Revision as of 17:56, 30 June 2011 by Cmlh (talk | contribs) (Added SlideShare/cmlh URL)

Jump to: navigation, search


In relation to OWASP matters, Christian Heinrich can be reached at

For matters not related to OWASP or as an Out of Band Communications Channel to his e-mail address, Christian Heinrich has listed multiple points of contact at


Christian Heinrich has a Public Profile on LinkedIn at

Contributions to OWASP

Christian Heinrich's edits to the OWASP wiki are listed at: Special:Contributions/Cmlh.

OWASP Projects

Christian Heinrich is the Leader of the OWASP PCI Project having previously lead the OWASP "Google Hacking" Project i.e. "Download Indexed Cache" and has contributed to the "Spiders/Robots/Crawlers" and "Search Engine Reconnaissance" sections of the OWASP Testing Guide v3 and more recently contributed to the development of the OWASP ESAPI Java WAF, Top Ten, OpenSAMM and Application Security Verification Standard (ASVS) Projects.

OWASP Presentations

Christian Heinrich has presented at OWASP Conferences in USA, Australia and Europe and OWASP Chapters in:

  • the Netherlands and;
  • London, UK and;
  • Sydney and Melbourne, Australia.

Videos of these presentations are available from Google and associated slides are available from

OWASP Board Candidate


While the candidates are either from USA or Europe and have contributed significantly to OWASP, I would like to highlight the many contributions made by Canada, EMEA and Asia Pacific, Central (America) and South America.



I believe that during the term of a Board Member that they should disassociate themselves from leadership position of their Chapters and Projects of OWASP with the option to contribute during their term but not in a leadership capacity.

I also believe that funding for Board Members to travel should not be approved.


I believe that Project Leaders should be able to determine their own level of quality which the consumer can measure based on published peer review. As expected, those who require funding from OWASP to market their project or increase its quality should be subject to project management.

I believe that those who contribute to an OWASP Project should be credited as such irrespective of their employer.

Significant Experience

I have founded a number of groups in Australia, including Snort User Group and Australian Information Security Association with over 1000 members within Australia.

I also initiated the OWASP relationship with Mozilla during Hack in the Box Amsterdam in 2010.

Commercial Independence

I am not associated with any vendor and/or consultancy and therefore my agenda is *not* to exploit OWASP for commercial gain.