Mike Boberski literally wrote the book on performing application security assessments!
Mike is the project lead and a co-author of the application security assessment industry’s first internationally-recognized standard for performing application security assessments. The standard is called the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS). The OWASP ASVS standard can be downloaded from its OWASP project page at: http://www.owasp.org/index.php/ASVS His expertise is built upon a foundation of National Security Agency (NSA), National Institute of Standards and Technology (NIST), and Department of Defense (DoD) security testing programs:
- NSA Trust Technology Assessment Program (TTAP)
- NSA CCEVS (Common Criteria Evaluation and Validation Scheme) Common Criteria (CC) program
- NIST Cryptographic Module Validation Program/ Cryptographic Algorithm Validation Program (CMVP/CAVP) FIPS 140-1 program
- NIST CMVP/CAVP FIPS 140-2 program
- DoD Joint Interoperability Test Command (JITC) Public Key-Enabled (PKE) Application Testing programs.
Mr. Boberski’s authoring of the first application security assessment standard is one accomplishment among many “firsts”. He designed and built X.509v3 certificate creation and parsing libraries before Java Cryptography Extension (JCE) existed, after first building underlying Basic Encoding Rules (BER), Distinguished Encoding Rules (DER), and Abstract Syntax Notation One (ASN.1) libraries. He led the team that created the first commercial release of the United States Postal Service (USPS) Electronic Postmark (EPM) server. He ran one of the first commercial trusted product laboratories accredited by the NSA. He has a patented invention, Patent # 7,321,969, Secure Instant Messaging System. He wrote the first (and only) technical reference book on developing Common Criteria (CC) design evidence ISBN 1-59872-599-8, "EAL2 Design Pocket Reference".
Last revised 02/16/2009