Belgium Events 2015

WHEN
24 February 2015

WHERE
Hosted by iMinds-Distrinet Research Group (KU Leuven).

Both speakers are faculty of the Secure Application Development course which is held in Leuven from 10 to 14 February 2014. OWASP Members get a 10% discount to attend the course.

Address: Department of Computer Science (foyer at ground floor) Celestijnenlaan 200 A 3001 Heverlee (google maps)

Routemap: https://distrinet.cs.kuleuven.be/about/route/

PROGRAM
The agenda:
 * 18h15 - 19h00: Welcome & sandwiches
 * 19h00 - 19h15: OWASP Update (by Sebastien Deleersnyder, OWASP Belgium Board)
 * 19h15 - 20h15: Why Code Reviews and Pen-Tests Are Not Enough (by Jim DelGrosso, Cigital)
 * Abstract: Code reviews and penetration tests are excellent techniques for finding defects in software. But there is a whole class of defects that they are not good at finding - flaws. Jim will briefly talk about the differences between bugs and flaws, will describe a technique to help identify flaws, and talk about the work being done as part of the IEEE Center for Secure Design to help people avoid common flaws.
 * Bio: Jim DelGrosso is a Principal Consultant at Cigital with over 30 years of experience working for software development and consulting organizations. At Cigital, Jim heads up the Architecture Analysis practice with the mission to analyze the architecture and design of systems to identify flaws and provide our customers contextual guidance to remediate or mitigate those flaws. Jim is also the Executive Director for the IEEE Computer Society Center for Secure Design initiative.


 * 20h15 - 20h30: Break
 * 20h30 - 21h30: An analysis of exploitation behaviors on the web and the role of web hosting providers in detecting them. (by prof. Aurélien Francillon, EURECOM)
 * Abstract: Compromised websites are often used by attackers to deliver malicious content or to host phishing pages designed to steal private information from their victims. In a first part of the talk I will describe Eurecom's web honeypot, a set of deliberately vulnerable web applications that are regularly compromised by real attackers. In a second part of the talk, I will describe tests we performed on the ability of specialized monitoring services and web hosting providers to detect compromised websites and how they react to user complaints.
 * Bio:  Aurélien Francillon is an assistant professor in the Networking and Security department at EURECOM, where he is co-heading the System and Software Security group. Prior to that he obtained a PhD from INRIA and Grenoble INP and then spent 2 years as a postdoctoral researcher in the System Security Group at ETH Zurich. He is mainly interested in practical aspects of the security of embedded devices.  In this context he has worked on topics such as code injection, code attestation, random number generation, hardware support for software security, bug finding techniques as well as on broader security and privacy topics. He served in many program committees and was program co-chair of CARDIS 2013.

REGISTRATION
Please register via EventBrite: http://owasp-belgium-2015-02-24.eventbrite.com