Top expert inComprehensive Cybersecurity and DevSecOps Practices
Bernhard Mueller is an offensive security researcher and AI research lead with over two decades of experience discovering and responsibly disclosing critical zero-day vulnerabilities across mobile, desktop, and web3 ecosystems. He authored the initial OWASP MASVS and substantially contributed to the OWASP Mobile App Security Testing Guide, shaping industry standards for mobile security testing. In 2017 he created Mythril, a widely adopted symbolic execution tool for EVM bytecode, and later joined ConsenSys Diligence as a smart contract auditor working with leading DeFi projects. After a sabbatical, he returned as an independent web3 security researcher focusing on niche protocols and now leads AI research efforts at Sherlock while contributing to Spearbit Labs. His background blends deep hands-on exploit development, fuzzing, and reverse engineering with practical security program leadership and due diligence for investors. Known for translating advanced vulnerability research into usable tools and standards, he combines academic rigor with a hacker’s curiosity—aptly hinted by his GitHub bio’s playful logical formula.
11 years of coding experience
10 years of employment as a software developer
DI (FH) Telecommunications, DI (FH) Telecommunications at FH St. Pölten – University of Applied Sciences
The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Role in this project:
Mobile Developer (iOS)
Contributions:1 release, 1012 commits, 420 PRs in 1 year 2 months
Contributions summary:Bernhard's commits focus on adding content and features to the iOS-specific section of the Mobile Application Security Testing Guide (MASTG). The contributions include adding a table of contents for reverse engineering of Android chapters, content related to iOS jailbreaks, and updates to iOS-specific content. The user added and updated iOS crackme exercises to illustrate security concepts.
Smart Contract Weakness Classification and Test Cases
Role in this project:
Security Engineer
Contributions:69 commits, 45 PRs, 57 pushes in 1 year 6 months
Contributions summary:Bernhard contributed to the smart contract security registry by adding test cases related to common vulnerabilities and best practices. Their work included adding benchmarks for visibility functions and integer overflows, highlighting potential issues in Solidity code. They also incorporated real-world samples like Rubixi and BECToken, expanding the repository's coverage of security concerns and demonstrating an understanding of common smart contract patterns. Further, they added test cases focusing on unchecked return values and re-entrancy attacks.
casesweaknesssmart-contractethereumsecurity
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.