This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Andrew van der Stock

Jump to: navigation, search

Andrew van der Stock has over 20 years experience as a developer, system administrator, security architect, and a leader of the application security field. He has worked extensively throughout Australia and the USA.

Andrew has unparalleled technical knowledge to delve as deep as it takes, whilst being able to explain technical risks in a strategic business context to boards and senior executives. Andrew prides himself on being a secure business enabler, producing innovative ideas and solutions that create competitive advantage whilst meeting difficult regulatory and compliance requirements.

Andrew joined OWASP in late 2002/early 2003, to indulge his passion for information sharing by participating in and then leading the Developer Guide project, culminating in the OWASP Guide to Building Secure Software 2.0 in 2005. He wrote the OWASP Top 10 2007, initiated and led the OWASP ESAPI for PHP effort, currently leads the OWASP Developer Guide and OWASP Proactive Controls projects, and is an author of the forthcoming OWASP Application Security Verification Standard 2.0. Andrew has previously held the Executive Director position at OWASP, and was a member of the OWASP Global Chapters Committee, and is the long time moderator of the Symantec SecurityFocus webappsec mailing list.

Andrew is a regular speaker and trainer at industry conferences, including BlackHat,, AusCERT, and OWASP. His next speaking engagement is at OWASP AppSec USA in New York City in November.

Andrew was awarded the SC Magazine / AusCERT Award for Individual Excellence in Information Security 2013. He is nominated for an OWASP WASPY award.

For his professional background (not OWASP related), please see LinkedIn. I am the technical lead for the national security practice at KPMG Australia.

For additional information, please see his User page.