|
Qualifications
|
B.E. Computer Engineering, Gujarat University, India (1996)
M.S. Computer Science, Purdue University (1998)
Certified Information Systems Security Professional (CISSP) (2000)
|
|
Professional
Interests
|
Web Application Security Research,
Security Penetration Testing,
Cryptography & Data Security,
Electronic Commerce,
Data Communications,
Operating Systems,
Internetworking with TCP/IP,
Distributed Systems and
Authoring Books
|
Computer
Skills
|
Platforms:Linux, Mac OS X, FreeBSD, Solaris, Netware,
Windows NT/2000, DOS
Languages: C/C++, Perl, Java, Visual Basic, HTML, Scheme, lex/yacc,
CGI scripts
Other skills: Oracle, Unix/NT/Netware system administration
|
Experience
01/00-present |
Founder and Managing Director, Net-Square Solutions.,
Ahmedabad
Net-Square has been founded in January 2000, and my responsibility has
been to establish Net-Square as a strong security research and security
software development company. Net-Square has been instrumental in
developing and exporting web security components companies such as
Foundstone and NT OBJECTives. I am leading a team of developers for
producing cutting edge security tools and techniques.
http://net-square.com
|
| 09/02-present |
Director of Research and Development, NTOBJECTives Inc.,
Rancho Santa Margarita
Responsible for technology research and development of various HTTP
components of NTOBJECTives" Fire and Water Toolkit (tm) and handling
NTO R&D activities in India.
http://www.ntobjectives.com
|
| 05/01-08/02 |
Director of India Operations, Foundstone Inc., Mission Viejo
Responsible for developing web application security assessment software for
Foundstone's product offering - Foundscan (tm)
http://www.foundscan.com.
The primary responsibility involves heading up the India research and
development team and work on research and software architecture for
FoundScan's web application security assessment module.
|
| 04/00-05/01 |
Principal Consultant, Foundstone Inc., Irvine
Responsible for security testing and architecture solutions for Foundstone's
clients. Also involved in research and development regarding new security
vulnerabilities. Lead role in developing Foundstone's "Ultimate Web
Hacking" training class, and also featured as a lead instructor.
Represent Foundstone at various security conferences such as BlackHat and
eDevCon.
|
| 08/98-04/00 |
Senior Consultant, Ernst & Young LLP, San Francisco
Responsible for numerous Ethical Hacking and security
architecture solutions. Activities include attack and penetration testing
on computer networks, re-design of security architecture, public key
infrastructure (PKI) solutions design, project management and team
co-ordination, development of attack and penetration tools and methodology
for Unix and Windows NT.
|
| 08/96-05/98 |
Department of Computer Science, Purdue University, West
Lafayette
Research Assistant in the COAST (Computer Operations, Audit and Security
Technology) laboratory. Research activities included misuse detection using
"application usage graphs", DES library for Solaris and Xinu
Graduate Assistant for Operating Systems and Distributed
Operating Systems. Projects included development of a firewalling IP router
for the Xinu OS, ELF loader for Xinu, QoS based CPU scheduling, Transparent
Services Computing
|
| 05/94-06/96 |
Research Assistant, Indian Institute of Management, Ahmedabad
Responsibilities included Network Administration and Security,
Webmaster, assisting in corporate training programmes, implementing
anti-virus policies on networks. |
03/96-07/96,
11/94-02/95 |
Senior Faculty Member, Tata Unisys Ltd. Education
Centre, Ahmedabad.
Primary responsibilities included teaching Unix
and C Programming under Unix, network administration and training course
design. |
Honours/
Activities |
Member of the Association of Computing Machinery (ACM).
Founding member of the IEEE Gujarat University Students' Branch.
Linux and Mac OS X enthusiast. |
| Publications |
Web Hacking: Attacks and Defense, published by Addison Wesley.
" Whether its petty defacing or full-scale cyber-robbery, hackers are
moving to the web along with everyone else. In this highly anticipated new
book, security experts Stuart McClure co-author of Hacking Exposed, Saumil
Shah, and Shreeraj Shah uncover the latest web attacks and defenses. "
Published: August 2002.
http://www.aw.com/catalog/academic/product/1,4096,0201761769,00.html
|
|
The Anti-Virus Book,
published by the Tata McGraw-Hill Publishing
Co. Ltd., India. The book focusses on how to write anti-virus
programs and implement anti-virus strategies for small to large
computer installations. Published: December 1996. |
|
CNET Security Issues,
Contributor to the "Security Issues" column on CNET.com
since August, 2000.
http://builder.cnet.com
|
Speaking
Engagements |
CNET eDevCon 2000: "Hacking Exposed: Ecommerce - Live!"
BlackHat: Talks on "Web Hacking" (Las Vegas 2000),
"Hacking Exposed: Ecommerce" (Asia 2001),
"One-Way Hacking - The Futility of Firewalls" (Amsterdam 2001),
"Top 10 Web Attacks" (Asia 2002)
"HTTP Fingerprinting and Advanced Assessment Techniques"
(Seattle 2003, Las Vegas 2003)
RSA 2002: "Architectural Vulnerabilities with Java Application
Servers"
InfoSecurity Malaysia: "Keynote: Reading the Mind of a
Hacker" (2001), "Experiences in Intrusion Detection" (2001),
"Threats and Countermeasures for Java Application Servers" (2002),
"Top 10 Web Attacks" (2002)
HACK, Kuala Lumpur 2002: "One-Way Web Hacking"
CIT, Ahmedabad 2002: "Security Trends for 2003"
|
References
|
Available upon request. |
|