Difference between revisions of "User:Mike.boberski"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
[[Image:Asvs-releasebug-partial.JPG|300px|right]]
 
[[Image:Asvs-releasebug-partial.JPG|300px|right]]
[mailto:boberski_michael@bah.com Mike Boberski] works at [http://www.boozallen.com Booz Allen Hamilton]. Mr. Boberski, an Associate in the firm, is an expert in application security and the use of cryptography by applications. He is the project lead and a co-author of the application security assessment industry’s first standard for performing application security assessments. The standard is called the [http://www.owasp.org/index.php/ASVS Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS)]. Mr. Boberski has a background in trusted product evaluation and Public Key Infrastructure (PKI) software development and integration. Experience in security-related testing programs includes the National Security Agency (NSA) Trust Technology Assessment Program (TTAP), NSA CCEVS (Common Criteria Evaluation and Validation Scheme) Common Criteria (CC) program, National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program/ Cryptographic Algorithm Validation Program (CMVP/CAVP) FIPS 140-1 program, NIST CMVP/CAVP FIPS 140-2 program, and the Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs. Experience in PKI software development and integration includes Public Key-Enabling applications. Mr. Boberski worked in professional service and R&D development groups on the Entrust Authority, Entrust Entelligence, Entrust GetAccess, and Entrust TruePass product lines. Of particular note, Mr. Boberski ran the development team that built, integrated, and maintained the USPS Electronic Postmark (EPM) when it was a server application-based offering, before it was turned into a hosted service. He has experience managing trusted product evaluation testing labs,  professional service software development groups, and professional service software deployment groups. Publications include a technical pocket reference book called “EAL2 Design Pocket Reference” on the topic of developing CC design evidence. Patents include Patent # 7,321,969, Secure Instant Messaging System.
 
  
 +
[mailto:boberski_michael@bah.com Mike Boberski] literally wrote the book on performing application security assessments!
 +
 +
 +
Mike is the project lead and a co-author of the application security assessment industry’s first internationally-recognized standard for performing application security assessments. The standard is called the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). The OWASP ASVS standard can be downloaded from its OWASP project page at: http://www.owasp.org/index.php/ASVS
 +
His expertise is built upon a foundation of National Security Agency (NSA), National Institute of Standards and Technology (NIST), and Department of Defense (DoD) security testing programs:
 +
 
 +
 
 +
*NSA Trust Technology Assessment Program (TTAP)
 +
*NSA CCEVS (Common Criteria Evaluation and Validation Scheme) Common Criteria (CC) program
 +
*NIST Cryptographic Module Validation Program/ Cryptographic Algorithm Validation Program (CMVP/CAVP) FIPS 140-1 program
 +
*NIST CMVP/CAVP FIPS 140-2 program
 +
*DoD Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs.
 +
 
 +
 
 +
Mr. Boberski’s authoring of the first application security assessment standard is one accomplishment among many “firsts”. He designed and built X.509v3 certificate creation and parsing libraries before Java Cryptography Extension (JCE) existed, after first building underlying Basic Encoding Rules (BER), Distinguished Encoding Rules (DER), and Abstract Syntax Notation One (ASN.1) libraries. He led the team that created the first commercial release of the United States Postal Service (USPS) Electronic Postmark (EPM) server. He ran one of the first commercial trusted product laboratories accredited by the NSA. He has a patented invention, Patent # 7,321,969, Secure Instant Messaging System. He wrote the first (and only) technical reference book on developing Common Criteria (CC) design evidence ISBN 1-59872-599-8, "EAL2 Design Pocket Reference".
 +
 
 +
 
 
''Last revised {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''
 
''Last revised {{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''

Revision as of 15:11, 16 February 2009

Asvs-releasebug-partial.JPG

Mike Boberski literally wrote the book on performing application security assessments!


Mike is the project lead and a co-author of the application security assessment industry’s first internationally-recognized standard for performing application security assessments. The standard is called the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). The OWASP ASVS standard can be downloaded from its OWASP project page at: http://www.owasp.org/index.php/ASVS His expertise is built upon a foundation of National Security Agency (NSA), National Institute of Standards and Technology (NIST), and Department of Defense (DoD) security testing programs:


  • NSA Trust Technology Assessment Program (TTAP)
  • NSA CCEVS (Common Criteria Evaluation and Validation Scheme) Common Criteria (CC) program
  • NIST Cryptographic Module Validation Program/ Cryptographic Algorithm Validation Program (CMVP/CAVP) FIPS 140-1 program
  • NIST CMVP/CAVP FIPS 140-2 program
  • DoD Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs.


Mr. Boberski’s authoring of the first application security assessment standard is one accomplishment among many “firsts”. He designed and built X.509v3 certificate creation and parsing libraries before Java Cryptography Extension (JCE) existed, after first building underlying Basic Encoding Rules (BER), Distinguished Encoding Rules (DER), and Abstract Syntax Notation One (ASN.1) libraries. He led the team that created the first commercial release of the United States Postal Service (USPS) Electronic Postmark (EPM) server. He ran one of the first commercial trusted product laboratories accredited by the NSA. He has a patented invention, Patent # 7,321,969, Secure Instant Messaging System. He wrote the first (and only) technical reference book on developing Common Criteria (CC) design evidence ISBN 1-59872-599-8, "EAL2 Design Pocket Reference".


Last revised 02/16/2009