Difference between revisions of "Belgium"

From OWASP
Jump to: navigation, search
m (WHERE)
m (Local News)
 
(205 intermediate revisions by 5 users not shown)
Line 3: Line 3:
 
= Local News  =
 
= Local News  =
  
== Stay updated  ==
+
== Upcoming chapter meetings ==
  
"'''BeNeLux Days 2012'''" is online: https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2012.
+
* '''19 March 2018: Brussels''' (Registration page: https://owasp-belgium-2018-03-19.eventbrite.com)
 +
Past meetings:
 +
* 20 February 2018: Leuven
 +
See https://www.owasp.org/index.php/Belgium#Chapter_Meetings for more details.
  
 +
== '''Stay in touch''' ==
  
 +
<center>
 +
{| cellspacing="15"
 +
|-
 +
| [[Image:Meetup-logo-2x.png|120px|link=http://www.meetup.com/Belgium-OWASP-Open-Web-Application-Security-Project/]]
 +
| [[Image:Join the list.png|150px|link=http://lists.owasp.org/mailman/listinfo/owasp-belgium]]
 +
| [[Image:Follow-us-on-twitter.png|175px|link=https://twitter.com/owasp_be]]
 +
| [[Image:Linkedin-button.gif|135px|link=https://www.linkedin.com/groups/37865]]
 +
|}
 +
</center>
 
If you want to be invited for the next OWASP Belgium Chapter meetings, please [http://eepurl.com/iFZtb drop us your contact info].
 
If you want to be invited for the next OWASP Belgium Chapter meetings, please [http://eepurl.com/iFZtb drop us your contact info].
  
You can also follow us on [https://twitter.com/owasp_be Twitter]!
+
== Structural Sponsors 2018  ==
  
== Structural Sponsors 2012/2013  ==
+
OWASP Belgium thanks its structural chapter supporters for 2018 and the OWASP BeNeLux Days 2017:  
OWASP Member affiliated to the Belgium chapter:
 
  
{{MemberLinks|link=http://www.pwc.com/|logo=PWC_log_resized.png}}
+
[http://www.vest.nl https://www.owasp.org/images/6/67/Vest.jpg]
 +
[https://secwatch.nl https://www.owasp.org/images/f/ff/Secwatch_logo_small.png]
 +
[[File:Avi Logo Transparent Background 300pix.png|200px|link=https://avinetworks.com/]]
 +
[[File:LogoToreon.jpg|250px|link=https://www.toreon.com]]
 +
[[File:Nviso_logo_RGB_baseline_200px.png|link=http://www.nviso.be]]
  
OWASP Belgium thanks its structural chapter supporters for 2012 and the OWASP BeNeLux Days 2012:
 
 
[http://www.iminds.be https://www.owasp.org/images/thumb/a/a1/Iminds-logo.png/200px-Iminds-logo.png]
 
[http://www.zionsecurity.com https://www.owasp.org/images/e/e6/Zionsecurity.jpg]
 
[http://on2it.net https://www.owasp.org/images/3/3d/On2it-sponsor.png]
 
  
 
If you want to support our chapter, please contact [mailto:seba@owasp.org Seba Deleersnyder]
 
If you want to support our chapter, please contact [mailto:seba@owasp.org Seba Deleersnyder]
Line 27: Line 38:
 
= Chapter Meetings  =
 
= Chapter Meetings  =
  
 +
{{:Belgium_Events_2018}}
  
 +
== Previous Years  ==
  
 
+
Events held in
== Next Meeting (5th of March 2013) in Leuven ==
+
[[Belgium Events 2017|2017]],
 
+
[[Belgium Events 2016|2016]],
=== WHEN ===
+
[[Belgium Events 2015|2015]],
5th of March 2013 (18h00 - 21h00)
+
[[Belgium Events 2014|2014]],
 
+
[[Belgium Events 2013|2013]],
=== WHERE  ===
+
[[Belgium Events 2012|2012]],
This chapter meeting is co-organized with '''[http://www.secappdev.org SecAppDev]'''.
+
[[Belgium Events 2011|2011]],
 
+
[[Belgium Events 2010|2010]],
Both speakers are faculty of the [http://www.secappdev.org Secure Application Development course] which is held in Leuven from 4 March 2013 until 8 March 2013. OWASP Members get a 10% discount to attend the course.
+
[[Belgium Events 2009|2009]],
 
