August Detlefsen - Web Application Architect

August Detlefsen Contact
Application Security Consultant
AppSec Consulting San Jose, CA	2010 - Present
Work with major clients in banking, ecommerce and medical fields to help secure web properties from potential threats. Consulting services include source code and infrastructure reviews, penetration testing, threat modeling, gap analysis, information classification, and architecture of software security controls. Present findings to clients and provide advice for remediation of vulnerabilities. Analyzed and reported on the strengths and weaknesses of several static analysis tools.
Aspect Security Columbia, MD	2010
Architected and integrated security controls for a global top 10 bank including encryption, intrusion detection, audit/logging and anti-clickjacking. Created extensive unit tests, javadocs and documentation. Developed a configurable Java-based web application input filter/sanitizer based on the open-source ESAPI and AntiSamy projects.
Security Compass Toronto, Canada	2010
Developed a complete set of code samples and reusable demos to illustrate common security best practices including Struts, Spring and generic input validation, CSRF prevention, SQL injection prevention, Hibernate HQL injection prevention, LDAP injection prevention, encryption of passwords and properties files, transactional authentication, data encoding, intrusion detection, error handling, and secure session management.
Web and Java Application Architect
CodeMagi, Inc. Oakland, CA	2000 - Present
President/CEO of a consulting firm that works with clients including Sun Microsystems, Oracle, NetApp, VMware and others to develop first in class web solutions. Worked with clients to specify requirements, translated requirements into discrete tasks for developer team, developed project plans, designed UI/UX, estimated costs, specified software and hardware, sourced resources, created documentation, and managed a team of developers and designers. Architected and developed a complete, re-usable Servlet/Oracle/JavaBeans/Taglibs content architecture including online content management tools, project management 'dashboards', digital assets archives, executive scheduling, events calendar, LDAP user login/registration, caching, search and reporting functions. Integrated new functionality with existing applications and legacy databases.
OpenEco.org San Francisco, CA	2007 - 2010
Chief Architect for a global online community that provided free, easy-to-use tools to help participants assess, track, and compare energy performance, share proven best practices to reduce greenhouse gas (GHG) emissions, and encourage sustainable innovation. Architected and developed a modular open source platform to allow independent developers to easily add tools and functionality to the site. Created modules for content management, user registration, login and access control, greenhouse gas tracking and reporting tools, news feeds, events calendar, e-newsletters, social networking, forums, wiki, and user feedback. Platform included built-in role- and object-based access control, input validation, CSRF prevention, web services, charting, RSS feeds and output in PDF and Excel formats.
EnergiesOnline.com San Francisco, CA	2002 - 2003
Chief Technical Officer and Chief Architect for EnergiesOnline.com, a subscription service providing online access to FERC and EIA data for the electricity and natural gas industries. Developed automated data 'slurps' from disparate sources and formats into a single normalized data store. Architected, designed and developed the site to allow subscribed users to search and generate a variety of reports on the data.
JustGive San Francisco, CA	2002
Java and database architecture and development for JustGive.org website and co-brands to allow donors to find and contribute to thousands of charities online. Designed and developed a complete MVC eCommerce and content architecture to allow for cobranding the JustGive concept. Architecture uses Servlets and Java Beans connecting with a Postgres database to create a reusable Model and Controller for search, shopping cart, user registration and online transactions. Co-branding is achieved by swapping the JSP view layer. The site makes use of many open-source projects including Castor XML/JDO, PostgreSQL database and Apache Webserver/Tomcat/Taglibs.
Gazoontite.com San Francisco, CA	2000
Java development for Gazoontite eCommerce website and intranet, co-branded Gazoontite/PlanetRx tools. Start to finish Java/JSP development for Gazoontite web presence including eCommerce/storefront architecture, online content management tools, content import from outside sources, login/new user registration, session and clickstream tracking and caching mechanism using XML, XSL, EJB, Bluestone Total-E-Business app server. Connected website and standalone applications to Oracle and Mas90 backends via JDBC/ODBC/jDataConnect. Integrated website with 3rd party fulfillment center.
WebMD San Francisco, CA	1999
Java development for new WebMD consumer website, including Lycos and Excite co-brands. Integrated live content feeds from a variety of sources using SQL, XML, Java and DB2. Designed high-performance, high-availability Java APIs to allow developers to deploy content to core site and cobrands. Designed and developed websites with reusable Java code modules and XML-based template language.
