Netherlands Previous Events 2006

Meeting schedule 2006
This is an overview of the 2006 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.

March 9th 2006 -- Time        : 17.30 - 21.30 Main Topic  : Workshop: Architectural and design risk analysis Presentations: Improving Security in the Application Development Life-cycle, Migchiel de Jong Location    : Getronics PinkRoccade - Fauststraat 1, 7323 BA Apeldoorn Sponsor     : Getronics PinkRoccade

Meeting minutes March 9th 2006
On 9 march, the second meeting of OWASP Netherlands local chapter took place. GetronicsPinkRoccade provided the venue, in their luxury conference centre: Connection I. Agenda: 18.00 - 18.45 Check-In (bread & drinks) 18.45 - 19.00 Opening 19.00 - 20.00 Improving Security in the Application Development Life-cycle, Migchiel de Jong 20.00 - 20.15 Coffee break 20.15 - 22.00 Form focus groups The presentation of Migchiel de Jong was found very interesting by the audience. At the end of his presentation, he demonstrated a static code analysis of the OWASP webgoat application. After the coffee break, the attendances started discussing about the largest common topics of interest in the web application security field, in relation to the OWASP Netherlands chapter. As a result, the following focus groups are formed: Testing The current OWASP Testing project and the Open Source Security Testing Methodology Manual of ISECOM, provide guidelines and best practices for testers. These guidelines can be used to formalize a standard structure and a set of minimum requirements for a security test. Clients could ask a tester to adhere to these guidelines. A second idea is to standardize the testing results management report. In practice, testing could result in piles of paper with all the findings. The real value is reporting it in a usable way. For example: mapping technical findings to business risks. Frans v. Buul Peter Gouwentak Arthur Donkers Eelco Klaver Migchiel de Jong Mario de Boer First focus group meeting: Monday 27 march, 18:00h, PwC Utrecht Public Relations This focus group will try to make business aware of the security impact that developing, hosting and using web applications has. What OWASP is and how OWASP can help. This can be done by giving presentations, writing papers and articles, word of mouth, etc. etc. Remco Bakker Ronald Eygendaal Bas van Vossen Edwin van Vliet Eelco Klaver First presentation of OWASP materials: Edwin van Vliet, TestNet - Voorjaarsevenement, 5 april First focus group meeting: To be planned! Education OWASP and universities/schools could benefit from working together. For example: - OWASP provides lot's of materials usable in colleges. - Develop OWASP training course. - Students can participate in OWASP projects - OWASP can provide a platform for supporting research. Such as thesis projects, etc. - OWASP representatives could provide guest colleges. Ronald Eygendaal Erik Poll Bas van Vossen Edwin van Vliet First focus group meeting: To be planned! The presentation is available here: [[Media:OWASP_NL_Fortify_Software.pdf]]

Meeting March 9th 2006: Second meeting of the OWASP Netherlands local chapter!
In this second meeting focus groups are to be formed, to discuss common problems, develop and research common solutions in a vendor neutral environment. So this is a very good opportunity to get in contact with others, to exchange knowledge and experiences on specific topics. For every focus group the following questions has to be answered: 1. Which specific topic is to be addressed? 2. What are the deliverables? 3. What is the relation to OWASP? (Current projects, materials, expertise and knowledge interchange, etc.) 4. Who is the central contact of the subgroup? It would be nice to have a bigger and more diverse group, compared to the first meeting. So let's recall: "Please, bring at least one friend, next time." And don't hesitate to send this announcement to everybody who may be interested! We thank Getronics PinkRoccade for offering us a venue: Getronics PinkRoccade Fauststraat 1 7323 BA Apeldoorn The agenda: 18.00 - 18.30 Check-In 18.30 - 18.45 Opening 18.45 - 19.30 Improving Security in the Application Development Life-cycle, Migchiel de Jong 19.30 - 20.00 Collecting focus group initiatives 19.45 - 20.00 Coffee break 20.00 - 21.00 Form focus groups Presentation Abstract Rather than spending large amounts of time and money on proving that we have security vulnerabilities after programs go into production, companies should go to the source and correct vulnerabilities as early as possible in the development stage. It is unquestionably faster, simpler, and cheaper for developers to correct vulnerabilities as they build programs. But how can development management ensure that developers focus on security when there is no time or budget for security at the development stage? Even with the correct focus, how can they learn what to look for? How can they stay ahead of the dedicated and resourceful hacker? The answer is effective processes and better tools. With advanced software security tools, a developer can pinpoint vulnerabilities in a matter of seconds — the same vulnerabilities that would take a hacker or manual code reviewer weeks or even months to find. These same tools can give development and information security managers useful metrics on application vulnerabilities before they are released into deployment. This talk will walk through the Application Development Life-Cycle and discuss how tools can help come to grips with software security issues in a particular phase. About the presenter Migchiel de Jong has developed hardware and software for 10 years before joining Rational Software. During the 5 years at Rational Software (later acquired by IBM) he was involved in many software development process improvement projects. Currently Migchiel de Jong is working at Fortify Software, Palo Alto, California, as a software security engineer. If you want to attend send an email to owasp@irc2.nl. Please don't wait, 9 march is not that long anymore! All OWASP chapter meetings are free, there are never vendor pitches or sales presentations at OWASP meetings. NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits.