Web Application Security Blog

Living in Cologne, Germany (ne Kölsche Jung). I write software since the nineties, work as a freelance software developer since 1997 (with Java since 1999) and focus on IT-Security since 2005.

Aside from the traditional software engineering tasks I support clients in the field of IT-Security. This includes penetration testing, security audits, architectural reviews, and web application hardening. Several times a year I conduct inhouse training courses on topics like web application security (focussing on Java) as well as on SecDevOps concepts for bringing security into agile projects.

Sometimes I enjoy writing articles about web application security and speak/train at conferences about web application hacking and hardening (JAX, WJAX, DevOpsCon, OWASP AppSecEU, HackPra, RSA-Conference, JavaOne, OOP, OWASP Germany Day, OWASP BeNeLux Day, WebTechCon, LeetCon, KISK, several internal InfoSec days and developer days of corporations from the financial sector). As an Advisory Board member of JAX and WJAX developer conferences responsible for their Security Days I constantly try to guide developers to include security aspects in their projects.

Individual memberships:

• Open Web Application Security Project (OWASP)
• Chaos Computer Club (CCC)
• Allianz für Cybersicherheit

In my opinion solutions to software (security) problems should be powerful but simple enough to be adopted broadly. That's what this blog is about: Showing problems and finding simple solutions.

The solutions all are simple...
after you have arrived at them.

Robert M. Pirsig, American novelist