Are you looking to have your application properly secured by an experienced professional? Contact us today for a free private consultation. We specialize in web application security, mobile security, and also offer general consultation services. Click here for more information regarding all of our security services.

About GulfTech

GulfTech Research and Development was created in early 2002 after I moved to the Mississippi Gulf Coast in order to be closer to family, who were inevitably growing older. Frustrated with the lack of I.T. Security related research in the Mississippi Gulf Coast area, I decided to create GulfTech as both a means to pay the bills, as well as an outlet for my independent security research. Over the years I have discovered hundreds of bugs in various software titles under both my real name, as well as my old "screen name" JeiAr. In addition to my public research, I have also been fortunate enough to have the opportunity to work professionally with many talented names in web application software such as vBulletin, Kayako, IP.Board, Interspire, MyBB, CubeCart, Iono, Gallery 2, and many more.

 

About James

I first became interested in I.T. security after working as a web developer in the late 90's. Since then I have had experience in most aspects of I.T. Security, but overall I prefer working with web applications in regards to both a security and development. Web applications are so much more interesting today than they were 10 years ago. Simple procedural code, and compiled CGI binaries have since become replaced with elegant OOP frameworks, and MVC based applications. As a result web application security keeps getting more interesting as time goes on, and as these applications become increasingly complex, they become exponentially interesting from a security point of view. In addition to I.T. security, I am very interested in general knowledge, mathematics, science, history, writing, and music. I have been playing guitar off and on for about 25 years, and have a small but effective home studio that consists of ProTools, AT2020, Axiom 49, and many stringed instruments. Currently I am working on a project called "Cold Barrel Shot", and have several rough demos available from the upcoming album hosted at reverbnation.

 

https://www.linkedin.com/in/jamesbercegay/

 

References

Over the years I have been fortunate enough to have my work referenced in one way or another in many different places. Below is a collection of these links that I have collected with the help of others. If you know of something that you think should be on this list but isn't, please contact me.

 

The Art of Security Software Assessment
https://books.google.com/books?id=t2yA8vtfxDsC&pg=PT1298

BOINC: Project credits
http://boinc.berkeley.edu/trac/wiki/ProjectPeople

PHP Web Application Security: A Zero-Day Exploit Case Study
http://mwtechjournal.com/modules.php?name=News&file=article&sid=382

PHP Blogging Apps Vulnerable to XML-RPC Exploits
http://news.netcraft.com/archives/2005/07/04/php_blogging_apps_vulnerable_to_xmlrpc_exploits.html

Yet More Security Vulnerabilities Found In Pligg V9.9.0
http://socialcmsbuzz.com/yet-more-security-vulnerabilities-found-in-pligg-v990-31072008/

Fixes for ReviewPost, PhotoPost
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1042144,00.html

Hackers Targeting Mambo Security Holes
http://news.netcraft.com/archives/2006/03/10/hackers_targeting_mambo_security_holes.html

Google hacking for penetration testers
http://books.google.com/books?id=XKgRELiphAcC

Top-10 Vulnerability Discoverers of All Time
http://blogs.iss.net/archive/2008Top10VulnResearc.html

Top vulnerability researcher?
http://blog.osvdb.org/2008/05/24/top-vulnerability-researcher

Five common Web application vulnerabilities
http://www.symantec.com/connect/articles/five-common-web-application-vulnerabilities

Tips That Every PHP Developer Should NOT Know
http://blog.php-security.org/archives/5-Tips-That-Every-PHP-Developer-Should-NOT-Know.html

The Google Hackers Guide v1.0
http://www.scribd.com/doc/25713/The-Google-Hackers-Guide-v1-0

Looking at picture installs spyware and virusess
http://www.tech-recipes.com/rx/690/jpeg-jpg-exploit-looking-at-picture-installs-spyware-and-viruses/

PHP Apps: A Growing Target for Hackers
http://news.netcraft.com/archives/2006/01/31/php_apps_a_growing_target_for_hackers.html