User:Dinis.cruz - Revision history

Dinis.cruz: /* Bio */

2016-03-23T08:32:37Z

‎Bio

Dinis.cruz: Updating bio

2016-03-23T08:31:34Z

Updating bio

Dinis.cruz: /* CV */

2013-11-06T11:30:36Z

‎CV

Dinis Cruz at 14:32, 17 February 2011

2011-02-17T14:32:48Z

Dinis.cruz: /* Past OWASP involvement */

2011-02-13T23:22:08Z

‎Past OWASP involvement

Dinis.cruz: /* Current OWASP Involvement */

2011-02-13T23:21:04Z

‎Current OWASP Involvement

Sandra Paiva at 00:34, 30 December 2010

2010-12-30T00:34:13Z

Dinis.cruz at 15:59, 20 October 2010

2010-10-20T15:59:10Z

Dinis.cruz at 15:05, 20 October 2010

2010-10-20T15:05:01Z

Dinis.cruz at 15:00, 20 October 2010

2010-10-20T15:00:55Z

@@ Line 37: / Line 37: @@
 Assurance and Testing are at the epicentre of his Application Security activities:
-• Threat Modeling (security architecture, design review, asset discovery, attack surface mapping, authorisation/authentication visualisation),
+* Threat Modeling (security architecture, design review, asset discovery, attack surface mapping, authorisation/authentication visualisation),
-• Application Security assessments (aka code-driven pen-tests)
+* Application Security assessments (aka code-driven pen-tests)
-• Static/dynamic code analysis tools customisation, deployment and use
+* Static/dynamic code analysis tools customisation, deployment and use
-• Developer Education
+* Developer Education
-• Secure coding standards and best practices
+* Secure coding standards and best practices
-• RISK management workflows (aka custom JIRA issue workflows)
+* RISK management workflows (aka custom JIRA issue workflows)
-• Finding sweet spots where security activities are aligned with development/business needs (for example: DevOps, stand-alone QA environments, application visualisation, performance/resilience)
+* Finding sweet spots where security activities are aligned with development/business needs (for example: DevOps, stand-alone QA environments, application visualisation, performance/resilience)
-• Creating and nurturing a network of Security Champions (across all teams), to allow the scaling and sharing of Application Security knowledge
+* Creating and nurturing a network of Security Champions (across all teams), to allow the scaling and sharing of Application Security knowledge
-• Managing Application Security services provided to the business (staffed in-house of via 3rd party consultancies)
+* Managing Application Security services provided to the business (staffed in-house of via 3rd party consultancies)
-• Increasing existing logging and visualisation solutions in order to monitor, report and react to security incidents
+* Increasing existing logging and visualisation solutions in order to monitor, report and react to security incidents
 With professional development experience (.NET, Java, NodeJS) and management experience, Dinis is able to move from highly technical threads with developers, to design reviews with architects, all the way to business strategy sessions with senior C-Level executives.

@@ Line 29: / Line 29: @@
 == Bio ==
-===Current version (circa Nov 2013)===
+===Current version (2016)===
 Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform and Security Innovation's TeamMentor (Dinis is the main developer and architect of both Applications).

@@ Line 27: / Line 27: @@
 ** [[OWASP Autumn Of Code 2006]]
-== CV ==
+== Bio ==
 Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.

← Older revision		Revision as of 14:32, 17 February 2011
Line 10:		Line 10:

	* leader of the [[OWASP O2 Platform]] project		* leader of the [[OWASP O2 Platform]] project
		+	* published the [[Summit_2011/Open_letter_to_WebAppSec_Tool_and_Services_vendors:_Release_your_schemas_and_allow_automation \| Open letter to WebAppSec Tool and Services vendors: Release your schemas and allow automation]]

	== Past OWASP involvement ==		== Past OWASP involvement ==

@@ Line 12: / Line 12: @@
 == Past OWASP involvement ==
+* participant of the OWASP [[Global Projects Committee]]
 * leader of the OWASP [[London]] chapter (2006/2007) - but have passed the leadership to Ivan from ModSecurity, who passed it to Justin.
 * leader of the OWASP .NET Project

← Older revision		Revision as of 23:21, 13 February 2011
Line 10:		Line 10:

	* leader of the [[OWASP O2 Platform]] project		* leader of the [[OWASP O2 Platform]] project
−	* participant of the OWASP [[Global Projects Committee]]
−	* chair of the [[OWASP Connections Committee]]
−	* member of the [[About_The_Open_Web_Application_Security_Project#Global_Board_Members\|OWASP Board]]

	== Past OWASP involvement ==		== Past OWASP involvement ==

← Older revision		Revision as of 15:59, 20 October 2010
Line 3:		Line 3:
	To see my wiki contributions, [[:Special:Contributions/Dinis.cruz\|click here]].		To see my wiki contributions, [[:Special:Contributions/Dinis.cruz\|click here]].

