BeNeLux OWASP Day 2012



= Welcome =

Confirmed trainers for Trainingday

 * Dan Cornell (Denim group) - SDLC with open source tools
 * Dinis Cruz (Security Innovation) - Advanced O2
 * Volkert de Buisonjé (Sogeti) - Secure Java Development with ESAPI (Hands-On )
 * Martin Knobloch (PervaSec) - Essential Web Appplication Security (OWASP Top 10, Webgoat, WebScarab)

Confirmed speakers Conferenceday

 * Dinis Cruz (Security Innovation) - Making Security Invisible by Becoming the Developer’s Best Friends
 * Rüdiger Bachmann and Achim D. Brucker (SAP) - Code review large companies
 * Lieven Desmet (Distrinet, KU Leuven) - Sandboxing JavaScript
 * Herbert Bos and Asia Slowinska (VU Amsterdam) - Body Armor for Binaries
 * Marc Hullegie and Kees Mastwijk (Vest) - Forensics
 * Dan Cornell (Denim group) - Streamlining Application Vulnerability Management: Communication Between Development and Security Teams
 * John Wilander (OWASP Sweden) - Browser security
 * Seba Deleersnyder (OWASP) - Update on OWASP

The OWASP BeNeLux Program Committee

 * Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
 * Martin Knobloch / Ferdinand Vroom, OWASP Netherlands
 * Jocelyn Aubert / Andre Adelsbach, OWASP Luxembourg
 * Steven van der Baan, OWASP CTF Project

Tweet!
Event tag is #owaspbnl12

Donate to OWASP BeNeLux
BeNeLux OWASP Day 2012

= Registration =

Registration is open:
http://www.owasp.org/images/7/77/Buttoncreate.png

To support the OWASP organisation, consider to become a member, it's only US$50! Check out the Membership page to find out more.

= Venue =

Venue is the iMinds-DistriNet Research Group @ KU Leuven
''Celestijnenlaan, 200A 3001 Heverlee Belgium ''

Parking & roadmap:

There is a public parking close to the conference venue.

Roadmap and parking: http://distrinet.cs.kuleuven.be/about/route/

Hotels nearby: Board house (close to the venue) http://www.boardhouse.be The lodge (close to the venue) http://www.booking.com/hotel/be/the-lodge-heverlee.en.html Begijnhof Congres Hotel (1 km from the venue) http://www.bchotel.be/ La Royale (2 km from the venue) http://www.laroyale.be Hotel Ibis (2 km from the venue) http://www.accorhotels.com/gb/hotel-1457-ibis-leuven-centrum/index.shtml Mercure (2 km from the venue) http://www.mercure.com/gb/hotel-7862-hotel-mercure-leuven-center/index.shtml New Damshire (2 km from the venue) http://www.hotelnewdamshire.be

= Trainingday =

Location
The training room is: (TBD) (for details, check the  tab)

Agenda
(TBD)

OWASP Training: Title of training here, by Trainername here

Abstract: Abstract here

This course includes coverage of the following areas:


 * TOC here

Hands on Exercises

Instructions here]'''

Audience

Targeted audience here

Level: Select lever here (Beginner/ Intermediate/ Advanced)

Prerequisite: Enter prerequisites here

e.g. Bring your laptop...

Trainer Bio:

Enter trainerbio here

= Conferenceday =

Location
The training room is: (TBD) (for details, check the  tab)

Agenda
(TBD)

= Speakers =

Sandboxing JavaScript, by Lieven Desmet (Research Manager at KU Leuven)
Abstract: The inclusion of third-party scripts in web pages is a common practice. A recent study has shown that more than half of the Alexa top 10 000 sites include scripts from more than 5 different origins. However, such script inclusions carry risks, as the included scripts operate with the privileges of the including website. In this talk, we propose JSand, a server-driven but client-side JavaScript sandboxing framework. JSand requires no browser modifications: the sandboxing framework is implemented in JavaScript and is delivered to the browser by the websites that use it. Enforcement is done entirely at the client side: JSand enforces a server-specified policy on included scripts without requiring server-side filtering or rewriting of scripts. Most importantly, JSand is complete: access to all resources is mediated by the sandbox. We describe the design and implementation of JSand, and we show that it is secure, backwards compatible, and that it performs sufficiently well. Bio: Lieven Desmet is Research Manager on Software Secure at the iMinds-DistriNet Research Group (KU Leuven, Belgium), where he coaches junior researchers in web application security and participates in dissemination and valorization activities. His interests are in security of middleware and web-enabled technologies. Lieven is actively engaged in OWASP and is board member of the OWASP Chapter Belgium.

OWASP Top 10 vs Drupal, by Erwin Geirnaert (Zion Security)
Abstract: Drupal is the most used and well-known open source content management system in the world. Created by Dries Buytaert years ago it has grown with the support of a big community. Drupal 7 is already released and there is an entire ecosystem for Drupal and Drupal web agencies. During this presentation we will discuss the findings of an automated static code analysis of Drupal 6 and Drupal 7 and how Drupal protects against the OWASP Top 10 Application Security Risks. We will explain the security weaknesses that remain when you use Drupal and what you can implement to have a secure cloud server running Drupal. Bio: Erwin founded ZION SECURITY in 2005 to help companies to protect against the latest threats, attacks against web applications. ZION SECURITY is nowadays a Belgian market leader in the field of security testing, vulnerability management, penetration testing and banking security. Erwin has more than 10 years of experience in web security, graduating with a Master of Science in Software Development from the University of Ghent. Erwin executes different types of projects for a lot of international software companies, financial institutions, telecom and web agencies. Specialist in executing code reviews in different development languages for critical applications, executing continuous penetration tests of their infrastructure and Internet applications. A specialist in J2EE, PHP, .NET, mobile app and web services security. Erwin architects secure e-business projects for web agencies and software companies. He is a recognized application security expert and speaker at international events like Javapolis, OWASP, Eurostar, LSEC,...

= Social Event =

Social Event, November 29th
The social event is scheduled for Thursday, 29th of November and will start at around 19:30

Location
Leuven (TBD)

Remark: Costs are around eur. 10,00.

= CTF =

Capture the Flag!

 * Do you like puzzles?
 * Do you like challenges?
 * Are you a hacker?

Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux 2012 and participate in the Capture the Flag event November 30th 2012.

The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.

All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.

So come, show off your skills, learn new tricks and above all have a good time at the CTF event.

= Sponsor =

Donate to OWASP BeNeLux
BeNeLux OWASP Day 2012

Promotion
Feel free to use the text below to promote our event!

We invite you to our next OWASP event: the BeNeLux OWASP Days 2012!

Free your agenda on the 29th and 30th of November, 2012.

The good news: free! No fee!

The bad news: there are only 280 seats available (first register, first serve)!

Hosted and co-organized by:
https://www.owasp.org/images/4/4a/Logo_distrinet.png https://www.owasp.org/images/5/52/Nessos.png

OWASP BeNeLux 2012 Sponsors:
https://www.owasp.org/images/6/6e/Madison-gurkha-logo.jpg https://www.owasp.org/images/9/94/Sogeti_logo.png https://www.owasp.org/images/1/1d/Logo_Vest_BIG_170.gif https://www.owasp.org/images/7/76/Approach-sponsor.jpg https://www.owasp.org/images/e/e6/Zionsecurity.jpg https://www.owasp.org/images/3/3d/On2it-sponsor.png https://www.owasp.org/images/thumb/a/a1/Iminds-logo.png/200px-Iminds-logo.png