Over Dave van Stein

Web application security issues are mostly "unwanted functionality". As such they can often be prevented by thinking in abuse cases and applying secure coding standards. Many problems can also easily be discovered by testers without security expertise when they know what to look for. So, without too much effort, many problems can already be mitigated during the SDLC without the need for expensive penetration tests or extensive training. My mission is to make web application security understandable for every tester, developer and manager. Specialties: Design and implementation of security in the SDLC (Waterfall, Agile, DevOps) Web Application Security Testing Web Application Penetration Testing Threat Modeling Compliance verification Reviewing static code analysis reports Awareness training