Juan Pablo Tosso

Cybersecurity Research Engineer

Backend Developer

Penetration Tester

Open-Source Developer

Juan Pablo Tosso
Juan Pablo Tosso
Juan Pablo Tosso
Juan Pablo Tosso

Cybersecurity Research Engineer

Backend Developer

Penetration Tester

Open-Source Developer

About Me

Hello! I’m Juan Pablo Tosso.

I'm a cybersecurity researcher from Chile, currently working in traceable.ai, I enjoy writing open-source code, hiking, biking, spending time with my children, traveling, writing, and reading. I used to be a white hat hacker, but now I turned into the blue side.

I’m the founder and main developer of the Coraza WAF project.

My main programming languages are Golang, Python, and Ruby.

Some things about me:

  • I speak English, Spanish, and some Japanese. I’m currently studying Chinese.
  • I have this blog to test Coraza ;D
  • I have two amazing children
  • Age 30
  • Residence Chile
  • Company Traceable AI
  • Address Santiago, CL
2022 - Present
Research engineer
Traceable Inc.

Research related to API security, design and develop new API security products, and guide customers to make the most of Traceable AI.

2022 - Present
Project Leader
OWASP Foundation

Founder, leader, and maintainer for the OWASP Coraza Web Application Firewall project. I have led the development and maintenance of the project from v1 to v3.

2019 - 2022
Chief Cybersecurity Officer

Makros is a Chilean cybersecurity consultancy company. I managed multidisciplinary teams and led projects like Penetration Testing, Vulnerability Management, and DevSecOps integrations.

2016 - 2019
Chief Executive Officer
Coraza Technologies

Coraza Technologies was my first startup attempt. My role was to lead Coraza Web Application Firewall as an enterprise cybersecurity product. I led a small team of engineers and managed to raise seed funding.

2012 - 2016
Ethical Hacker

Ethical hacking and penetration testing. During these years, I had the chance to test systems from industries like OT, banking, e-commerce, retail, insurance, and more.

  • Golang
  • Python
  • Ruby
  • C
  • Web Application Firewall
  • Open-Source
  • Linux/GNU
  • Penetration Testing
  • Backend Development
  • Frontend Prototyping
  • SQL and NoSQL
  • Distributed Systems
Other skills
  • Containers
  • Kubernetes
  • Application Security
  • Team Management
  • English
  • Spanish
  • Chinese
December 5, 2021 WordPress with Coraza and Coreruleset

So this site is a standard WordPress running on Apache 2 with a Caddy reverse proxy serving OWASP CRS rules….

November 14, 2021 How did I exported a Golang program into an Apache module

Coraza’s high level APIs are based on libmodsecurity, we use the same 5 phases and the same setters for: Connection…

November 14, 2021 Coraza v2 is coming

Coraza v1 was a successful project but if you read the API you will notice there are a lot of…

November 14, 2021 OWASP CRS retreat

A few weeks ago I was invited as a guest to the OWASP Core Ruleset retreat in the Swiss Alps….

Get in Touch

I won’t give you a dummy contact form, here is my email: jptosso@gmail.com

Feel free to contact me to talk about Coraza or anything. I also answer Twitter (@jptosso) and LinkedIn (@jptosso).