Amichai Shulman, CTO and founder of Imperva, heads Imperva’s Application Defense Center (ADC), a research arm of the company devoted to building “the most advanced … security knowledge base in the world.”
A tall order, but Shulman has the background for it. Prior to founding Imperva, he was CTO at Edvice, an application-and-database security consultancy. Before that he served in various command-and-control positions in the Israeli Defense Forces for projects related to information security.
Shulman says there are many good public research organizations for Web servers and Web security, but far fewer for database security. He also says his most current research has uncovered an entirely new area of database vulnerability, in which ordinary users can turn themselves into database administrators without a valid set of credentials.
The task of ADC is to reproduce such vulnerabilities and then inform vendors, giving them all the background information they need to plug the holes. Imperva claims that in the last year, Shulman’s work has likely prevented major breaches of Oracle and SQL Server databases.
Shulman notes that “critical vulnerabilities” exist in all — not some — commercial database servers. Vendors and customers alike should be grateful for his efforts.