User:Dinis.cruz

Hello, Welcome to my page where you can find more details about who I am and what I do at OWASP. You can contact me on dinis.cruz at owasp.net or dinis at ddplus.net

To see my wiki contributions, click here.

DINIS NOTE (in Nov 09) - This info is quite out-of-date. If you need this information please contact me directly

Chief Owasp Evangelist
After much internal debate I decided to agree with Jeff's idea for my official OWASP title: Chief OWASP Evangelist.

I don't like the religious connotations of that title, but technology evangelism does have a somewhat different meaning, and looking at the other 'technical evangelists' out there (and in the past) I do feel that I am following the footsteps of giants :).

I would like to offer my services to you (OWASP member or OWASP user) as a point of contact for OWASP related activities. One of my main objectives is to maximize the potential of OWASP and its community, so anything that I can do to help, just let me know.

A couple objectives for me:


 * Promote OWASP to OWASP (the reality is that most of us have no idea of what projects there are at OWASP and what they have already created / delivered (see for example the list of current projects https://www.owasp.org/index.php/Category:OWASP_Project))
 * Promote collaboration and integration between OWASP projects (there are tons of potential synergies between OWASP projects out there)
 * Promote OWASP to the world, and let them know the great stuff that we are doing
 * Work with the OWASP chapters, so that what happens locally is exposed to the rest of us (I also would like to see collaboration between chapters, and the re-use of its materials)
 * Review the current OWASP tools and content and work with its creators to make it even better
 * Follow the final stages of the "OWASP Autumn of Code" sponsorships https://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection and start working on the OWASP Spring of Code :)
 * Increase OWASP membership numbers

So remember, I am here to help and if I don't respond to your email in a couple days, just keep resending it until you get an answer (my inbox sometimes behaves like a black hole: "the email goes in and never returns" :) )

OWASP Chapters
I used to be the leader of the OWASP London chapter (2006/2007), but have passed the leadership to Ivan from ModSecurity. These days I spend my energy in organizing events like the OWASP Day

Short CV
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development.

Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications.

Dinis is the current [Owasp .Net Project] and [OWASP Autumn of Code] project's leader and the main developer of several of OWASP .Net tools ([SAM'SHE], [ANBS], [SiteGenerator], Owasp Report Generator, [Asp.Net Reflector]).

Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG. His latest course is the two day training course [Advanced Asp.Net Exploits and Countermeasures, which was delivered at the Black Hat 2006 conference and will be presented on the fortcomming [OWASP AppSec Conference] in Seattle.

Security vulnerability research

 * Microsoft Security Bulletin MS07-040 - Critical

Interviews & Media quotes

 * Asked and Answered: More Secure .NET Development, Redmond Developer News, 24/Oct/07
 * OWASP Preps Framework for Website Security Certification, Dark Reading, 08/Oct/07
 * Security, .NET, and the OWASP Project, Dr.Dobb's Portal , 05/Oct/07
 * Security Laboratory: Thought Leaders in Software Security Series, SANS, 11/Jun/07
 * Reflection on Dinis Cruz, Anurag Agarwal Blog, 02/Jul/07

Videos

 * The Value of Code Scanning, SANS, 24/Aug/07
 * 'Live Demo Of An Web Application Security Review (And Source Code Analysis)', OWASP Turkey Chapter, 31/Jul/07
 * | On OWASP, OWASP Turkey Chapter, 31/Jul/07
 * Dinis Cruz @ BlackHat 2006 with FSTV, 30/Aug/06

Working pages
This is more a reference for me (Dinis) but feel free to look around


 * OWASP .NET Project
 * Members Comments On OWASP membership
 * Dinis Cruz Research - Draft Notes
 * OWASP_Spring_Of_Code_2007
 * OWASP_Winter_Of_Code_2008