OWASP NL Monthly Meetup

The OWASP Monthly Meetup is a networking opportunity to get together with your peers.
 * OWASP Netherland Wiki

To visit OWASP - Chapter Netherlands Meetup, go here: OWASP NL @ Meetup.com

Dates / Locations: =Upcoming Meetups=

September 27, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/250034921/ TBD

=Past Meetups=

June 28, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/250034898/


 * 18:30 - 19:00 Dinner
 * 19:00 - 19:15 Welcome, OWASP update
 * 19:15 - 20:00: Building a Security ‘Culture’ by Gareth O’Sullivan
 * 20:15 - 21:00: Building secure software with OWASP tools and guides by Martin Knobloch
 * 21:00 - Closing


 * Vergader Inn
 * Croeselaan 207
 * 3521 BN Utrecht

Building a Security ‘Culture’  Rushing Towards Digital Transformation Breaches. Despite significant investments in security technology and processes, attackers still gain access to protected data on a regular basis. IT builds higher and higher walls around the locations where data lives but attacks persist. Mass migration to cloud computing has improved scalability, lowered costs, and freed IT from having to manage the application environment. However, this means cloud becomes a target for attackers, and it becomes more risky to store sensitive data there. BYOD makes users’ devices a target as well. Obviously from a security standpoint, the greater number of devices there are to manage, the greater the risk of attack. What to do, and where to start?

Gareth O’Sullivan Lead Technology Research Consultant at Genomics Medicine Ireland, a company helping map the Irish Genome & recently established as Managing Director of Progress Distribution Ireland a leading EMEA Cyber Security distributor. Gareth is an IT Security Executive with 20 years’ experience in the software industry, 13 of which have been security focused. Previously Snr Director of Solutions Architecture at WhiteHat Security covering EMEA plus similar roles in the past with IBM & Watchfire. Technical, Compliance and Commercially focused so enjoy engaging with technology but also like to build teams, conducting business development, sales channel development & pipeline generation.

Building secure software with OWASP tools and guides All know the OWASP TopTen, some one or more other projects. The problem is, where the wiki is good to archive the project information, it is hard to find information if you don't know what you are looking for. Therefore, only a few have a broader understanding of projects (being tools or guides) you can use in your software development lifecycle, even before, to create more secure software. This talk is highlighting various OWASP projects taking you from CISO policies, security requirements to building and secure software and verifying the security level.

Martin Knobloch is security consultant at Xebia.com. His main working area is (software) security in general, from awareness to implementation. In his daily work, he is responsible for education in application security matters, advise and implementation of application security measures. With his background in Java Development, he understands the complexity of Enterprise software development, Agile Scrum environments and continuous delivery / deployment.

April 12, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/248338412/


 * 18:30 - 19:00 Dinner
 * 19:00 - 19:15 Welcome, OWASP update & Inspire introduction
 * 19:15 - 20:00: Adding Privacy by Design in Secure Application Development by Sebastien Deleersnyder
 * 20:15 - 21:00: Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit by Bernhard Mueller
 * 21:00 - Closing


 * Inspire
 * Voetiusstraat 2
 * 3512 JM Utrecht

Adding Privacy by Design in Secure Application Development The General Data Protection Regulation (GDPR) is coming. One monumental change is the introduction of Privacy by Design. In this presentation we will focus on the Privacy by Design (PbD) implications for developers. Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
 * [[Media:TOREON Adding Privacy by Design in Secure Application Development v20180412.pdf | Download the presentation as PDF]]

Sebastien Deleersnyder is Co-founder & managing partner application security at Toreon.com. Sebastien has helped various companies improve their ICT-, Web- and Mobile Security, including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, co-project leader of the OWASP SAMM project, served on the OWASP Foundation Board member (2007-2013) and performed several presentations and trainings on Web Application, Mobile and Web Services Security. Ethereum is an open software blockchain platform that enables developers to build and deploy decentralized apps. Over the past couple of years, its cryptocurrency Ether has taken the number two spot in market cap second to Bitcoin.

Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit In Ethereum, state transitions are mediated by code (a.k.a “smart contracts”) running in the Ethereum Virtual Machine (EVM) which boasts a turing-complete instruction set, allowing for near-unlimited use cases including (but not limited to) crypto kitties. However, with great flexibility comes great potential for vulnerabilities. And in accordance to Murphy’s law, disaster has stricken several times, resulting in hundreds of millions worth of Ether being stolen or stuck in limbo for all eternity. In this talk, I will investigate recent incidents, and shed light on the various types of flaws that occur in Ethereum smart contracts. I’ll show how to explore the blockchain and reverse engineer smart contract binary code using Mythril, the “nmap of Ethereum”. I’ll also demonstrate the use of symbolic analysis to detect different types of vulnerabilities, including those resulting from inter-contract calls. Finally, I’ll show how to autogenerate Ethereum exploits using the Z3 solver.
 * Download the presentation as PDF

Bernhard Mueller is a security engineer at Consensys and a hacker with a decade-long track record. He has found dozens of zero day flaws in widely used software, published attacks on core Internet protocols, and written award-winning papers. He is also a winner of BlackHat’s “Best Research” Pwnie Award.

