This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User:Bernhard Mueller"

From OWASP
Jump to: navigation, search
(Update profile)
Line 1: Line 1:
I am an IT security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry I have published bugs and papers in a variety of fields including Internet protocols, web apps, mobile operating systems, WAFs and others. If you can name it, I've probably broken it at least once.
+
[[File:bernhardmueller.png|thumb]]
  
As a director at at Vantage Point Security I help clients to build secure applications. I'm currently focusing on mobile appsec, and working as a lead author on the OWASP Mobile Application Security Verification Standard (MASVS) and Mobile Security Testing Guide (MSTG).
+
= Bernhard Mueller =
 +
Bernhard is an uncertified software security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry he has published many bugs and papers in a variety of fields including Internet protocols, web apps, mobile operating systems, WAFs and others. If you can name it, he has probably broken it at least once.  
  
Contact me on Twitter [http://www.twitter.com/muellerberndt @muellerberndt]
+
Since early 2016, he volunteers as a project leader and author for the [https://github.com/OWASP/owasp-mstg OWASP Mobile Security Testing Guide].
 +
 
 +
=== OWASP Links ===
 +
* [https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide Mobile Security Testing Guide Project Page]
 +
* [https://github.com/OWASP/owasp-mstg Mobile Security Testing Guide on GitHub]
 +
* [https://leanpub.com/mobile-security-testing-guide Mobile Security Testing Guide Early Access Edition on Leanpub]
 +
* [https://github.com/OWASP/owasp-masvs Mobile Security Verification Standard on GitHub]
 +
* [https://www.youtube.com/watch?v=THJVzf-u7Iw Fixing Mobile AppSec - AppSec EU Presentation]
 +
 
 +
=== Some Papers, Talks and Security Advisories ===
 +
* Attacking Software Tokens – Advanced Reverse Engineering on Android (HITB GSEC 2016)
 +
* Cisco Call Manager Multiple Vulnerabilities CVE-2014-6271, CVE-2014-8008)
 +
* ModSecurity multipart / invalid part ruleset bypass (CVE-2014-4528)
 +
* IBM Director Privilege Escalation (CVE-2009-0880)
 +
* Microsoft SQL Server “sp_replwritetovarbin” Heap Overflow (CVE-2008-4270 / MSF: )
 +
* From 0 to 0day on Symbian (2008)
 +
* Perdition IMAPD Format String Vulnerability (CVE-2007-5740)
 +
 
 +
=== Online Presence ===
 +
* [https://www.linkedin.com/in/bernhardm/ Linkedin]
 +
* [https://twitter.com/muellerberndt Twitter]
 +
* [https://github.com/b-mueller Github]

Revision as of 08:05, 19 July 2017

Bernhardmueller.png

Bernhard Mueller

Bernhard is an uncertified software security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry he has published many bugs and papers in a variety of fields including Internet protocols, web apps, mobile operating systems, WAFs and others. If you can name it, he has probably broken it at least once.

Since early 2016, he volunteers as a project leader and author for the OWASP Mobile Security Testing Guide.

OWASP Links

Some Papers, Talks and Security Advisories

  • Attacking Software Tokens – Advanced Reverse Engineering on Android (HITB GSEC 2016)
  • Cisco Call Manager Multiple Vulnerabilities CVE-2014-6271, CVE-2014-8008)
  • ModSecurity multipart / invalid part ruleset bypass (CVE-2014-4528)
  • IBM Director Privilege Escalation (CVE-2009-0880)
  • Microsoft SQL Server “sp_replwritetovarbin” Heap Overflow (CVE-2008-4270 / MSF: )
  • From 0 to 0day on Symbian (2008)
  • Perdition IMAPD Format String Vulnerability (CVE-2007-5740)

Online Presence

Retrieved from "https://wiki.owasp.org/index.php?title=User:Bernhard_Mueller&oldid=231751"