OWASP BeNeLux-Day 2017
- Jacoba Sieders
Confirmed speakers Conference
- Jeroen Willemsen
- Sebastian Lekies
- Mattijs van Ommeren
- Nanne Baars
- Sebastien Deleersnyder
- Bart De Win
OWASP BeNeLux conference is free, but registration is required!
The OWASP BeNeLux Program Committee
- Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
- Martin Knobloch / Joren Poll, OWASP Netherlands
- Jocelyn Aubert, OWASP Luxembourg
Event tag is #owaspbnl17
Donate to OWASP BeNeLux
OWASP BeNeLux conference is free, but registration is required!
OWASP BeNeLux training is reserved for OWASP members, and registration is required!
To support the OWASP organisation, we ask training attendees to become an OWASP member, it's only US$50! Students and faculty are invited to become member as well, but can freely attend. Check out the Membership page to find out more.
To support the OWASP organisation, consider to become a member, it's only US$50!
Check out the Membership page to find out more.
The venue is located:
How to reach the venue?
Map: Google map
Trainingday is November 23rd
|Time||Description||Room TBA||Room TBA||Room TBA|
|08h30 - 9h30||Registration|
|09h30 - 11h00||Training|| WebGoat - Teaching application security 101
by Nanne Baars
|11h00 - 11h30||Coffee Break|
|11h30 - 13h00||Training|
|13h00 - 14h00||Lunch|
|14h00 - 15h30||Training|
|15h30 - 16h00||Coffee Break|
|16h00 - 17h30||Training|
WebGoat - Teaching application security 101 by Nanne Baars
- Web Application Breaker
WebGoat application, security teaching secure development
A good defense against insecure code requires understanding the mechanics behind how attackers exploit simple programming mistakes. The WebGoat team will walk through exercises like SQL Injection, XSS, XXE, CSRF, ... and demonstrate how these exploits work.
We will show you how you can use WebGoat to train your developers to avoid these simple but common programming mistakes.
We also show you how to extend WebGoat to create lessons specific to your environment. Join us to learn the most basic, but common, application security problems.
Tired of all the lessons? During the training we will host a small CTF competition which you can take a shot at and compete with each other...
Nanne Baars works as a security consultant & developer at JDriven and is one of the primary developers of WebGoat.
Conferenceday is November 24th
|08h30 - 09h00||Registration|
|09h00 - 09h15||Opening|
|09h15 - 10h00||speaker name||BeNeLux_OWASP_Day_2017#talk title|
|10h00 - 10h45||TBD||TBD|
|10h45 - 11h15||Morning Break|
|11h15 - 12h00||TBD||TBD|
|12h00 - 12h45||TBD||TBD|
|12h45 - 13h45||Lunch|
|13h45 - 14h30||TBD||TBD|
|14h30 - 15h15||TBD||TBD|
|15h15 - 15h45||Break|
|15h45 - 16h30||TBD||TBD|
|16h30 - 17h15||TBD||TBD||TBD||TBD|
|17h15 - 17h30||Closing|
A Series of Unfortunate Events: Where Malware Meets Murphy by Mattijs van Ommeren
When an end user reports some “strange looking file names”, which, after investigating, you discover include several hundreds of Gigabytes of encrypted data, you of course know you are going to have a bad day. Your AV solution has failed you, your firewall has failed you, and your SIEM has failed you. Basically, every piece of security infrastructure you have put your trust (and money) into has left you out in the cold and you thank <deity of choice> that at least the nightly backup was completed successfully. Spin up the tape drive, and soon you will be back in business, or not…?
This talk is about failure. Not only about a failing security infrastructure, but also about failure in doing the Right Thing™ as a first responder, about the failure of Operating System tools, failing APIs, and ironically, also the failure of malware (which is unfortunately not as positive as it may sound). The scenario presented comes pretty close to the worst chain of events you can imagine, in an attempt to recover from a ransomware incident.
Luckily – this story has a happy ending. We will reveal how one can be prepared for when both Count Olaf and Murphy come knocking on your door simultaneously.
Mattijs van Ommeren has been poking hardware and software for 15 years. He has spent most of his working life as a security consultant, attacking and defending both traditional IT environments as well as more esoteric embedded devices and industrial systems. Presently he has a lot of fun at Nixu.
Common REST API security pitfalls by Philippe De Ryck, PhD
These are hard questions, as evidenced by the deployment of numerous insecure REST APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.
How to spend $3.6mil on one coding mistake, and other fun stuff you can do with $3.6mil by Matia Madou
In a recent global study, the average cost of a data breach is $3.62M globally. This session will discuss infamous examples of data breaches that has made headlines around the world. We will explore the technical details of the vulnerability itself and what a coding solution may have been to prevent the breach. We will also dive deeper on exploring different solutions, processes and techniques you can apply in your day-to-day to prevent application security vulnerabilities in your code.
Matias Madou is a Co-Founder and CTO of Secure Code Warrior where he is responsible for leading the company’s technology vision and overseeing the engineering team. Matias has more than 15 years of hands-on software security experience and has developed solution for companies such as HP Fortify, and founded a company called Sensei Security. Matias has led multiple application security research projects which have led to commercial products and boasts over 10 patents under his belt. When he is away from his desk, Matias has served as an instructor for advanced application security training courses and regularly speaks at global conferences including RSA Conference, Black Hat, DefCon, BSIMM, OWASP AppSec and BruCon. Matias holds a Ph.D. in Computer Engineering from Ghent University.
Don't trust the DOM: Bypassing XSS mitigations via script gadgets by Sebastian Lekies
Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques have been introduced to prevent or mitigate XSS. Most of these techniques, thereby, focus on script tags and event handlers. HTML sanitizers, for example, aim at removing potentially dangerous tags and attributes. Another example is the Content Security Policy, which forbids inline event handlers and aims at white listing of legitimate scripts.
Sebastian Lekies is tech leading the Web application security scanning team at Google. Before joining Google, he was part of SAP's Security Research team, where he conducted academic research in the area of client-side Web application security. Sebastian is regularly speaking at academic and non-academic security conferences such as BlackHat US/EU/Asia, DeepSec, OWASP AppSec EU, Usenix Security, CCS, and many more...
Creating An AppSec Pipeline With Containers In A Week How We Failed And Succeeded by Jeroen Willemsen
Join us on our adventure of setting up a appsec pipeline with Docker containers. What did go wrong, how did we succeed? How do you fight false positives and how do you get the best out of the products out there without bothering the development teams too much.
Jeroen Willemsen is a security architect with a passion for mobile and risk management. He loves to work on secure building blocks, security automation pipelines and embedding information security risk management controls in an agile environment. He is dedicated to help developers, product owners and architects to take security seriously in their daily development life (but not too serious of course ;-)).In his spare time he loves to experiment with new technologies and frameworks.”
Social Event,starting at 7PM
Become a sponsor of OWASP BeNeLux
There are 3 combined sponsorship packages (Gold, Silver or Bronze) that cover the BeNeLux chapter meetings 2018 and the BeNeLux OWASP Days 2017 in Tilburg, the Netherlands.
Download our sponsor brochure TBD and contact us for questions or sponsorship confirmation!
Your sponsorship will be invested directly in the chapter meetings, supporting speaker and catering expenses.
The sponsorship will also be dedicated to cover the costs of the OWASP 2017 BeNeLux event.
Made possible by our Sponsors
Platinum Gold: Silver: Bronze: