User:Achim

Hello and welcome to my user page at OWASP.org. You'll find some details about my public work and things related to web application security here. My OWASP wiki contributions here.

You can reach me mailto: achim (at) owasp -dot- org, or check some popular social networks (i.e. [linkedin]) ...

"some" Security ..
It's difficult to describe my knowledge in the security world without being subjective, hence replace some by whatever your feel happy with. The official title on the v-card will be principal consultant, which means something too.

(Short) CV
I'm doing software development since early '80s, used to networking all the time, and focused on web application security starting this millenium. Meanwhile I've seen coming, have evaluated, have configured and used, and have seen disappearing a lot of WAFs and web application security scanners. Founded sic[!]sec GmbH in 2010.

OWASP Activities

 * Helping some Task Forces like Wiki Cleanup (in process)
 * Helping in OWASP Top 10 für Entwickler (2013)
 * Co-organize the AppSec Europe Research 2013 conference in Hamburg.
 * Co-organized the German OWASP Day 2011 and German OWASP Day 2012 in München.
 * Administrating mail and mailing list for owasp.org (since 2012), see also About Mailman at OWASP
 * I've participated at the OWASP EU Summit 2008 in Faro and OWASP Summit 2011 in Lisboa.
 * Participating in the German Chapter, German Chapter Board Member
 * Project leader, maintainer, developer of O-Saft OWASP - SSL audit for testers Project
 * Project leader, maintainer, developer of OWASP EnDe Project
 * Reviewer on some other OWASP projects (SoC 2008)
 * CAL9000 (added some en-/decoding and request/response functionality; 2006)

OWASP Papers

 * Best Practices: Web Application Firewalls (WAF)
 * Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen
 * [[Media:Pentestvorbereitung_Sitemapping.pdf|Pentestvorbereitung: Sitemapping]]

Public Papers / Work

 * WAFEC 2.0 - Web Application Firewall Evaluation Criteria (contributor, 2011/2012/2013)
 * Best Practices: Virtual Patching (co-author, OWASP Summit 2011)
 * HTTP State Management Mechanism RFC 6265 (Cookie) (contributor 2009/2010/2011)
 * [[Media:OWASP-Projektierung der Sicherheitspr%C3%BCfung von Webanwendungen v101.de.pdf|Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen]] (author 2009)
 * Web Application Security Threat Classification v2 (contributor 2008/2009/2010)
 * [[Media:Best Practices Guide WAF.pdf|Best Practices: Einsatz von Web Application Firewalls]] (co-author, 2008)
 * Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices (author, 2005/2006)


 * Web Application Firewall Evaluation Criteria (contributor, 2005)
 * Web Application Security Threat Classification v1 (contributor and German translation, 2004/2005)

Mach es so einfach wie möglich, aber nicht einfacher Things should be made as simple as possible, but no simpler(Einstein) KISS - keep it simple secure