Software Developer, Whitehat Hacker & Trainer

Living in Cologne, Germany (ne Kölsche Jung). I write software since the nineties, work as a freelance software developer since 1997 (with Java since 1999) and focus on IT-Security since 2005.

Aside from the traditional software engineering tasks I support clients in the field of IT-Security. This includes penetration testing, security audits, architectural reviews, and web application hardening. Several times a year I conduct inhouse training courses on topics like web application security (focussing on Java) as well as on SecDevOps concepts for bringing security into agile projects.

Sometimes I enjoy writing articles about web application security and speak/train at conferences about web application hacking and hardening (WJAX 2009, JAX 2010, OWASP AppSecEU 2013, JAX 2014, OWASP AppSecEU 2014, WebTechCon 2014, WJAX 2014, GFU IT-Security Conference 2014, several internal InfoSec days and developer days of corporations from the financial sector). As an Advisory Board member of JAX 2014, WJAX 2014 and JAX 2015 developer conferences responsible for their Security Days I constantly try to guide developers to include security aspects in their projects.

Individual memberships:

In my opinion solutions to software (security) problems should be powerful but simple enough to be adopted broadly. That's what this blog is about: Showing problems and finding simple solutions.

The solutions all are simple...
after you have arrived at them.

Robert M. Pirsig, American novelist