Shreeraj Shah

Biography

Shreeraj Shah, B.E., MSCS, MBA, is the founder of Blueinfy, a company that provides application security services. Prior to founding Blueinfy, he was founder and board member at Net Square. He also worked with Foundstone (McAfee), Chase Manhattan Bank, and IBM in the security space.

He is also the author of popular books such as Hacking Web Services (Thomson 06) and Web Hacking: Attacks and Defense (Addison-Wesley 03). In addition, he has published several advisories, tools, and whitepapers, and has presented at numerous conferences including RSA, AusCERT, InfosecWorld (Misti), HackInTheBox, Blackhat, OSCON, Bellua, Syscan, ISACA etc. His articles are regularly published on Securityfocus, InformIT, DevX, O’Reilly, HNS. His work has been quoted on BBC, Dark Reading, Bank Technology as an expert.

Visit his blog at http://shreeraj.blogspot.com/.

Articles

You need to enable JavaScript to view more than 15 articles by this author.

Detecting Web Application Security Vulnerabilities
Publish Date: Nov. 2, 2006Your web application is only as secure as the data coming in, and how you treat user input determines how secure you are. A little bit of thought and Python programming can help you analyze potential vulnerabilities in your code; Shreeraj Shah demonstrates. Assessing Web App Security with Mozilla
Publish Date: Oct. 20, 2005If your web application expects only that users always follow instructions and can never do anything other than what you want, it's probably insecure. You might find it surprising how much information your app exposes to a potentially hostile world. Shreeraj Shah demonstrats how to use Mozilla's LiveHTTPHeaders extension to see what your app does and probe it for vulnerabilities. Securing Web Services with mod_security
Publish Date: Jun. 9, 2005Web services build atop HTTP to allow more flexible applications. However, their flexibility and ubiquity do not always protect against vulnerabilities due to the way HTTP works. Fortunately, the mod_security module and some planning can block potential attacks at both the protocol and application level before they start. Shreeraj Shah explains.