Hello world! ;)

Tobias is founder and CTO at savedroid AG and organizer of the AI Meetup and Mobile Usergroup in Frankfurt.

Previously he was well regarded as the CTO of Sitewards, an e-commerce specialist in Frankfurt. He has built up development teams that thrive to be at the cutting edge of web development.

With passion of inspiring people, he takes part in and speaks at conferences worldwide. He also publishes articles in a wide range of magazines, several blogs and has written books about web security.

Security at e-commerce

Tobias has written a book addressing developers and decision makers, which plan or already maintain an e-commerce-site.
Besides the main attack scenarios like xss, injections and csrf it also covers exotics like pixel perfect timing.
Additionally frameworks and tools have been analyzed which help to secure your application.

Featured in screenguide 23

OWASP Top 10

A shortcut about the OWASP Top 10, focused on PHP developers.


Usability Enginneering from and for developers

A different view about the art of writing source code.

PHP Magazin / 04.2015

Security Patterns

Three consecutive articles in the german PHP Magazin about security patterns based on the OWASP Top 10.

PHP Magazin / 02.2014, 03.2014, 04.2014


Article in the german t3n Nr. 34 about the usage and implementation of BigPipe.


What's new in Magento 2?

Some thoughts about the current state of Magento 2.

webguys / 2014-12-05

Magento Test-Suites

Article in the german PHP Magazin about Test-Suites in Magento.

PHP Magazin / 05.2013

E-Commerce goes Enterprise

Article in the german PHP Magazin about the installation and configuration of Apache Solr in Magento Enterprise.

PHP Magazin / 02.2013

PHP and Microsoft SQL Server

Guest blog article in the german phphatesme.com blog about the usage of Microsoft SQL Server in PHP.


Employee motivation

Quoted as an expert on employee motivation in an article at handelsblatt. Available printed and online.


E-commerce interview

The webmagazin recorded a video interview at the Webinale 2014. Talking about pros and cons of e-commerce solutions and which alternatives to Magento are currently relevant.


Lean vs. FinTech

An article about the contradictory buzzwords Lean and FinTech with a reference to savedroid.


Hashtag interview

Talking about #magento, #teamwork, #leadership and #entrepreneur.


From Dev To CTO

Tobias was featured with his "From Dev to CTO" session from the Barcamp Rhein-Main in a following sunday newspaper.

Frankfurter Allgemeine Sonntagszeitung 2014-01-05

About Magento 2.0

An internal interview at Sitewards about Magento 2.0.


Review 2013 / Forecast 2014

The PHP Magazin interviewed Tobias and his colleague Michael about the passed trends and hypes in 2013 and aswell tried to give a forecast for 2014.


Mobile Usergroup Frankfurt

Organizer of the Mobile Usergroup Frankfurt.


OWASP Top 10 for developers

Maintaining the PHP section of the OWASP Top10 for developers.



An implementation of the module management tool modman written in PHP so it runs on every OS.


BigPipe for Magento

Implements a BigPipe option to Magento, so a block can be marked as BigPipe an will be rendered after the first flush appeared. Facebook uses that technique to avoid a blocking of the loading process by some slower components.


FireGento - Admin Monitoring

The admin monitoring logs nearly every save and delete call in the backend of a Magento shop.


Houston - a multi-threading micro-framework

A microframework to create multi-threaded php applications, built before it was cool to do that stuff. ;)


Magento Hackathon - Gamification

The Gamification module allows to track events stored by Hackathon_FrontendMonitoring and release actions like incrementing points, earn badges or cat stickers for a user.



To PHPUnit, Zend Framework, Magento Community and Enterprise, Magento 2, iniscan, Firegento Logger, Mage Setup, Sqlsrv, Typo3 and many more ...

Secrets of leading developers

The next step on the career ladder of most developers is usually the leadership of a team.
Unfortunately we're hardly prepared for this challenge. Besides the simple sharing of tasks there are a lot more things to keep track of like motivation of the team, mentoring and solving of conflicts.
After leading several teams with all up and downs, I would like to share some of my experiences and help the next generation getting a better start in leading a team as well as getting a better understanding what your leader is or can actually do for you.


