Belgium Events 2017

WHEN
Monday 29 May 2017

WHERE
Hosted by Ernst & Young.

Address:

De Kleetlaan 2,

1831 Machelen

PROGRAM
The agenda:
 * 18h00 - 18h50: Welcome & sandwiches
 * 18h50 - 19h00: OWASP Update
 * 19h00 - 19h45: HTTP for the worst and the best (by Xavier Mertens, freelance security consultant)
 * Abstract: Today, the classic infection vectors remain SMTP and HTTP. Many spam & phishing campaigns are delivered to the victim’s mailbox and usually the next step of the attack is performed on top of HTTP, by visiting a malicious website or downloading a piece of malicious code. This talk will be split in two parts. To begin, I’ll explain how HTTP techniques are used to make the life of security researchers and incident handlers more difficult (attackers use many techniques to prevent access to their juicy data). The next part will demonstrate that attackers are also humans and make mistakes like all of us. They also need to follow the OWASP Top-10! I’ll review some example of bad code / bad configuration that I found during my investigations.
 * Bio: Xavier Mertens is a freelance security consultant based in Belgium. His job focuses on protecting his customers by applying “offensive” (pentesting) as well as “defensive” security (incident handling, log management, SIEM, security visualisation, OSINT). Xavier is also a SANS Internet Storm Center handler ( https://isc.sans.org ). He’s also maintaining his security blog ( https://blog.rootshell.be ) and is a co-organizer of the BruCON security conference ( http://www.brucon.org ).


 * 19h45 - 20h30: Reverse engineering with Panopticon: a Libre Cross-Platform Disassembler (by Kai Michaelis)
 * Abstract: The Panopticon project aims to develop a tool to end the dominance of proprietary software for reverse engineering.
 * Panopticon is a graphical disassembler written in Rust that runs on GNU/Linux, Windows and OS X, which aims to create a free replacement for tools like IDA Pro and BinDiff.
 * What sets Panopticon apart from other free disassembler is the belief that an intuitive GUI is paramount to aid human analysts to understand as much of the binary as possible. As such Panopticon comes with an Qt 5 UI written in QML that allows browsing and annotating control flow graphs.
 * Bio: Kai Michaelis studies IT-Security in Bochum, Germany and works part-time on Free Software. When he's not on the campus you can meet him at the local hackerspace. His interests are program analysis, reverse engineering and cryptography.


 * 20h30 - ... : Reception

REGISTRATION
Please register via EventBrite: https://owasp-belgium-2017-05-29.eventbrite.com

WHEN
Tuesday 28 Feburary 2017

WHERE
Hosted by Distrinet Research Group (KU Leuven).

Both speakers are faculty of the Secure Application Development course which is held in Leuven from February 27 to March 3.

Address: Department of Computer Science (foyer at ground floor) Celestijnenlaan 200 A 3001 Heverlee (google maps)

Routemap: https://distrinet.cs.kuleuven.be/about/route/

PROGRAM
The agenda:
 * 18h15 - 19h00: Welcome & sandwiches
 * 19h00 - 19h10: OWASP Update (by Lieven Desmet)
 * 19h10 - 20h00: XSS defense strategies (by Jim Manico, Manicode Security)
 * Abstract: TBD
 * Bio: Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. Jim is a frequent speaker on secure software practices and is a member of the Java-One Rock Star speaker community. Jim was a Global Board Member for the OWASP foundation and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill..


 * 20h00 - 20h10: Break
 * 20h10 - 21h00: Why traditional Web security technologies no longer suffice (by Philippe De Ryck, KU Leuven)
 * Abstract: Not a day goes by without a story on a Web security incident somewhere. A data breach disclosing millions of people’s details. A defacement of a major Web site. Malware served from a legitimate Web site to thousands of users. Contrary to popular belief, the people running these Web sites are generally not clueless about security, but getting it right is just not that easy. Recent evolutions, like the rise of public networks, or the strong dependence on third-party code, have made it easier to attack Web sites, and harder to defend them. Join us to get an overview of these threats, and to take a dive into HTTP Strict Transport Security (HSTS), one of the latest Web security technologies that really help you improve security.
 * Bio: Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.

REGISTRATION
Please register via EventBrite: https://owasp-belgium-2017-02-28.eventbrite.com