Difference between revisions of "User:Dinis.cruz"

From OWASP
Jump to: navigation, search
(Current OWASP Involvement)
(10 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
To see my wiki contributions, [[:Special:Contributions/Dinis.cruz|click here]].
 
To see my wiki contributions, [[:Special:Contributions/Dinis.cruz|click here]].
  
 +
My most updated [http://uk.linkedin.com/in/diniscruz CV is at LinkedIn] and here is the [http://dl.dropbox.com/u/12988346/Personal/Dinis%20Cruz%20%28CV%20-%20October%202010%29.pdf PDF version]
 +
 
== Current OWASP Involvement ==
 
== Current OWASP Involvement ==
  
 
I am currently involved in a number of OWASP areas:
 
I am currently involved in a number of OWASP areas:
  
* leader of the [[OWASP O2 Platform]]
+
* leader of the [[OWASP O2 Platform]] project
 +
* published the [[Summit_2011/Open_letter_to_WebAppSec_Tool_and_Services_vendors:_Release_your_schemas_and_allow_automation | Open letter to WebAppSec Tool and Services vendors: Release your schemas and allow automation]]
 +
 
 +
== Past OWASP involvement ==
 
* participant of the OWASP [[Global Projects Committee]]
 
* participant of the OWASP [[Global Projects Committee]]
 
* chair of the [[OWASP Connections Committee]]
 
* chair of the [[OWASP Connections Committee]]
* member of the [[About_The_Open_Web_Application_Security_Project#Global_Board_Members|OWASP Board]] Member
+
* member of the [[About_The_Open_Web_Application_Security_Project#Global_Board_Members|OWASP Board]]
 
+
* Organized the [[OWASP Summit 2011]] in Portugal
== Past OWASP involvement ==
+
 
+
 
* leader of the OWASP [[London]] chapter (2006/2007) - but have passed the leadership to Ivan from ModSecurity, who passed it to Justin.  
 
* leader of the OWASP [[London]] chapter (2006/2007) - but have passed the leadership to Ivan from ModSecurity, who passed it to Justin.  
 
* leader of the OWASP .NET Project
 
* leader of the OWASP .NET Project
 
* main developer of a number of OWASP .NET tools
 
* main developer of a number of OWASP .NET tools
 +
* helped to organize the [[OWASP EU Summit 2008]] in Portugal
 +
* helped to organize the past OWASP Sponsorship programs:
 +
** [[OWASP Season of Code 2009]]
 +
** [[OWASP Summer of Code 2008]]
 +
** [[OWASP Spring Of Code 2007]]
 +
** [[OWASP Autumn Of Code 2006]]
  
== Short CV ==
+
== CV ==
 
+
 
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
 
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
  
For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he  worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.
+
For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the [[OWASP O2 Platform]] which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers). 
  
Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers.
+
Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM), performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.
  
Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG  (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences
+
Dinis is an active trainer on .Net security, having written and delivered courses for Ounce Labs, IOActive, Foundstone, Intense School and KPMG  (at multiple locations including BlackHat). Dinis has also delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences.
  
At OWASP, Dinis is the leader of the OWASP O2 Platform, member of the OWASP Projects Committee, chair of the OWASP Connections Committee and member of the OWASP Board
+
As a security researcher Dinis created a number of innovative tools and research documents, and has responsible disclosed a number of Critical vulnerabilities on Commercial Applications (for example Microsoft's Advisory [http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx MS07-040] on the .NET Framework, or the [http://www.springsource.com/security/spring-mvc Spring MVC Auto-Binding] issue)
 +
 
 +
At OWASP, Dinis is the leader of the [[OWASP O2 Platform]] project, member of the OWASP [[Global Projects Committee]], chair of the [[OWASP Connections Committee]] and member of the OWASP Board (and has been a key driven on a number of major OWASP Initiatives: OWASP Seasons of Code, OWASP Summit 2008 in Portugal, OWASP Community building and OWASP Chapter-lead Training)
  
 
== Security vulnerability research==
 
== Security vulnerability research==
 
*  [http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx Microsoft Security Bulletin MS07-040 - Critical]
 
*  [http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx Microsoft Security Bulletin MS07-040 - Critical]
 
+
*  [http://www.springsource.com/security/spring-mvc Spring MVC Auto-Binding]
 
== Interviews & Media quotes ==
 
== Interviews & Media quotes ==
  

Revision as of 09:32, 17 February 2011

Hello, Welcome to my page where you can find more details about who I am and what I do at OWASP. You can contact me on dinis.cruz at owasp.org or dinis at ddplus.net

To see my wiki contributions, click here.

My most updated CV is at LinkedIn and here is the PDF version

Contents

Current OWASP Involvement

I am currently involved in a number of OWASP areas:

Past OWASP involvement

CV

Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the OWASP O2 Platform which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers).

Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM), performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.

Dinis is an active trainer on .Net security, having written and delivered courses for Ounce Labs, IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat). Dinis has also delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences.

As a security researcher Dinis created a number of innovative tools and research documents, and has responsible disclosed a number of Critical vulnerabilities on Commercial Applications (for example Microsoft's Advisory MS07-040 on the .NET Framework, or the Spring MVC Auto-Binding issue)

At OWASP, Dinis is the leader of the OWASP O2 Platform project, member of the OWASP Global Projects Committee, chair of the OWASP Connections Committee and member of the OWASP Board (and has been a key driven on a number of major OWASP Initiatives: OWASP Seasons of Code, OWASP Summit 2008 in Portugal, OWASP Community building and OWASP Chapter-lead Training)

Security vulnerability research

Interviews & Media quotes

Videos

Working pages

This is more a reference for me (Dinis) but feel free to look around