		+	My most updated [http://uk.linkedin.com/in/diniscruz CV is at LinkedIn] and here is the [http://dl.dropbox.com/u/12988346/Personal/Dinis%20Cruz%20%28CV%20-%20October%202010%29.pdf PDF version]
		+
	== Current OWASP Involvement ==		== Current OWASP Involvement ==

@@ Line 24: / Line 24: @@
 ** [[OWASP Autumn Of Code 2006]]
-== Short CV ==
+== CV ==
 Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
 For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the [[OWASP O2 Platform]] which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers).
-Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (aquired by IBM), performing Web Application security assessments on a large number of languages/technogies/framewoks and being a very active participant and enabler at OWASP.
+Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (acquired by IBM), performing Web Application security assessments on a large number of languages/technologies/frameworks and being a very active participant and enabler at OWASP.
 Dinis is an active trainer on .Net security, having written and delivered courses for Ounce Labs, IOActive, Foundstone, Intense School and KPMG  (at multiple locations including BlackHat). Dinis has also delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences.
-As a security researcher Dinis created a number of innovatieve tools and research documents, and has responsible disclosed a number of Critical vulnerablities on Commercial Applications (for example Microsoft's Advisory [http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx MS07-040] on the .NET Framework, or the [http://www.springsource.com/security/spring-mvc Spring MVC Auto-Binding] issue)
+As a security researcher Dinis created a number of innovative tools and research documents, and has responsible disclosed a number of Critical vulnerabilities on Commercial Applications (for example Microsoft's Advisory [http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx MS07-040] on the .NET Framework, or the [http://www.springsource.com/security/spring-mvc Spring MVC Auto-Binding] issue)
 == Security vulnerability research==

@@ Line 28: / Line 28: @@
 Dinis Cruz is a Security Consultant based in London (UK) and specialized in: ASP.NET/J2EE Application Security, Application Security audits and .NET Security Curriculum Development.
-For the past years Dinis has focused on the field of Static Source Code analysis, from May 2007 to Dec 2009 he  worked as a independent consultant for Ounce Labs (bought by IBM in July 2009) where during active security engagements using Ounce's technology he developed the Open Source codebase which now is the foundation of the OWASP O2 Platform.
+For the past couple years Dinis has focused on the field of Static Source Code Analysis and Dynamic Website Assessments (aka penetration testing), and is the main developer of the [[OWASP O2 Platform]] which is an Open Source project that is focused on 'Automating Security Consultants Knowledge/Workflows' and 'Allowing non-security experts to access and consume Security Knowledge'. Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between: the multiple WebAppSec tools, the Security consultants and the final users (from management to developers).
-Dinis is currently focused on making the O2 Platform the industry standard for consuming, instrumenting and data-sharing between the multiple WebAppSec tools, the Security consultants and the final developers.
+Past industry experience include: running a small Software/Consultancy business, acting as CTO for a Portuguese University, being part of a Security Assessment team (Pentesting and Source Code Assessment) for a global Bank (ABN AMRO), taking the role of Directory of Advanced Technologies at Ounce Labs (aquired by IBM), performing Web Application security assessments on a large number of languages/technogies/framewoks and being a very active participant and enabler at OWASP.
-Dinis is a also active trainer on .Net security having written and delivered courses for IOActive, Foundstone, Intense School and KPMG  (at multiple locations including BlackHat), and has delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences
+Dinis is an active trainer on .Net security, having written and delivered courses for Ounce Labs, IOActive, Foundstone, Intense School and KPMG  (at multiple locations including BlackHat). Dinis has also delivered a number of presentations and keynote speeches at multiple OWASP and Security related conferences.
 == Security vulnerability research==
 *  [http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx Microsoft Security Bulletin MS07-040 - Critical]
+*  [http://www.springsource.com/security/spring-mvc Spring MVC Auto-Binding]
 == Interviews & Media quotes ==