March 8, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/248125406/


 * 18:00 - 18:45 Registration & Pizzas
 * 18:45 - 19:00 Welcome & OWASP update
 * 19:00 - 19:15 TNO introduction
 * 19:15 - 20:00 Faalkaart by Elger Jonker
 * 20:00 - 20:15 Break
 * 20:15 - 21:00 Second talk by Edwin van Andel
 * 21:00 - 21:30 Networking and discussion


 * TNO
 * Eemsgolaan 3
 * Groningen

February 8, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/247313273/


 * 18:30 - Start
 * 18:45 - Order food/dinner
 * 19:30 - Presentation about Faalkaart by Elger Jonker.
 * 20:30 - Meet'n' greet - Time to meet your peers!
 * 21:00 - Closing


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

December 7, 2017
OWASP Netherlands Meetup! registration

November 9, 2017
OWASP Netherlands Meetup! registration


 * 18:30 - Doors open / buffet (sponsored by Xebia)
 * 19:15 - Talk:
 * In de Ict-industrie zit naarstig te wachten op het eigen incident dat een groot verschil gaat maken in het denken over beveiliging. De OWASP TOP-10 is het triest bewijs dat veel organisaties, maar bitter weinig leren van beveiliging. Hoe anders is dat in transport geweest toen het denken radicaal omsloeg na de ondergang van de Titanic. Gaat nu opnieuw logistiek opnieuw voor de omslag in denken zorgen of wachten we op een andere ramp? Want dat technologie juist in die industrie een alles veranderende rol staat spelen, kan tot weinig discussie leiden. En als de verandering komt hoe ziet dan de wereld eruit? Is OWASP klaar voor zo’n nieuwe situatie?
 * Brenno de Winter (1971) schreef zijn eerste computerprogramma op vijfjarige leeftijd en is sindsdien altijd met technologie bezig geweest. Hij is al jaren bezig met beveiliging. Tijdens zijn jaren als journalist schreef hij menig verhaal dat een fundamentele discussie startte of het nu ging over het kraken van de OV-chipkaart, Diginotar, de duizenden lekken die rond lektoner naar voren kwamen of falend beleid. Als boekenschrijver schreef hij diverse titels en werkt hij aan eend methodiek om meer ‘zeewaardig te worden’ op beveiligingsgebied.
 * 20:15 - Meet'n' greet
 * Time to meet your peers!
 * 21:30 Closing

Where:

Xebia Wibautstraat 200, 1091 GS Amsterdam

October 5, 2017
OWASP Netherlands Meetup! registration


 * 18:30 - Doors open / buffet (sponsored by Xebia)
 * 19:15 - Talk: OWASP Global and Netherlands update
 * Looking back on the past AppSec-US
 * Looking forward to the BeNeLux-Day 2017
 * 20:15 - Meet'n' greet
 * Time to meet your peers!
 * 21:30 Closing

Where:
 * Xebia
 * Wibautstraat 200, 1091 GS Amsterdam== September 7, 2017 ==

OWASP Netherlands Meetup! registration
 * 18:30 - Doors open / buffet (sponsored by Xebia)
 * 19:15 - Talk: OWASP Security Knowledge Framework, 2.0
 * Glenn and Riccardo ten Cate will talk about the OWASP Security Knowledge Framework (SKF) and the new features of the 2.0 release
 * 20:15 - Meet'n' greet
 * Time to meet your peers!
 * 21:30 Closing

Where:
 * Xebia
 * Wibautstraat 200, 1091 GS Amsterdam

June 8, 2017
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/240446300/


 * 18:30 - Start
 * 19:00 - Order food
 * 20:00 - Discussions/networking/updates


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

April 6, 2017
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/238715293/


 * 18:30 - Start
 * 19:00 - Order food
 * 20:00 - Discussions/networking/updates


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

December 1, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632198/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

November 3, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632193/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

October 6, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632186/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

September 1, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632177/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

August 4, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/kkcwnlyvlbgb/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

June 2, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632164/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

May 12th, 2016
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228094227/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

April 7th, 2016
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632149/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

March 3rd, 2016
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228104950/


 * 18:30 - ? chat, brainstorming etc.


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

February 4th, 2016
Kick-Off BBQ, location to be announced to whom has registered:
 * http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228093822/

December 3rd, 2015

 * 18:30 - ? chat, brainstorming etc. / bijkletsen


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

November 5th, 2015
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/226036523/


 * 18:30 - ? chat, brainstorming etc. / bijkletsen


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

October 1st, 2015

 * 18:30 - 19:00 walk-in / in-loop
 * 19:00 - 19:30 announcements / aankondigingen
 * 19:30 - ? chat, brainstorming etc. / bijkletsen


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

September 3rd, 2015
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/224672626/
 * 18:30 - 19:00 walk-in / in-loop
 * 19:00 - 19:30 announcements / aankondigingen
 * 19:30 - ? chat, brainstorming etc. / bijkletsen


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/

August 6th, 2015
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/224046536/
 * 6:30 - 7:00 walk-in / inloop
 * 7:00 - 7:30 kennismaking / introductions
 * 7:30 - 8:00 aankondigingen / announcements
 * 8:00 - 8:30 Vragen / Q & A, einde


 * Restaurant De Branding
 * Croeselaan 303
 * 3521 BT Utrecht
 * 030-2900299
 * http://www.restaurantdebrandingutrecht.nl/