About the Authors

Bryan Sullivan is a security researcher at Adobe Systems, where he focuses on web and cloud security issues. He was previously a program manager on the Microsoft Security Development Lifecycle team and a development manager at HP, where he helped to design HP’s vulnerability scanning tools, WebInspect and DevInspect.

Bryan spends his time in Seattle, Washington, where he enjoys all of the perks of living in the Pacific Northwest: the excellent coffee, the abundant bicycle lanes, the superb Cabernet Sauvignon. Bryan lives with his wife, Amy, their cat, Tigger, and an as-yet-unnamed new bundle of joy who will be joining the family sometime around February 14, 2012.

Vincent Liu is a Managing Partner at Stach & Liu, a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before founding Stach & Liu, Vincent led the Attack & Penetration and Reverse Engineering teams for the Global Security unit at Honeywell International. Prior to that, he was a consultant with the Ernst & Young Advanced Security Centers and an analyst at the National Security Agency.

Vincent is a sought-after speaker and has presented his research at conferences including BlackHat, ToorCon, InfoSec World, SANS, and Microsoft BlueHat. He has coauthored several books including Hacking Exposed Wireless first and second editions, and Hacking Exposed Web Applications, Third Edition. Vincent holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology.

About the Technical Editor

Michael Howard is a principal cybersecurity architect in the Public Sector Services group. Prior to that, he was a principal security program manager on the Trustworthy Computing (TwC) Group’s Security Engineering team at Microsoft, where he was responsible for managing secure design, programming, and testing techniques across the company.

Howard is an editor of IEEE Security & Privacy, a frequent speaker at security-related conferences, and he regularly publishes articles on secure coding and design. Howard is the coauthor of six security books, including the award-winning Writing Secure Code, 19 Deadly Sins of Software Security, The Security Development Lifecycle, Writing Secure Code for Windows Vista, and his most recent release, 24 Deadly Sins of Software Security.