User:EPaul

I'm a senior software developer for (company internal) web applications at Zalando, but not a security specialist in any means.

I was moderator for Cryptography Stack Exchange for almost 4 years (Aug 2011 – June 2015), picking up some cryptography knowledge then. (https://crypto.meta.stackexchange.com/questions/80/moderator-pro-tem-announcement)

I just wanted to correct some mistakes in the website I noted, not write a full biography here. For example, the Java class name validation regex in https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository is not just vulnerable to regex DOS attacks (as noted on https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS#Examples and in Wikipedia), but also simply wrong, and fixing the wrongness (escaping the dot) also fixes the evilness of the regex.