Short Bio
John Wilander is a Product Security Researcher at an American corporation. He holds a PhD in computer science with focus on software security and has been researching and working in application security since 2001. 2007-2013 he was an active leader in OWASP, the Open Web Application Security Project where he "did it all" – founded and lead a chapter, chaired a global AppSec conference, shipped a project, served on a global committee, and gave numerous conference talks. During his years in academia he was elected best computer science teacher twice.
Photos (1200x800)
Product Security Researcher
2013 - now, employed by an American corporation
Member of the Proactive Product Security team at an American corporation in California.
Frontend Architect, Developer, and Security Coordinator, Online Banking
2011 - 2013, employed by Svenska Handelsbanken
Member of the frontend team. Responsible for architecture, infrastructure, and security in a RIA for online banking.
Software Developer, Authentication & Payments
2010, consultant at Aftonbladet, employed by Omegapoint
Member of the Paid Services Team at Sweden’s most popular web site (>2 million visitors per day). Developing, testing and maintaining authentication and payment systems. As an example the team designed and implemented backend services for mobile device Digest Access Authentication.
Security Development Lifecycle Implementation
Fall 2009, consultant at Posten, employed by Omegapoint
Project leader with the assignment to implement processes and routines for secure development and testing in a large developing organization with more than 100 active systems.
Developer of National Medication Services
Fall 2008 - Fall 2009, consultant for Sjukvårdsrådgivningen+SLL+VGR+RS, employed by Omegapoint
Part of a scrum team which designed and developed a national system for data retrieval regarding prescripted medications for Swedish healthcare patients. Web application and web service. I had special focus on non-functional security requirements such as intrusion prevention and log protection.
Research Publications (peer-reviewed)
Contributions to Specification, Implementation, and Execution of Secure Software
Doctorate thesis by John Wilander, defended on April 22nd, 2013.
Opponent was
Prof. Benjamin Livshits
from Microsoft Research and University of Washington.
Committee consisted of
Prof. Mads Dam
from Royal Institute of Technology, Stockholm, Sweden,
Prof. Andrei Sabelfeld
from Chalmers University of Technology, Gothenburg, Sweden, and
Prof. Simin Nadjm-Tehrani
from Linköping University, Sweden.
RIPE: Runtime Intrusion Prevention Evaluator
by John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar and Wouter Joosen.
In the Proceedings of the
27th Annual Computer Security Applications Conference
(ACSAC 2011), December 5-9, 2011, in Orlando, Florida.
The Impact of Neglecting Domain-Specific Security and Privacy Requirements
by John Wilander and Jens Gustavsson.
In the Proceedings of the
12th Nordic Workshop on Secure IT Systems
(Nordsec 2007), October 11-12, 2007, in Reykjavík, Iceland.
Pages 153--163.
Policy and Implementation Assurance for Software Security
Licentiate thesis by John Wilander, defended on November 18th, 2005.
Opponent was
Dr. Andrei Sabelfeld
from Chalmers University of Technology.
Pattern Matching
Security Properties of Code using Dependence Graphs
by John Wilander and Pia Fåk.
In Proceedings of the 1st International
Workshop on Code Based Software Security Assessments (CoBaSSA
2005), November 7, 2005, in Pittsburgh, Pennsylvania, USA. Pages 5--8.
Modeling and Visualizing
Security Properties of Code using Dependence Graphs
by John Wilander.
In Proceedings of the
5th Conference on Software Engineering Research and Practice in Sweden
(SERPS'05), October 20-21, 2005, in Västerås, Sweden. Pages 65--74.
Security
Requirements---A Field Study of Current Practice
by John Wilander and Jens Gustavsson.
In E-Proceedings of the
Symposium on Requirements Engineering for Information Security
(SREIS 2005), August 29, 2005, in Paris, France.
A Comparison of Publicly
Available Tools for Dynamic Buffer Overflow Prevention
by John Wilander and Mariam Kamkar.
In Proceedings of the
10th Network and Distributed System Security Symposium
(NDSS'03), February 5-7, 2003, in San Diego, California.
Pages 149--162.
A Comparison of Publicly
Available Tools for Static Intrusion Prevention
by John Wilander and Mariam Kamkar.
In the Proceedings of the
7th Nordic Workshop on Secure IT Systems
(Nordsec 2002), November 7-8, 2002, in Karlstad, Sweden.
Pages 68--84.
Education
PhD in Computer Science, defended April 22, 2013, Linköping University
Licentiate in Computer Science, defended November 18, 2005, Linköping University
M Sc Computer Science and Engineering, Linköping Institute of Technology, Sweden and Nanyang Technological University, Singapore (1996-2002, one year on leave)
Certificates
Sun Certified Programmer for the Java2 Platform
ISC2 Certified Secure Software Lifecycle Professional (expired)
Programming Languages
Current focus: JavaScript and Swift
Much time spent with: Java
The research years: C
Teenage memories: M68000 assembler
Development Tools
IDEs: WebStorm, IntelliJ, Xcode
Debugging & Testing: Safari Web Inspector, Chrome dev tools, Firebug, Jasmine, Selenium, Burp Suite, JUnit, Mockito
Build: Ant, Maven, Ivy, Closure Compiler, YUI Compressor, Yeoman, require.js