoma Newsletter link (Italian)
- Shreeraj Shah – Come individuare le vulnerabilità nelle applicazioni web [12]
- OWASP:
la sicurezza di AJAX, a colloquio con Stefano Di Paola e Giorgio Fedon [13]
- AJAX:
hacking con Firefox [14]
- La top 10 dei possibili attacchi al web 2.0 [15]
- Intervista Alberto Revelli Technical Director di OWASP Italy ed autore di sqlninja [16]
- Codice sicuro: intervista a Paolo Perego, thesp0nge, ideatore di OWASP Orizon [17]
- Application security: intervista ad Antonio Parata di OWASP [18]
- OWASP: i vincitori dell'Autumn of Code 2006 [19]
- Intervista a Matteo Meucci di Owasp Italia [20]
- SMAU: OWASP, applicativi web vulnerabili [21]
- Matteo Meucci: Web Application Security e il progetto OWASP (pdf [22] zip, 2 M)