This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

User:David Shaw

Jump to: navigation, search


David is an active member of several OWASP endeavors. Notable project involvements include:


David has extensive experience in many aspects of information security.

Beginning his career as a Network Security Analyst, David monitored perimeter firewalls and intrusion detection systems in order to identify and neutralize threats in real time. After working in the trenches of perimeter analysis, David joined an External Threat Assessment Team as a Security Researcher, working closely with large financial institutions to mitigate external risk and combat phishing attacks.

In 2009, David joined Redspin and worked as a Senior Security Engineer, Director of Penetration Testing, and Senior Director of Engineering. David then led security assessment and software development teams as Redspin's Chief Technology Officer and VP of Professional Services, specializing in External and Application security assessments.

David's current role is Chief Information Security Officer at AppFolio, where he is managing internal AppSec and SecOps.

David has particular interests in complex threat modeling and unconventional attack vectors, and has been a speaker at ToorCon, LayerOne, DEF CON, NolaCon, THOTCON, BSides Las Vegas, BSides Los Angeles, and BSides Seattle.


The easiest way to get in contact is to send an email.