Netherlands April 21st, 2016
April 21st, 2016
Universiteit van Amsterdam
- Singel 425, 1012 WP Amsterdam
- 18:30 - 19:00 Registration & Pizzas
- 19:00 - 19:15 OWASP Netherland and Foundation Updates
- 19:15 - 20:00 Securing REST APIs with SSL/TLS - Youssef Oujamaa
- 20:00 - 20:15 break
- 20-15 - 21:00 Web Application Firewall, Filter and Bypass - Aatif Khan
- 21:00 - 21:30 Networking
Securing REST APIs with SSL/TLS
This talk will include an introduction and overview on SSL/TLS, after that we will go through some cons and pros and why using mutual authentication to secure your REST API resources is worth taking in consideration. With this in mind we will dive into an example implementation which uses Java EE 6, how to incorporate key management with your continues delivery pipeline and the importance of maintenance. At the end we will go through some hardening examples for the Apache Tomcat web server.
Web Application Firewall, Filter and Bypass
This talk will take you through different features used by Web Application Firewall which make it more difficult for penetration testers during their testing. These controls block many of the automated tools and simple techniques used to discover flaws today. It will also give an overview on different filtering techniques and will explore how to determine the rule sets protecting the application. You'll be able to map out the rule sets and determine the specifics of how it detects attacks. After identifying the attacks, you will see how it can be bypassed.
Youssef Oujamaa is a full-stack software engineer who currently works for ING in Amsterdam, in his role he has end-to-end responsibility for the development of API services including the security aspects. As an aspirant engineer he started developing software on Linux during middle school and got interested in computer security after participating in an online security war game. He graduated as a computer engineer at the Hogeschool van Amsterdam and wrote his final essay on the subject of secure code analysis. His goal now is to get actively involved in the computer security community and share his insights.
Aatif Khan, cyber security researcher comes with over a decade of experience in information security. Apart from consulting on application security, he has also delivered infosec training's to corporate, defense personnel and cyber crime police officials. He has previously presented talk at OWASP Singapore, Malaysia, India and Dubai. He has also authored papers on Advance Persistence Threats, Hacking the Drones, Web Security 2.0, Android Application Penetration Testing.
- The OWASP Netherlands Chapter is sponsored by