Bio
Ekin Tulga is a security engineer and consultant specializing in web application security, API protection, and Web Application Firewall (WAF) evaluation and tuning. His work spans both offensive and defensive security, with a focus on validating real-world attack exposure, reducing false positives, and improving the effectiveness of runtime protections.
He has worked with modern application and API architectures to help teams move beyond checkbox security, emphasizing evidence-driven testing, realistic attacker techniques, and measurable defensive outcomes. His experience includes tackling complex security problems in demanding production environments, including large cloud and enterprise platforms where the cost of missed detections and false positives is operationally significant.
Ekin currently leads the development of WAFProber, an open-source framework focused on systematically assessing WAF effectiveness through structured payloads, encoder chains, and realistic traffic placement. The project reflects his broader interest in making WAF behavior testable, observable, and actionable for practitioners.
He actively contributes to the security community through open-source work, knowledge sharing, and mentoring, with an emphasis on practical approaches that scale across modern web and API environments.