PHPIDS - get it!
« PHPIDS 0.4 has finally arrived!
Interview with xorrer »

Interview with Thornmaker

Article written by .mario

Today we are talking to thornmaker. He is relatively new to the group and managed to evade the filter rules several times with JavaScript concatenation vectors - which can be described as very sophisticated and clearly near the edge of readability. You can take a look at his work here and here.

Q: Please tell us a little bit about yourself

A: I am David Lindsay (thornmaker). I am happily employed at Security
Innovation, an application security company based out of Boston, Seattle,
and Amsterdam. While in school I studied pure math (modern algebra, number
theory, topology, and so forth). I am married and became a father 1 year ago
which means a lot of my spare time now is devoted to my little pesky one.
My primary interests right now are web app sec, cryptography, mathematics,
genetics, astronomy, and AI.

Q: How did you get into web technologies and JavaScript

A: After finishing school, I worked in QA for a while testing Java Applications
which is where I became interested in web application security. I have not
had any particular affinity to JavaScript until the last couple of months,
largely thanks to the PHPIDS project.

Q: The hat on your head is usually…

A: …displaying a black and white penguin, with a little bit of yellow on the
beak and feet. Single colored hats are so… bland :)

Q: What’s the biggest current problem in webappsec

A: Not enough companies taking web app sec (or even security in general)
seriously in the first place.

Q: The PHPIDS is a … please complete the sentence

A: …an excellent project and also a good example of why you can’t rely upon
blacklisting to prevent XSS. I actually only started to look at the project
itself a couple of days ago. My primary interest in the project all along
has been in bypassing the filters simply because I find it a difficult and
rewarding challenge. To that end, thank you for your vigilant attention to
keeping the filters updated!

Thanks a lot for the interview!

This entry was posted on Sunday, September 16th, 2007 at 4:57 pm and is filed under PHPIDS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
tag this at del.icio.us tag this at digg.com tag this atreddit.com send via eMail

Leave a Reply