+
[[Belgium Events 2008|2008]],
<BR/>
+
[[Belgium Events 2007|2007]],
Hosted by [http://distrinet.cs.kuleuven.be Distrinet Research Group (K.U.Leuven)].
+
[[Belgium Events 2006|2006]],
 
+
[[Belgium Events 2005|2005]].
Address: <br> Department of Computer Science (meeting room '''05.128''' - fifth floor)<br> Celestijnenlaan 200 A<br> 3001 Heverlee <br>
 
 
 
Routemap: http://distrinet.cs.kuleuven.be/about/route/
 
 
 
=== PROGRAM ===
 
The agenda:
 
*18h00 - 18h30: '''Welcome &amp; sandwiches'''<br>
 
*18h30 - 18h45: '''OWASP Update''' (by Lieven Desmet, OWASP Belgium Board)<br>
 
*18h45 - 19h45: '''25 Years of Vulnerabilities''' (by Yves Younan, Senior Research Engineer at Sourcefire)<br>
 
:This talk will take a look into the interesting world of vulnerability statistics. We have examined data for the last 25 years and used it to map out trends and general information on vulnerabilities in software. Some of the questions we look at are "What were the most popular vulnerabilities? Which had the most impact? Which vendors and products suffered from the most issues? Etc. While some of the statistics are predictable, others are surprising. This data was first introduced at RSA Conference San Francisco 2013.
 
:'''Dr. Yves Younan''' is a Senior Research Engineer in the Vulnerability Research Team (VRT) at Sourcefire where he works on vulnerabilities and mitigations. Prior to joining Sourcefire, he worked as a Security Researcher with BlackBerry Security at Research In Motion. Before joining RIM, he was an academic, founding the Native Code Security group within the DistriNet research group at the KU Leuven in Belgium.  He received a Master's degree in Computer Science from the Vrije Universiteit Brussel (VUB) and a PhD in Engineering: Computer Science from KU Leuven. His PhD focused on building efficient mitigations against vulnerability exploitation, several practical mitigations were published and presented at international conferences.
 
*19h45 - 20h00: Break<br>
 
*20h00 - 21h00: '''Banking Security: Attacks and Defences''' (by Steven Murdoch, Senior Researcher at University of Cambridge)<br>
 
:Designers of banking security systems are faced with a difficult challenge of developing technology within a tightly constrained budget, yet which must be capable of defeating attacks by determined, well-equipped criminals. This talk will summarise banking security technologies for protecting Chip and PIN/EMV card payments, online shopping, and online banking. The effectiveness of the security measures will be discussed, along with vulnerabilities discovered in them both by academics and by criminals. These vulnerabilities include cryptographic flaws, failures of tamper resistance, and poor implementation decisions, and have led not only to significant financial losses, but in some cases unfair allocation of liability. Proposed improvements will also be described, not only to the technical failures but also to the legal and regulatory regimes which are the underlying reason for some of these problems not being properly addressed.
 
:'''Dr. Steven J. Murdoch''' is a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory, working on developing metrics for security and privacy. His research interests include covert channels, banking security, anonymous communications, and censorship resistance. Following his PhD studies on anonymous communications, he worked with the OpenNet Initiative, investigating Internet censorship. He then worked for the Tor Project, on improving the security and usability of the Tor anonymity system. Currently he is supported by the Royal Society on developing methods to understand complex system security. He is also working on analyzing the security of banking systems especially Chip & PIN/EMV, and is Chief Security Architect of Cronto, an online authentication technology provider.
 
 
 
=== REGISTRATION  ===
 
Please register via [https://owasp-belgium-2013-03-05.eventbrite.com https://owasp-belgium-2013-03-05.eventbrite.com]
 
 
 
== Past Events  ==
 
*Events held in [[Belgium Previous Events 2012|2012]]
 
*Events held in [[Belgium Previous Events 2011|2011]]  
 
*Events held in [[Belgium Previous Events 2010|2010]]  
 
*Events held in [[Belgium Previous Events 2009|2009]]  
 
*Events held in [[Belgium Previous Events 2008|2008]]  
 
*Events held in [[Belgium Previous Events 2007|2007]]  
 
