About Carl Sampson

About Me

I’m an application security engineer with a career spanning vulnerability research, web security, and security tooling. I write about the vulnerabilities I find and the tools I build to make application security more accessible.

Experience

• Microsoft — https://www.microsoft.com/
• Proofpoint — https://proofpoint.com/
• Salesforce — https://www.salesforce.com/
• Teradata — https://www.teradata.com/
• Anthem — https://www.antheminc.com/

Projects

• csp-toolkit — A Python library and CLI for parsing, analyzing, and finding bypasses in Content Security Policy headers. Available on PyPI.
• appsec.fyi — A curated collection of application security resources organized by vulnerability class and topic.

Community

• Founded the OWASP Indianapolis Chapter in 2005 and continue to serve on the leadership team.

Presentations

• Extending Burp @ DerbyCon — Slides
• Ruby and Security @ CircleCityCon — Slides

Outside Work

I’m an avid runner and cyclist. I’ve completed a 30k, several half-marathons, and more 5k’s than I can count. Follow me on Strava.

Contact

• Email: carl.sampson@gmail.com
• LinkedIn: carlsampson
• GitHub: sampsonc
• X: @chs
• GPG Key: View public key