Difference between revisions of "User:Dinis.cruz"

From OWASP
Jump to: navigation, search
Line 3: Line 3:
 
To see my wiki contributions, [[:Special:Contributions/Dinis.cruz|click here]].
 
To see my wiki contributions, [[:Special:Contributions/Dinis.cruz|click here]].
  
<h2>DINIS NOTE (in Nov 09) - This info is quite out-of-date. If you need this information please contact me directly</h2>
+
== Current OWASP Involvement ==
  
== Chief Owasp Evangelist ==
+
I am currently involved in a number of OWASP areas:
  
After much internal debate I decided to agree with Jeff's idea for my official OWASP title: Chief OWASP Evangelist.
+
* leader of the OWASP O2 Platform
 +
* participant of the OWASP Projects Committee
 +
* chair of the OWASP Connections Committee
 +
* member of the OWASP Board Member
  
I don't like the religious connotations of that title, but technology evangelism does have a somewhat different meaning, and looking at the other 'technical evangelists' out there (and in the past) I do feel that I am following the footsteps of giants :).
+
== Past OWASP involvement ==
  
I would like to offer my services to you (OWASP member or OWASP user) as a point of contact for OWASP related activities. One of my main objectives is to maximize the potential of OWASP and its community, so anything that I can do to help, just let me know.
+
* leader of the OWASP [[London]] chapter (2006/2007) - but have passed the leadership to Ivan from ModSecurity, who passed it to Justin.  
 
+
* leader of the OWASP .NET Project
A couple objectives for me:
+
* main developer of a number of OWASP .NET tools
 
+
* Promote OWASP to OWASP (the reality is that most of us have no idea of what projects there are at OWASP and what they have already created / delivered (see for example the list of current projects https://www.owasp.org/index.php/Category:OWASP_Project))
+
* Promote collaboration and integration between OWASP projects (there are tons of potential synergies between OWASP projects out there)
+
* Promote OWASP to the world, and let them know the great stuff that we are doing
+
* Work with the OWASP chapters, so that what happens locally is exposed to the rest of us (I also would like to see collaboration between chapters, and the re-use of its  materials)
+
* Review the current OWASP tools and content and work with its creators to make it even better
+
* Follow the final stages of the "OWASP Autumn of Code"  sponsorships https://www.owasp.org/index.php/OWASP_Autumn_of_Code_2006_-_Selection and start working on the OWASP Spring of Code :)
+
* Increase OWASP membership numbers
+
 
+
So remember, I am here to help and if I don't respond to your email in a couple days, just keep resending it until you get an answer (my inbox sometimes behaves like a black hole:  "the email goes in and never returns" :) )
+
 
+
 
+
== OWASP Chapters ==
+
 
+
I used to be the leader of the OWASP [[London]] chapter (2006/2007), but have passed the leadership to Ivan from ModSecurity. These days I spend my energy in organizing events like the [[OWASP Day]]
+
  
 
== Short CV ==
 
== Short CV ==
  
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET Application Security, Active Directory deployments, Application Security audits and .NET Security Curriculum Development.
+
Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
  
Since the 1.1 release of the .Net Framework, Dinis has been one of the strongest proponents of the need to write .Net applications that can be executed in secure Partially Trusted .Net environments, and has done extensive research on: Rooting the CLR, exposing the dangers of Full Trust Asp.Net Code, Type Confusion vulnerabilities in Full Trust (i.e. non verifiable) code, creating .Net Security Protection Layers and using Reflection to dynamically manipulate .Net Client applications.
+
For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he  worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.
  
Dinis is the current [[http://www.owasp.org/index.php/Category:OWASP_.NET_Project Owasp .Net Project]] and [[http://www.owasp.org/index.php/OWASP_Autumn_Of_Code_2006 OWASP Autumn of Code]] project's leader and the main developer of several of OWASP .Net tools ([[http://www.owasp.org/index.php/SAM%27SHE SAM'SHE]], [[http://www.owasp.org/index.php/ANBS ANBS]], [[http://www.owasp.org/index.php/Owasp_SiteGenerator SiteGenerator]], Owasp Report Generator, [[http://www.owasp.org/index.php/ASP.NET_Reflector Asp.Net Reflector]]).
+
Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers.
  
Dinis is a active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG . His latest course is the two day training course [[http://www.blackhat.com/html/bh-usa-06/train-bh-us-06-io-net.html Advanced Asp.Net Exploits and Countermeasures], which was delivered at the Black Hat 2006 conference and will be presented on the fortcomming [[http://www.owasp.org/index.php/Category:OWASP_AppSec_Conference OWASP AppSec Conference]] in Seattle.
+
Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences
  
 +
At OWASP, Dinis is the leader of the OWASP O2 Platform, member of the OWASP Projects Committee, chair of the OWASP Connections Committee and member of the OWASP Board
  
 
== Security vulnerability research==
 
== Security vulnerability research==

Revision as of 08:16, 5 February 2010

Hello, Welcome to my page where you can find more details about who I am and what I do at OWASP. You can contact me on dinis.cruz at owasp.net or dinis at ddplus.net

To see my wiki contributions, click here.

Current OWASP Involvement

I am currently involved in a number of OWASP areas:

  • leader of the OWASP O2 Platform
  • participant of the OWASP Projects Committee
  • chair of the OWASP Connections Committee
  • member of the OWASP Board Member

Past OWASP involvement

  • leader of the OWASP London chapter (2006/2007) - but have passed the leadership to Ivan from ModSecurity, who passed it to Justin.
  • leader of the OWASP .NET Project
  • main developer of a number of OWASP .NET tools

Short CV

Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.

Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers.

Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences

At OWASP, Dinis is the leader of the OWASP O2 Platform, member of the OWASP Projects Committee, chair of the OWASP Connections Committee and member of the OWASP Board

Security vulnerability research

Interviews & Media quotes

Videos

Working pages

This is more a reference for me (Dinis) but feel free to look around