Interview with Christian Wenz – DevExperience 2019

We are now living in and for the technology era. Regular activities like paying your bills, shopping, making appointments, doing your taxes, checking your banking account, you name it, can be done entirely online through web applications. Yet, greater convenience comes with increased fraud exposure, these applications turning into one of the favorite attack vectors of cybercriminals. This is why web security has become one of the key topics addressed by security professionals and businesses around the world. And this was exactly the main idea discussed during the security track at DevExperience.

In his session, “Web Application Security – Browsers to the Rescue”, Christian Wenz, a professional developer who is also a security expert, explained why browsers are the last line of defense.  Many security mechanisms and APIs can be integrated into web browsers to protect websites from attacks.

Press on Security had the pleasure to sit down with Christian and discuss about web application security, data protection and what aspiring security professionals can do to become experts in this area.

Christian Wenz is an author, consultant and trainer focusing on web technologies and web application security.

His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right mix of web technologies.

PressOnSecurity: Christian, what do you think of the conference so far?

Christian W: I love it! This is my first time in the country and I must say I had a great time, both as a tourist and as a speaker at the conference. I like the great variety of topics addressed during the 3 separate tracks, especially since there are a lot of them that are not in my area of expertise, so it’s a great opportunity for me to learn from the best. I fell in love with the city as well and I would really like to get back next year.

PressOnSecurity: As a security expert I am sure you are also dealing a lot with data protection. What do you think of GDPR? I know that we are now in the “struggle phase”, where we fight still to fully understand the requirements and implement them. How do you see this evolving?

Christian W: I have mixed feelings about GDPR. On the one hand, I am not very fond of the fact that currently there are certain areas that are not clearly defined because we are still waiting for legislation. Also, in the weeks coming to the ballot in the Parliament, I was really disappointed on the lobby that was done by the both parties because they started to lie. On the other hand, the concept of GDPR, the idea that you own your data, that you have the right to request your data to be deleted, that you can always know what’s happening to your data, that’s actually fantastic. This is something that I absolutely love. Of course, when owning a company, the bureaucracy that comes with this right, can sometimes be too much. Imagine people sending mass e-mails to 200 companies asking for a complete list of their data. So, some of the implementations require more work than they should and, of course, there are some uncertainties I’ve already mentioned earlier. Nevertheless, the basic idea of GDPR is fantastic.

PressOnSecurity: Do you have any advice for aspiring security professionals or for those who just want to learn more about security in general?

Christian Wenz: OK, I will talk based on my own experience. I have stumbled on the topic of security more or less by accident and then I kind of stuck with it 🙂 So, the most important thing that helps me learn and gain new information is talking to colleagues, attending security-related conferences, reading blogs, checking the Twitter feeds of security researchers, and, of course, constantly experimenting. For instance, in my area of expertise, web app security, it would really help if you are a good developer. In my opinion, if you understand how web applications work and what the potential threats are, only then you can also put on your security hat and ask yourself what tools should or should not be used. Basically, this would be my advice – do some reading and then start experimenting as much as possible.

Christian, thank you for sharing with us your take on these topics. Looking forward to seeing you at the conference in 2020 as well!