"I find the concept of GDPR, the idea that you own your data, fantastic"
Interview with Christian Wenz – DevExperience 2019
We are now living in and for thetechnology era. Regular activities like paying your bills, shopping, makingappointments, doing your taxes, checking your banking account, you name it, canbe done entirely online through web applications. Yet, greater conveniencecomes with increased fraud exposure, these applications turning into one of thefavorite attack vectors of cybercriminals. This is why web security has becomeone of the key topics addressed by security professionals and businesses aroundthe world. And this was exactly the main idea discussed during the securitytrack at DevExperience.
In his session, “Web Application Security – Browsers to the Rescue”, Christian Wenz, a professional developer who is also a security expert, explained why browsers are the last line of defense. Many security mechanisms and APIs can be integrated into web browsers to protect websites from attacks.
Press on Security had the pleasure to sit down with Christian and discuss about web application security, data protection and what aspiring security professionals can do to become experts in this area.
Christian Wenz is an author, consultant and trainer focusing on web technologies and web application security.
His day job includes conductingsecurity audits, migrating old code bases, implementing complex web applicationsand helping companies choose the right mix of web technologies.
PressOnSecurity: Christian, what do you think of the conference so far?
Christian W: I love it! This is my first time in the country and Imust say I had a great time, both as a tourist and as a speaker at theconference. I like the great variety of topics addressed during the 3 separatetracks, especially since there are a lot of them that are not in my area ofexpertise, so it’s a great opportunity for me to learn from the best. I fell inlove with the city as well and I would really like to get back next year.
PressOnSecurity: As a security expert I am sure you are alsodealing a lot with data protection. What do you think of GDPR? I know that weare now in the “struggle phase”, where we fight still to fully understand therequirements and implement them. How do you see this evolving?
Christian W: I have mixed feelings about GDPR. On the one hand, Iam not very fond of the fact that currently there are certain areas that arenot clearly defined because we are still waiting for legislation. Also, in theweeks coming to the ballot in the Parliament, I was really disappointed on thelobby that was done by the both parties because they started to lie. On theother hand, the concept of GDPR, the idea that you own your data, that you havethe right to request your data to be deleted, that you can always know what’shappening to your data, that’s actually fantastic. This is something that Iabsolutely love. Of course, when owning a company, the bureaucracy that comeswith this right, can sometimes be too much. Imagine people sending mass e-mailsto 200 companies asking for a complete list of their data. So, some of theimplementations require more work than they should and, of course, there aresome uncertainties I’ve already mentioned earlier. Nevertheless, the basic ideaof GDPR is fantastic.
PressOnSecurity: Do you have any advice for aspiring securityprofessionals or for those who just want to learn more about security ingeneral?
Christian Wenz: OK, I will talk based on my own experience. I have stumbled on the topic of security more or less by accident and then I kind of stuck with it :) So, the most important thing that helps me learn and gain new information is talking to colleagues, attending security-related conferences, reading blogs, checking the Twitter feeds of security researchers, and, of course, constantly experimenting. For instance, in my area of expertise, web app security, it would really help if you are a good developer. In my opinion, if you understand how web applications work and what the potential threats are, only then you can also put on your security hat and ask yourself what tools should or should not be used. Basically, this would be my advice – do some reading and then start experimenting as much as possible.
Christian, thank you for sharing with us your take on these topics. Lookingforward to seeing you at the conference in 2020 as well!