Paid Advertising
web application security lab

My Biography As Told By Anurag

It’s pretty cool to have someone else write about you. There has been so many thing I’ve done over the last 12 years, it’s really hard to keep track of it all. Anurag did a pretty good job of getting a good chunk of my security background out of me. Pretty cool actually. I guess now that my name is out there people are getting to know me a little better (for good or bad, who’s to say?)

Things I didn’t mention in the interview - I’ve worked in banner advertising, I founded EHAP, and I helped invent some of almost everything that’s annoying and wrong with the internet (including spamming tools, delayed popups/popunders, and viral marketing). I’ve got a varied past, but these days I’m sticking with security and SEO - the two things that seem to evolve at the fastest pace on the Internet. Anyway, nothing new here, move along.

13 Responses to “My Biography As Told By Anurag”

  1. Christ1an Says:

    “He is also working on something to certify web application security engineers.”
    What is he pointing at?

  2. RSnake Says:

    He’s not pointing at anything yet, it’s still in the very earliest stages. Why? Are you interested?

  3. Christ1an Says:

    Well I’m interested in the requirements of such a certification, not necessarily because I want to be certified right now (in fact I have not reached that level yet) but it would be interesting to know what it takes today to claim oneself a professional in this field.

    Nice idea though!

  4. nEUrOO Says:

    A certification for web apps security is definitly good and I think we really need that!
    Btw, if there were one (and not the SANS things plz) I would be interested in.

  5. RSnake Says:

    The concept is the CCIE for the web app world. I don’t want another crappy cert out there that no one believes in, and anyone can get as long as they speak the language the test was written in. I want to create something robust, and difficult and comprehensive. Something that you shouldn’t be able to pass in ten minutes of cramming before the test. Something you could only pass if you were in the industry for years. Ah hell, here’s the URL:

    You can see the sample questions for yourself.

  6. nEUrOO Says:

    Well, pretty expensive… Not a thing I can afford alone btw :/

  7. WhiteAcid Says:

    “Section 508 of the American Disabilities Act stipulates that”
    Why would I know this? I don’t live in the US.

    Still.. This has sure provided some reading material.

  8. RSnake Says:

    Hence the term “sample question” rather than “real life pass or fail test question”. ;) But if your company does business internationally you’re screwed if you don’t know it. And primarily I was thinking of a US audience for the test anyway… at least initially until I got it off the ground.

  9. Christ1an Says:

    Expensive indeed. Why would anyone with that knowledge want/have to pay that amount to be able to prove or justify himself?

  10. Jungsonn Says:

    Well, I think that most companies are willing to pay up for such thing.

  11. RSnake Says:

    Christi1an, for the same reason people get the CCIE - it essentially guarantees a $150k per year job.

  12. nEUrOO Says:

    Do usually the company pay for this? (yup, i’m new on the job market)

  13. RSnake Says:

    If it is well respected, yes, the company you work for will often pay for it, especially if they can tell their customers that they have a IISWA certified employee.