Mike Boberski wrote the book on performing application security assessments!
Mike is the project lead and a co-author of the application security assessment industry’s first internationally-recognized standard for performing application security assessments. The standard is called the OWASP Application Security Verification Standard (ASVS, for short). Mike's expertise is built upon a foundation of National Security Agency (NSA), National Institute of Standards and Technology (NIST), and Department of Defense (DoD) security testing programs.
Mike’s authoring of the first application security assessment standard is one accomplishment among many “firsts”. He designed and built X.509v3 certificate creation and parsing libraries before Java Cryptography Extension (JCE) existed. He led the team that created the first commercial release of the United States Postal Service (USPS) Electronic Postmark (EPM) server. He ran one of the first commercial trusted product laboratories accredited by the NSA. He has a patented invention, Patent # 7,321,969, Secure Instant Messaging System. He wrote the first (and only) technical reference book on developing Common Criteria (CC) design evidence ISBN 1-59872-599-8, "EAL2 Design Pocket Reference".
Last revised 03/21/2009