Kevin Wall has been involved in application security for the past 15+ years, but he still considers himself a developer first and an appsec engineer second. During most of those 15+ years, Kevin has specialized in applied cryptography and web appsec. Before transitioning to appsec, Kevin spent 17 years at (now Nokia, then AT&T) Bell Labs, leaving there as a DMTS in 1996 to become an independent consultant in C++ and Java. Kevin became involved in the OWASP Enterprise Security API (ESAPI) project in early fall of 2009, and after redesigning and rewriting all the symmetric cryptography related classes, he somehow found himself “elected” as co-project lead of ESAPI in 2011. Kevin also spent from 2000-2007 as an adjunct faculty member on the Franklin University CS staff where he taught Distributed Operating Systems and Computer Security. Kevin has been working on the Wells Fargo Secure Code Review team for just over of 3 years; he figures it is about as close to code as any company will let him get, which is why he stays active in the development of ESAPI. When Kevin is not around code, he waxes eloquently on 3-4 page TL;DR discourses that he posts various mailing lists or hangs out with other dinosaur friends at local watering holes discussing appsec, coding, sports, and quantum physics.
Common Developer Crypto Mistakes (with illustrations in Java)