Interview with Kishor
Article written by .mario
Today we talk to Kishor Datar. He joined the PHPIDS Team pretty early and since then provided great help on improving the filter rules, writing tools to test the quality of the PHPIDS.
Kishor is well known in the webappsec scene and maintains an interesting blog about security in general. He is furthermore the author of the XSS in eXceSS tool which is a number one reference for developers who want to get in touch with XSS.
Q: Please tell us a little bit about yourself
A: Shorter version of my name is Kishor Datar. I am a Masters student at University of Maryland Baltimore County. Well I just have about two years of experience in software industry. I know (rather knew) Indian Classical Music a little bit. And I try to learn guitar on my own.
Q: how did you get involved in webappsec
A: I had developed a web app firewall as my undergrad project. It was based on regexes like PHPIDS is. But it wasn’t perfect if I may say. In fact I knew nothing about XSS back then. So we had very simple rules that blocked script tags and some more things. Also since we built the proxy ourselves, we didn’t handle most of the other things like encoding etc. Then I worked with a company that built web security scanner for two years. There I learned more about web security. About one year back I started blogging. So I am relatively new to web app sec.
Q: what color is your hat usually and why
A: White hat. Unless the issue is very trivial I don’t like to go for full disclosure.
Q: where do you see webappsec in let’s say 5 years
A: After five years, collaboration between web apps will increase further. They will become more and more flexible. Therefore security will be an important goal in web app development cycle. And therefore web app sec will also maintain its importance.
Q: what do you think of the PHPIDS and related projects
A: Since the time I started blogging and getting involved in web sec community, I have seen people talking about only the problems (IMO). They either talked about how to exploit something or tools that found security holes for you. They rarely talked about the solutions. PHPIDS I feel is different than these projects. Because it actually produced something useful. I personally learned a lot from it. And I enjoyed decoding the complex vectors that others developed. And the time they take to fix a vector is how much? Just 15 mins? Thats really impressive.
Q: Thanks a lot for the interview!
This entry was posted
on Saturday, September 15th, 2007 at 4:46 pm and is filed under PHPIDS.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