OWASP Top 10

With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
Presenting you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.



@AndreCedik: Best slide of #dchh so far. By @airbone42 @t3sec: OWASP Top 10 - this session is fun joind.in - IPC @iDocIt: Sehr angenehmer Vortragsstil :).Vielen Dank @airbone42 #dchh @phpmagazin: Kudos @airbone42 für die tolle Session über OWASP

XSS and SQL Injections: The Tip of the Web Security Iceberg

You might know about XSS and usual SQL injection, but time has changed and we have to keep up-to-date with the latest attack scenarios.
Do you also know what clickjacking is? If not I'll show you how to protect against it.
I'll also present techniques like Perfect Pixel Timing and a combination of xss/time-based-sql-injection to access intranet sites, which are not even compromised.



@gallamine: Great talk from @airbone42 on crazy internet security attacks. Evaluation: Many new learnings Evaluation: excellent talk ... very enjoyable, best session I've attended so far Evaluation: Really interesting and informative ...

Dev vs. PM

The collaboration of project management and development is one of the key factors for the realisation of a successful project.
Yet it's struggling quite often based on the diversity of focus, competence and even the different set of used languages.
With my experience of both sides I would like to clear some of the prejudices, but especially help with some practical tipps to work together on a solution. This makes everyone's life easier and you'll remember that nobody is perfect.



@Kathrin_Sr: Very good presentation ... Meet Magento App Rating: 4.3 of 5 (Top 5 General Sessions)

About intelligence

Opening the AI Camp with introducing some basics of intelligence based on the memory-prediction framework theory.



@alipasha: Great lecture ...

Magento 2

Magento 2 was first announced way back when in 2010, but a lot can change in IT over four years.
There was not a lot of noise from the Magento camp until October 2013. Now there is a public repository with updates published weekly.
In this talk we'll have a look at the current technical status, make a comparison to the first version of Magento and review the road ahead.



joind.in / php[world] joind.in / PHPUG @nickweisser: ... motivational and refreshing talk ... @neoshops: Very nice presentation ... @fbrnc: ... That was very interesting and well done!

Software quality in e-commerce projects

An e-commerce project has to be extremely fast, requires a lot of features, and needs to be easily maintainable.
That is what we all know, but what does that actually mean in relation to the code?

In this session we'll not only show you how to build code of very high quality, but how to also measure it.

It covers not only not only how to start, but also what it needs to have a long-term success with your system.



@drlrdsen: Good overview of code quality principles and tools ... Featured in @magetalk episode 8 @brentwpeterson: YES! @airbone42 Rocks! ...

Enterprise Search

The Magento search is usually set up with MySQL Fulltext, which is not only limited in amount of features, but also known as a performance bottle neck.
This talks shows from a technical point of view, how easy it is to set up a fast and efficient search incl. autosuggest-capabilities based on Apache Solr in Magento Enterprise with the integrated Enterprise_Search module.



@sheepfred: Good talk on apache solr by @mannersd and @airbone42 ... @bobbyshaw: Thanks very much for your talk this morning! Great stuff :) @avstudnitz: I like those new slides by @airbone42 and @mannersd :-) @wiktorjarka: #devparadise good job with Solr presentation! Enjoyed it! Magento: ... great presentations were given on Solr integration by Tobias Zander

Magento 101

An overview of the Magento ecosystem, Magento features and technical pros and cons.



The loading time of a website is one of the most important factors for its success. The amount of abandoned page loads raises dramatically, the longer the user has to wait for the content.
Facebook invented a new technology called BigPipe which allows the user to already see the essential parts of a website, while long-loading content is still being rendered. This delivers a better user experience and less abandoned page loads.
This talk will show you the technical details of BigPipe and how it can help you to speed up your site and what you need to know to implement it.



@SenseException: #bigpipe is an interesting piece of JS.


Stack Overflow

When there's some free time left, Tobias is an active member on the Stack Exchange network.

profile for Tobias Zander on Stack Exchange, a network of free, community-driven Q&A sites


Besides the private profile, you have to checkout the sitewards and firegento profiles.

Tobias Zander