Taras Ivashchenko

Product security team at Ozon and in the past OWASP Moscow team lead. Also known as the developer of a browser extension called CSP Tester and contributor of other security related projects. You can reach me via email oxdef@oxdef.info (PGP key)

Projects

• CycloneDX for Go. Creates CycloneDX Software Bill-of-Materials (SBOM) from Go (with modules) projects. It can be used with OWASP Dependency Track to motinor security issues in 3rd party modules in Go
• dtrack-audit. OWASP Dependency Track API client for intergration into CI/CD pipeline
• CSP Tester. This extension helps web masters to test web application functionality with Content Security Policy (CSP) version 2.0 implemented.
• CSP Reporter. Content Security Policy log parser

Talks

• How to improve software security with OWASP open source initiatives, Samsung Open Source Conference (SOSCON) Russia 2021
• 2011 <= APP_SECURITY <= 2021. Keynote talk, ZeroNights X (2021)
• Security Culture: Here be Hackers, OWASP Global AppSec Tel Aviv 2019
• OWASP Top 10 - 2017 What’s inside?, CENTR Jamboree 2018
• Security in developer’s life: knowledge is power, OWASP Poland Day 2017
• Implementing Content Security Policy at a Large Scale, ZeroNights 2017
• Web Application Security: future standards and technologies, OWASP Russia Meetup #3 (2015)
• Content Security Policy - the panacea for XSS or placebo?, OWASP AppSec Research EU 2013
• Automation of modern web applications security testing, Just4Meeting 2012