Netherlands April 21st, 2016


 * OWASP Netherland Wiki
 * All OWASP NL Events 2016

= April 21st, 2016 = Register here

Venue
Universiteit van Amsterdam
 * Universiteitsbibliotheek
 * Singel 425, 1012 WP Amsterdam
 * route

Programme

 * 18:30 - 19:00 Registration & Pizzas
 * 19:00 - 19:15 OWASP Netherland and Foundation Updates
 * 19:15 - 20:00 Securing REST APIs with SSL/TLS - Youssef Oujamaa
 * 20:00 - 20:15 break
 * 20-15 - 21:00 Web Application Firewall, Filter and Bypass - Aatif Khan
 * 21:00 - 21:30 Networking

Securing REST APIs with SSL/TLS
This talk will include an introduction and overview on SSL/TLS, after that we will go through some cons and pros and why using mutual authentication to secure your REST API resources is worth taking in consideration. With this in mind we will dive into an example implementation which uses Java EE 6, how to incorporate key management with your continues delivery pipeline and the importance of maintenance. At the end we will go through some hardening examples for the Apache Tomcat web server.

Web Application Firewall, Filter and Bypass
This talk will take you through different features used by Web Application Firewall which make it more difficult for penetration testers during their testing. These controls block many of the automated tools and simple techniques used to discover flaws today. It will also give an overview on different filtering techniques and will explore how to determine the rule sets protecting the application. You'll be able to map out the rule sets and determine the specifics of how it detects attacks. After identifying the attacks, you will see how it can be bypassed. [[Media:OWASP-NL_2016-04-21-Web_Application Firewall,_Filter_and_Bypass.pdf | Download the presentation as PDF]]

Youssef Oujamaa
Youssef Oujamaa is a full-stack software engineer who currently works for ING in Amsterdam, in his role he has end-to-end responsibility for the development of API services including the security aspects. As an aspirant engineer he started developing software on Linux during middle school and got interested in computer security after participating in an online security war game. He graduated as a computer engineer at the Hogeschool van Amsterdam and wrote his final essay on the subject of secure code analysis. His goal now is to get actively involved in the computer security community and share his insights.

Aatif Khan
Aatif Khan, cyber security researcher comes with over a decade of experience in information security. Apart from consulting on application security, he has also delivered infosec training's to corporate, defense personnel and cyber crime police officials. He has previously presented talk at OWASP Singapore, Malaysia, India and Dubai. He has also authored papers on Advance Persistence Threats, Hacking the Drones, Web Security 2.0, Android Application Penetration Testing.

Sponsors

 * The OWASP Netherlands Chapter is sponsored by:

https://www.owasp.org/images/9/9a/Logo_Informatiebeveiliging-200.png https://www.owasp.org/images/9/92/Ecurify-2016.png https://www.owasp.org/images/5/50/Nixu-logo.png https://www.owasp.org/images/f/f9/Logo_xebia.jpg