This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User:Achim"

From OWASP
Jump to: navigation, search
(OWASP Activities)
 
(33 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
My OWASP wiki contributions [[:Special:Contributions/Achim|here]].
 
My OWASP wiki contributions [[:Special:Contributions/Achim|here]].
  
You can reach me ''mailto: achim (at) owasp -dot- org'', or check some popular social networks ...
+
You can reach me ''mailto: achim (at) owasp -dot- org'', or check some popular social networks (i.e. [[http://de.linkedin.com/pub/achim-hoffmann/8/73/778 linkedin]]) ...
 
----
 
----
  
Line 9: Line 9:
  
 
It's difficult to describe my knowledge in the security world without being subjective, hence replace ''some'' by whatever your feel happy with.
 
It's difficult to describe my knowledge in the security world without being subjective, hence replace ''some'' by whatever your feel happy with.
The official title on the v-card will be senior security and network consultant, which means something too.
+
The official title on the v-card will be principal consultant, which means something too.
  
 
=== (Short) CV ===
 
=== (Short) CV ===
  
Doing software development since early '80s, used to networking all the time, focused on web application security starting this millenium. Have seen coming, have evaluated, have configured and used and have seen disappearing a lot of WAFs and web application security scanners.
+
I'm doing software development since early '80s, used to networking all the time, and focused on web application security starting this millenium. Meanwhile I've seen coming, have evaluated, have configured and used, and have seen disappearing a lot of WAFs and web application security scanners.
Currently employed at SecureNet GmbH.
+
Founded sic[!]sec GmbH in 2010.
  
 
=== OWASP Activities ===
 
=== OWASP Activities ===
  
* Participating in the [http://www.owasp.org/index.php/Germany German Chapter].
+
* Helping some Task Forces like [[Wiki Cleanup]] (in process)
 +
* Helping in [[Germany/Projekte/Top_10_fuer_Entwickler|OWASP Top 10 für Entwickler]] (2013)
 +
* Co-organize the [[AppSecEU2013|AppSec Europe Research 2013]] conference in Hamburg
 +
* Co-organized the [[German OWASP Day 2011]] and [[German OWASP Day 2012]] in München
 +
* Administrating [https://lists.owasp.org/mailman/admin mail and mailing list] for owasp.org (since 2012), see also [[About Mailman at OWASP]] and [https://lists.owasp.org/pipermail/stats/ Mailman Statistics at OWASP]
 +
* I've participated at the [[OWASP EU Summit 2008]] in Faro, OWASP [[Summit 2011]] in Lisboa, OWASP [https://owaspsummit.org/ Summit 2017] in Woburn
 +
* Participating in the [[Germany|German Chapter]], German Chapter Board Member
 +
* Project leader, maintainer, developer of [[O-Saft| O-Saft OWASP - SSL advanced forensic tool]] Project
 
* Project leader, maintainer, developer of [https://www.owasp.org/index.php/Category:OWASP_EnDe OWASP EnDe Project]
 
* Project leader, maintainer, developer of [https://www.owasp.org/index.php/Category:OWASP_EnDe OWASP EnDe Project]
* being reviewer on some other OWASP projects [[OWASP_Summer_of_Code_2008|(SoC 2008)]]
+
* Co-author [[TLS_Cipher_String_Cheat_Sheet|TLS Cipher String Cheat Sheet]]
* [http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project CAL9000] (added some en/decoding and request/response functionality; 2006)
+
* Reviewer on some other OWASP projects [[OWASP Summer of Code 2008|(SoC 2008)]]
* [https://www.owasp.org/index.php/Best_Practices:_Web_Application_Firewalls Best Practices: WAF]
+
* [http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project CAL9000] (added some en-/decoding and request/response functionality; 2006)
* [http://www.owasp.org/index.php/Projektierung_der_Sicherheitspr%C3%BCfung_von_Webanwendungen Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen]
+
 
