OWASP Israel 2008 Conference Amichai Shulman
Web Application Security and Search Engines
Google Hacking represents a growing threat to Web applications and the enterprises who own them. However, Google Hacking is not the only danger posed to Web applications by search engines. In recent years, multiple attack techniques have been devised to abuse the power of search engines. These include automated Google Hacking, Google Worms (such as the recent mass SQL Injection incidents), malware distribution, site masking and techniques for using search engines as an attack bot (Search of Death). This session will discuss and demonstrate various search engine attack techniques and how to mitigate them
Amichai Shulman is co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva's internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Mr. Shulman's expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.