Bernhard is an uncertified software security specialist with a talent in hacking all kinds of systems. During more than a decade in the industry he has published many bugs and papers in a variety of fields including Internet protocols, web apps, mobile operating systems, WAFs and others. If you can name it, he has probably broken it at least once.
Since early 2016, he volunteers as a project leader and author for the OWASP Mobile Security Testing Guide.
- Mobile Security Testing Guide Project Page
- Mobile Security Testing Guide on GitHub
- Mobile Security Testing Guide Early Access Edition on Leanpub
- Mobile Security Verification Standard on GitHub
- Fixing Mobile AppSec - AppSec EU Presentation
Some Papers, Talks and Security Advisories
- Attacking Software Tokens – Advanced Reverse Engineering on Android (HITB GSEC 2016)
- Cisco Call Manager Multiple Vulnerabilities CVE-2014-6271, CVE-2014-8008)
- ModSecurity multipart / invalid part ruleset bypass (CVE-2014-4528)
- IBM Director Privilege Escalation (CVE-2009-0880)
- Microsoft SQL Server “sp_replwritetovarbin” Heap Overflow (CVE-2008-4270)
- From 0 to 0day on Symbian (2008)
- Perdition IMAPD Format String Vulnerability (CVE-2007-5740)