 +
=== OWASP Papers ===
 +
* [[Best_Practices:_Web_Application_Firewalls|Best Practices: Web Application Firewalls (WAF)]]
 +
* [[Projektierung_der_Sicherheitspr%C3%BCfung_von_Webanwendungen|Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen]]
 +
* [[Media:Pentestvorbereitung_Sitemapping.pdf|Pentestvorbereitung: Sitemapping]]
  
 
=== Public Papers / Work ===
 
=== Public Papers / Work ===
 
+
* [http://projects.webappsec.org/w/page/54150727/WAFEC%202 WAFEC 2.0 - Web Application Firewall Evaluation Criteria] (contributor, 2011/2012/2013)
* [https://www.owasp.org/images/0/00/OWASP-Projektierung_der_Sicherheitspr%C3%BCfung_von_Webanwendungen_v101.de.pdf Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen] (author 2009)
+
* [https://www.owasp.org/index.php/Virtual_Patching_Best_Practices Best Practices: Virtual Patching] (co-author, OWASP Summit 2011)
 +
* [http://www.ietf.org/rfc/rfc6265.txt HTTP State Management Mechanism] RFC 6265 (Cookie) (contributor 2009/2010/2011)
 +
* [[Media:OWASP-Projektierung der Sicherheitspr%C3%BCfung von Webanwendungen v101.de.pdf|Best Practice: Projektierung der Sicherheitsprüfung von Webanwendungen]] (author 2009)
 
* [http://projects.webappsec.org/Threat-Classification Web Application Security Threat Classification v2] (contributor 2008/2009/2010)
 
* [http://projects.webappsec.org/Threat-Classification Web Application Security Threat Classification v2] (contributor 2008/2009/2010)
* [http://www.owasp.org/images/1/1b/Best_Practices_Guide_WAF.pdf Best Practices: Einsatz von Web Application Firewalls] (co-author, 2008)
+
* [[Media:Best Practices Guide WAF.pdf|Best Practices: Einsatz von Web Application Firewalls]] (co-author, 2008)
 
* [https://www.bsi.bund.de/cae/servlet/contentblob/476464/publicationFile/30632/WebSec_pdf.pdf Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices] (author, 2005/2006)
 
* [https://www.bsi.bund.de/cae/servlet/contentblob/476464/publicationFile/30632/WebSec_pdf.pdf Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices] (author, 2005/2006)
 +
<!-- new link 12/2010
 +
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/WebSec/WebSec_pdf.pdf?__blob=publicationFile
 +
-->
 
<!-- link outdated 9/2009
 
<!-- link outdated 9/2009
 
* [http://www.bsi.de/literat/studien/websec/WebSec.pdf Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices] (author, 2005/2006)
 
* [http://www.bsi.de/literat/studien/websec/WebSec.pdf Sicherheit von Webanwendungen: BSI-Maßnahmenkatalog und Best Practices] (author, 2005/2006)
Line 38: Line 54:
  
 
----
 
----
<sub>''Things should be made as simple as possible, but no simpler'' (Einstein)<br>KISS - keep it simple stupid</sub>
+
<sub>''Mach es so einfach wie möglich, aber nicht einfacher''<br>''Things should be made as simple as possible, but no simpler''(Einstein)<br>KISS - keep it simple <!--stupid --> secure</sub>

Latest revision as of 21:41, 29 September 2018

Hello and welcome to my user page at OWASP.org. You'll find some details about my public work and things related to web application security here. My OWASP wiki contributions here.

You can reach me mailto: achim (at) owasp -dot- org, or check some popular social networks (i.e. [linkedin]) ...


"some" Security ..

It's difficult to describe my knowledge in the security world without being subjective, hence replace some by whatever your feel happy with. The official title on the v-card will be principal consultant, which means something too.

(Short) CV

I'm doing software development since early '80s, used to networking all the time, and focused on web application security starting this millenium. Meanwhile I've seen coming, have evaluated, have configured and used, and have seen disappearing a lot of WAFs and web application security scanners. Founded sic[!]sec GmbH in 2010.

OWASP Activities

OWASP Papers

Public Papers / Work


Mach es so einfach wie möglich, aber nicht einfacher
Things should be made as simple as possible, but no simpler(Einstein)
KISS - keep it simple secure