*Events held in [[Belgium Previous Events 2006|2006]]  
 
*Events held in [[Belgium Previous Events 2005|2005]]
 
  
 
= Belgium OWASP Chapter Leaders  =
 
= Belgium OWASP Chapter Leaders  =
Line 76: Line 61:
 
The Belgium Chapter is supported by the following board:  
 
The Belgium Chapter is supported by the following board:  
  
 +
*Sebastien Deleersnyder, Toreon
 
*Erwin Geirnaert, Zion Security  
 
*Erwin Geirnaert, Zion Security  
*Philippe Bogaerts, F5
+
*Lieven Desmet, KU Leuven
*André Mariën, Inno.com
+
*Bart De Win, PWC
*Lieven Desmet, K.U.Leuven
+
*David Mathy, Freelance
*Sebastien Deleersnyder, SAIT Zenitel
+
*Adolfo Solero, Freelance
*Bart De Win, Ascure
+
*Stella Dineva, Ingenico Payment Services
*David Mathy, Focus ICT
+
*Thomas Herlea, NVISO
  
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects. __NOTOC__ <headertabs/>
+
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.  
 +
__NOTOC__ <headertabs></headertabs>
 
[[Category:Europe]]
 
[[Category:Europe]]

Latest revision as of 09:12, 1 March 2018

OWASP Belgium

Welcome to the Belgium chapter homepage. The chapter leader is Sebastien Deleersnyder
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.


Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming chapter meetings

Past meetings:

  • 20 February 2018: Leuven

See https://www.owasp.org/index.php/Belgium#Chapter_Meetings for more details.

Stay in touch

Meetup-logo-2x.png Join the list.png Follow-us-on-twitter.png Linkedin-button.gif

If you want to be invited for the next OWASP Belgium Chapter meetings, please drop us your contact info.

Structural Sponsors 2018

OWASP Belgium thanks its structural chapter supporters for 2018 and the OWASP BeNeLux Days 2017:

Vest.jpg Secwatch_logo_small.png Avi Logo Transparent Background 300pix.png LogoToreon.jpg Nviso logo RGB baseline 200px.png


If you want to support our chapter, please contact Seba Deleersnyder

19 March 2018 Meeting

WHEN

Monday 19 March 2018

WHERE

Host
ING Belgium
Address
Cours St Michel 60 - 1040 Brussel

PROGRAM

The agenda:

  • 18h15 - 19h00: Welcome & sandwiches
  • 19h00 - 19h10: OWASP Update (by Sebastien Deleersnyder, OWASP)
  • 19h10 - 20h00: KRACKing WPA2 in Practice Using Key Reinstallation Attacks (by Mathy Vanhoef, imec-DistriNet-KU Leuven)
Abstract: This talk presents the key reinstallation attack against WPA2 (KRACK attack). It abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several cryptographic Wi-Fi handshakes are affected by the attack.
All protected Wi-Fi networks use the 4-way handshake to generate a fresh session key. So far, this 14-year-old handshake has remained free from attacks. However, we show that the 4-way handshake is vulnerable to a key reinstallation attack. Here, the adversary tricks a victim into reinstalling an already-in-use key. This is achieved by manipulating and replaying handshake messages. When reinstalling the key, associated parameters such as the incremental transmit packet number (nonce) and receive packet number (replay counter) are reset to their initial value.
Talk talk also discusses the vulnerability disclosure process that was followed. Since the discovery affected numerous vendors, coordinating the disclosure was non-trivial.
Bio: Mathy Vanhoef is a postdoctoral researcher at KU Leuven. He did his PhD on the security of WPA-TKIP, TLS, and RC4. His research interest is in computer security with a focus on wireless security (e.g. Wi-Fi), network protocols in general, the RC4 stream cipher (where is discovered the RC NOMORE attack), and software security (discovering and exploiting vulnerabilities). Currently his main research is about automatically discovering vulnerabilities in network protocol implementations, and proving the correctness of protocol implementations.
  • 20h00 - 20h10: break
  • 20h10 - 21h00: Making the web secure by design (by Glenn Ten Cate, ING Belgium, and Riccardo Ten Cate, Xebia)
Abstract: Education is the first step in the Secure Software Development Lifecycle. The free OWASP Security Knowledge Framework (SKF) is intended to be a tool that is used as a guide for building and verifying secure software. It can also be used to train developers about application security. This talk will help you as a developer to become THE Neo of your development team. We will show how you can do security by design and introduce other quality gates into your development pipeline to ensure high end quality and security of your project.
Bio: As a coder, hacker, speaker, trainer and security researcher employed at ING Belgium, Glenn Ten Cate has over 10 years experience in the field of security. One of the founders of defensive development [defdev] a security training and conference series dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. His goals is to create an open-source software development life cycle with the tools and knowledge gathered over the years.
Bio: As a penetration tester from the Netherlands employed at Xebia, Riccardo Ten Cate specialises in web-application security and has extensive knowledge in securing web applications in multiple coding languages. He is also a specialist in setting up Secure Software Development Life Cycles.
  • 21h00 - 21h30: Networking drink

