Getting to Know Our Experts: Erez Metula
Blackhat 2013. Las Vegas, Nevada
Over the last few years AppSec Labs has been building a strong reputation for excellence in the field of Application Security. We offer services including penetration testing and full code review. As we’ve grown we’ve increased our experience, branching from pen-testing to in-company application security training and e-learning. We’ve developed a product line in e-learning which we are selling world-wide, and we’re expanding our market.
So, it’s about time that we show you who we are and what motivates us to do what we do. This will be the start to a few blog interviews letting you (our community) get to know us (your community) BETTER. We hope you enjoy hearing more about us and we look forward to hearing more from you.
Keep in touch with us via Twitter, Facebook, and YouTube!
@AppSecLabs
https://www.facebook.com/AppsecLabs
https://www.youtube.com/user/AppSecLabs/videos
Author: Jessie A. Pincus, International Sales Director and Academic Director, AppSec Labs
Getting to Know our Experts:
Erez Metula, Application Security Expert, Founder of AppSec Labs
Jessie Asks: How did you originally get into the field of Cyber Security?
Erez Answers: I started coding at the age of 12. I was very interested in the subject of gaming and I got frustrated when I had to bypass stages in order to continue. So, I wondered how I could do it and I thus got into hacking and patching. Once I learned more I understood that it was all about coding. In order to do it properly I needed to be a developer, so I started learning Computer Science.
Jessie Asks: What aspect of the field of Cyber Security initially grabbed your attention and made you say “I want to work in that field.”?
Erez Answers: I was fascinated by new vulnerabilities and ways to exploit them.
Jessie Asks: What professional contribution do you hope to add to the field with your work? Do you have long-range goals for contribution?
Erez Answers: I really enjoy teaching people how to properly write secure code, investigate new discoveries, find new vulnerabilities, and figuring out how to demonstrate them to other people. It’s not a trivial subject since the reconstruction of the entire scenario and the building of the proof-of-concept can be very intricate.
Cyber Security Trends:
Jessie Asks: What are you focusing your attention and activities on this month?
Erez Answers: I’m focusing on Android Security as a whole. I’m creating new, updated content for our ongoing training courses based on what’s happening now in the field. I’m constantly constructing and improving our AppUse Android penetration testing platform and tools.
Jessie Asks: What are the recent research topics and interesting findings that have caught your eye this month?
Erez Answers: I learned a lot of new things about android internals lately. It’s really cool. Regarding interesting findings, I guess the router backdoors found in many network devices, the fact the devices come with built-in hidden surveillance capabilities, and the whole espionage fiasco between the USA and other nations made me start to think that everyone is eavesdropping on everyone these days. There are no secrets anymore.
Jessie Asks: What are some new changes you’ve seen in the field of cyber and application security over the last year?
Erez Answers: I’ve noticed that developers are more aware of the overall challenge. They understand the importance, the basic vulnerabilities, and the countermeasures needed. They are getting more involved in more advanced topics now. Management of the companies has become more focused and important.
Jessie Asks: As of this month, what do you think is the top threat worth solving, and why?
Erez Answers: I think the main threat is the fact that there is so much personal information out there and available. Most people don’t know what’s going on with that personal information, what happens to it when it’s sent back to the servers, and what those collection companies are doing with it. The threat is real and it’s being take advantage of on a daily basis. The fact that there are still so many people who still don’t pay attention or are aware of the state we’re in, is the major threat.
Jessie Asks: Where do you think researchers should focus their attention overall in the field of Cyber Security for the next 3 months? Why?
Erez Answers: I guess that field would be mobile application security. As mobile computing is new, we as security experts know less about this in comparison to “traditional” applications such as web apps, desktop apps, etc. Mobile apps are riskier than web apps (their server side contains all the vulnerabilities in a similar manner as other web apps PLUS additional client side vulnerabilities related to mobile apps).
That’s all for now! Tune in next week to read the latest installment in our feature blog series, “Getting to Know the Experts.”
Have a productive week!
“developers are more aware of the overall challenge. They understand the importance, the basic vulnerabilities, and the countermeasures needed.”
It’s good that developers are getting on the security train sooner rather than later. Addressing security issues during the development cycle, as opposed to after the project is done saves on time (in the long run) and makes it easier to close loopholes.