My interest in web security started almost 15 years ago - first in the context of web development, today also as a researcher. My goal is to create a deep understanding for all facets of web security for developers.



To prevent critical security bugs in software, a knowledge of current threats and best practices is indispensable. To this end, I offer staff trainings covering basic and advanced aspects of web security. 

Staff trainings can encompass, among others:

  • Secure webserver configuration
  • HTTPS and TLS
  • Same Origin Concept
  • Cross-Site Scripting
  • SQL Injections
  • Cross-Site Request Forgery
  • Session Management
  • Secure Storage of User Data
  • Denial of Service Attacks
  • Code Injection
  • Directory Traversal
  • HTTP Response Splitting and Header Injections
  • File Inclusion
  • ...

Security Analysis

You are not sure whether your server is safe? It is already too late and you have been hacked, your server or CMS is compromised? I can help you to identify risks, find and close security gaps, and help to safely operate your web application.


Please contact me via e-mail ( or on Linkedin.