REGISTRATION

Please register via EventBrite: https://owasp-belgium-2018-03-19.eventbrite.com

Coverage

20 February 2018 Meeting

WHEN

Tuesday 20 February 2018

WHERE

Host
DistriNet Research Group (KU Leuven) (Both speakers are faculty of the Secure Application Development course held in Leuven from 2018-02-19 to 2018-02-23.)
Address
Department of Computer Science (foyer at ground floor)
Celestijnenlaan 200 A
3001 Heverlee
(map, directions)

PROGRAM

The agenda:

Abstract: Usability problems are a major cause of many of today's IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and on the creation of usable security mechanisms. While major improvements have been made, to date USEC research has focused almost entirely on the non-expert end-user. However, many of the most catastrophic security incidents were not caused by end-users, but by developers or administrators. Heartbleed and Shellshock were both caused by single developers yet had global consequences. The Sony hack in 2014 compromised an entire multi-national IT-infrastructure and misappropriated over 100 TB of data, unnoticed. Fundamentally, every software vulnerability and misconfigured system is caused by developers or administrators making mistakes, but very little research has been done into the underlying causalities and possible mitigation strategies. In this talk we will explore the transition from end-user to expert usable security research and look at several application areas, including TLS, passwords, malware analysis and vulnerability analysis.
Bio: Matthew Smith is a Professor for Usable Security and Privacy at the University of Bonn. His research is focused on human factors of security and privacy mechanisms with a wide range of application areas, including TLS and network security, authentication, mobile and app security and, most recently, usable security for developers and administrators. His work has been published at amongst others IEEE S&P, ACM CCS, USENIX Security, NDSS, ACM SIGCHI and SOUPS the Symposium on Usable Security and Privacy. In 2015 his ERC Starting Grant "Frontiers of Usable Security" was selected for funding.
Abstract: Everyone makes security mistakes, and that includes Microsoft (seriously!). Many developers can spot and prevent vulnerabilities listed in the OWASP top 10. But that narrative changes when we look beyond the scope of the OWASP top 10. Compared to some more recent attacks, fixing XSS or SQL injection almost seems easy. In this session, we dive into a couple of .NET core cases that have been reported to the Microsoft Security Response Center (MSRC). Mind you; these vulnerabilities are not just framework vulnerabilities. Instead, they are coding patterns that you may have introduced in your applications. Examples are issues with hash tables, compression, encryption, regular expressions and more. In this session, you will learn how to spot these vulnerabilities in your code. On top of that, you will walk away with the skills to fix them.
Bio: Barry Dorrans is the .NET Security Czar, which means he tries to tell everyone else how to code securely and taking the credit when it goes right, as well as running the .NET Core Bug Bounty. He also ends up triaging publicly and privately reported vulnerabilities when it goes wrong before getting someone else to fix the mistakes. This he gets all the fun and none of the real work, aside from the endless stress wondering when the next vulnerability will be discovered.

REGISTRATION

Please register via EventBrite: https://owasp-belgium-2018-02-20.eventbrite.com

Coverage

Previous Years

Events held in 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.

The Belgium Chapter is supported by the following board:

  • Sebastien Deleersnyder, Toreon
  • Erwin Geirnaert, Zion Security
  • Lieven Desmet, KU Leuven
  • Bart De Win, PWC
  • David Mathy, Freelance
  • Adolfo Solero, Freelance
  • Stella Dineva, Ingenico Payment Services
  • Thomas Herlea, NVISO

Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.