Web Application Security Blog

I write software since the nineties, work as a freelance software developer since 1997, and focus on Java since 1999.

Aside from the traditional software engineering tasks (which make up most of my work) I support clients in the field of IT security. This includes penetration testing, security audits, architectural reviews, and web application hardening. Several times a year I conduct inhouse training courses on topics like web application security (focussing on Java) as well as performance analysis and application monitoring.

Sometimes I enjoy writing articles about web application security and speak/train at conferences about web application hardening (WJAX 2009, JAX 2010, OWASP AppSec 2013).

In my opinion solutions to software (security) problems should be powerful but simple enough to be adopted broadly. That's what this blog is about: Showing problems and finding simple solutions.

The solutions all are simple...
after you have arrived at them.

Robert M. Pirsig, American novelist