Freelance Design, Programming, and Production
Sun Microsystems Inc. Menlo Park, CA	1999
Onsite design and development for Sun Microsystems top executives. Create interactive Java demos and presentations, develop database driven intranet sites, evaluate new technologies. Projects include Java2D animation framework, online interface to existing document management engine, 'Personal Website' demo for Scott McNealy presentations.
Vicor Inc. Palo Alto, CA	1998
Design and develop eCommerce systems for a top 10 U.S. bank. Projects include perl-based shopping engine, Cybercash transaction processing, interface to Java publishing system and Postgres backend.
Nersveen Multimedia San Francisco, CA	1997 - 2000
Design and program interactive presentations using HTML and Java technology. Produce and Direct events on-site worldwide. Clients include top executives at Sun Microsystems and Philips Semiconductors.
Internet Consultant, Web Designer
NIA Corporation Oakland, CA	1996 - 1997
Consult with businesses seeking to implement electronic commerce technologies including websites and intranets. Design and develop value-added strategies that enable businesses to benefit from going online. Contracts include the Oakland Public Works Agency, Globe Plumbing Supply Company, Alco Technologies, Lockheed Martin and GSO CPA Corporation.
Sales and Marketing Associate
InterLinear Technology Inc. Alameda, CA	1995 - 1996
Created and implemented sales and marketing campaigns for information management software. Leveraged existing relationships with World 1000 clients to create new business. Managed both online and print projects and coordinated intern program.
Education
Web Hacking 2.0: Attacks, Penetration and Exploits Amsterdam, NL	2011
Learned the latest attack vectors and exploits for use in security evaluations of the new wave of web applications using AJAX, rich internet applications, and web services. Course of study included Advanced injections with SQL, LDAP, XPATH and OS commands, Web 2.0 attacks, Hacking Flash and Silverlight components, Exploiting cloud based APIs and SOAP structures, DOM based attack surfaces, Mobile application pen-testing, and WAF bypass and obfuscation techniques.
Dale Carnegie Sales Advantage Program Oakland, CA	1996
Acquired skills for developing business relationships and making sales in the corporate environment of the future.
Bachelor of Arts: Geography, Dartmouth College Hanover, NH	1994
Course of study included use of demographics, Geographic Information Systems (GIS), cartography, and satellite image interpretation to analyze social, environmental and economic trends.
Languages: Java/J2EE, JSP, JavaScript/AJAX, ColdFusion, ASP.Net, JSON, XML, XSL, HTML, CSS, SQL, PL/SQL, T-SQL, PHP, Perl, shell scripts, English, Latin, Russian, German. Databases: Oracle, MySQL, Postgres, Sybase SQL Server, Microsoft SQL Server, JavaDB, Derby, DB2, FileMaker PRO, Mas90. Application Security Tools: Burp Suite Pro, AppScan Source Edition, Fortify Audit Workbench, CodeSecure, SSL Digger, SQLMap, Absinthe, ArcSight, OWASP HTTP Post Tool, Rats Open Source: Chief architect of the OpenEco platform. Project leader for the OWASP HTMLSanitizer Project and principal developer of Can You XSS This? Committer on the OWASP ESAPI and AntiSamy projects. Developed the CodeMagi Clickjacking Defense, the current gold standard for clickjacking prevention. Contributor to the Castor project and OWASP AppSensor. Application/Web Servers: Apache-Tomcat, Sun Java System Enterprise Server, GlassFish, JBoss, iPlanet Enterprise Server, Bluestone/Sapphire Total-E-Business, BEA WebLogic Server, Tango Rapid Application Development, MiniVend. Platforms: Proficient with UNIX (Solaris, Linux, FreeBSD, SGI IRIX), Windows, Macintosh, and DOS operating systems, including server administration, networking, virtualization, software and hardware specification and configuration. Software: Development and design for both Internet and print using Eclipse, XCode, NetBeans, Sun Java Studio and Java Workshop, Subversion, Perforce, Maven, CVS, Hudson, Selenium, Visual SourceSafe, Adobe Photoshop, Adobe Illustrator, HoT MetaL PRO, Macromedia Director, StarOffice, Pagemill, Pagemaker, QuarkXpress, and a variety of other software for business and design. Personal: Highly honed problem-solving and learning abilities mean increased productivity in new situations. Experienced world traveler with natural enthusiasm, confident presentation, communication, and teamwork skills. Contact