Difference between revisions of "Belgium"

From OWASP
Jump to: navigation, search
m
m (Replaced next meeting link with "see you in the autumn" message.)
 
(181 intermediate revisions by 5 users not shown)
Line 3: Line 3:
 
= Local News  =
 
= Local News  =
  
== Stay updated  ==
+
== Upcoming events ==
  
"'''BeNeLux Days 2012'''" is online: https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2012.
+
=== Upcoming chapter meetings ===
 +
* We will welcome you again in autumn 2017!
  
 +
See https://www.owasp.org/index.php/Belgium#Chapter_Meetings for more details.
  
 +
== '''Stay in touch''' ==
 +
 +
<center>
 +
{| cellspacing="15"
 +
|-
 +
| [[Image:Meetup-logo-2x.png|120px|link=http://www.meetup.com/Belgium-OWASP-Open-Web-Application-Security-Project/]]
 +
| [[Image:Join the list.png|150px|link=http://lists.owasp.org/mailman/listinfo/owasp-belgium]]
 +
| [[Image:Follow-us-on-twitter.png|175px|link=https://twitter.com/owasp_be]]
 +
| [[Image:Linkedin-button.gif|135px|link=https://www.linkedin.com/groups/37865]]
 +
|}
 +
</center>
 
If you want to be invited for the next OWASP Belgium Chapter meetings, please [http://eepurl.com/iFZtb drop us your contact info].
 
If you want to be invited for the next OWASP Belgium Chapter meetings, please [http://eepurl.com/iFZtb drop us your contact info].
  
You can also follow us on [https://twitter.com/owasp_be Twitter]!
+
== Structural Sponsors 2017 ==
 
 
== Structural Sponsors 2012/2013 ==
 
OWASP Member affiliated to the Belgium chapter:
 
 
 
{{MemberLinks|link=http://www.pwc.com/|logo=PWC_log_resized.png}}
 
  
OWASP Belgium thanks its structural chapter supporters for 2012 and the OWASP BeNeLux Days 2012:  
+
OWASP Belgium thanks its structural chapter supporters for 2017 and the OWASP BeNeLux Days 2016:  
  
[http://www.iminds.be https://www.owasp.org/images/thumb/a/a1/Iminds-logo.png/200px-Iminds-logo.png]
+
[[File:VeraCode logo.png|250px|link=https://www.veracode.com]]
[http://www.zionsecurity.com https://www.owasp.org/images/e/e6/Zionsecurity.jpg]
+
[[File:Vest.jpg|250px|link=http://www.vest.nl]]
[http://on2it.net https://www.owasp.org/images/3/3d/On2it-sponsor.png]
+
[[File:Intigriti_verticaal.jpg|link=http://www.intigriti.be]]  
 +
[[File:Ecurify-2016.png|link=http://www.securify.nl]]
 +
[[File:HPE_logo_250.png|link=http://www8.hp.com/nl/nl/software-solutions/enterprise-security.html]]
 +
[[File:LogoToreon.jpg|250px|link=https://www.toreon.com]]  
 +
[[File:Zionsecurity.jpg|link=http://www.zionsecurity.com]]
 +
[[File:Nviso_logo_RGB_baseline_200px.png|link=http://www.nviso.be]]
 +
[[File:Whitehat-security_hor.jpg|link=http://www.whitehatsec.com]]  
  
 
If you want to support our chapter, please contact [mailto:seba@owasp.org Seba Deleersnyder]
 
If you want to support our chapter, please contact [mailto:seba@owasp.org Seba Deleersnyder]
Line 27: Line 41:
 
= Chapter Meetings  =
 
= Chapter Meetings  =
  
 +
{{:Belgium_Events_2017}}
  
 +
== Previous Years  ==
  
 
+
Events held in
== Next Meeting (6th of June 2013) in Leuven ==
+
[[Belgium Events 2016|2016]],
 
+
[[Belgium Events 2015|2015]],
=== WHEN ===
+
[[Belgium Events 2014|2014]],
6th of June 2013 (18h00 - 21h00)
+
[[Belgium Events 2013|2013]],
 
+
[[Belgium Events 2012|2012]],
=== WHERE  ===
+
[[Belgium Events 2011|2011]],
This chapter meeting is part of the [[EUTour2013| OWASP Europe Tour 2013]]
+
[[Belgium Events 2010|2010]],
 
+
[[Belgium Events 2009|2009]],
<BR/>
+
[[Belgium Events 2008|2008]],
Hosted by [https://distrinet.cs.kuleuven.be iMinds-Distrinet Research Group (KU Leuven)].
+
[[Belgium Events 2007|2007]],
 
+
[[Belgium Events 2006|2006]],
Address: <br>
+
[[Belgium Events 2005|2005]].
Department of Computer Science (foyer at ground floor)<br> Celestijnenlaan 200 A<br> 3001 Heverlee ([http://googlemapsinterface.kuleuven.be/index.cgi?lang=N&nbol=(50.864186697481145,%204.678754210472107)&zoomlevel=17&plaatsnaam=Department+of+Computer+Science&maptype=roadmap google maps])
 
 
 
Routemap: https://distrinet.cs.kuleuven.be/about/route/
 
 
 
=== PROGRAM ===
 
The agenda:
 
*17h30 - 18h15: '''Welcome &amp; sandwiches'''<br>
 
*18h15 - 18h30: '''[https://www.owasp.org/images/5/5a/Owasp_Belgium_update_2013-06-06_v2.pptx OWASP Update]''' (by Sebastien Deleersnyder, OWASP Belgium Board)<br>
 
*18h30 - 19h30: '''Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead.''' (by Eoin Keary, CTO and founder of BCC Risk Advisory Ltd.)<br>
 
:TBD
 
*19h30 - 20h30: '''Teaching an Old Dog New Tricks: Securing Development with PMD''' (by Justin Clarke, Director and Co-Founder of Gotham Digital Science)<br>
 
:Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.
 
:Justin Clarke is a Director and Co-Founder of Gotham Digital Science. He is the lead author/technical editor of "SQL Injection Attacks and Defense" (Syngress), co-author of "Network Security Tools" (O'Reilly), contributor to "Network Security Assessment, 2nd Edition" (O'Reilly), as well as a speaker at numerous security conferences and events such as Black Hat, EuSecWest, ISACA, BruCON, OWASP AppSec, OSCON, RSA and SANS. Justin is the Chapter Leader for the OWASP London chapter in the United Kingdom.
 
*20h30 - 21h30: '''Vulnerability Prediction in Android Applications''' (by Aram Hovsepyan, Ph. D.)<br>
 
:We present an approach to predict which components of a software system contain security vulnerabilities. Prediction models are a key instrument to identify the weak spots that deserve special scrutiny. Our approach is based on text mining the source code of an application. We have explored the potential of the bag-of-words representation and discovered that a dependable prediction model can be built by means of machine learning techniques. In a validation with 10 Android applications we have obtained performance results that often outclass state-of-the-art approaches.
 
 
 
 
 
=== REGISTRATION  ===
 
Please register via [https://owasp-belgium-2013-06-06.eventbrite.com/ https://owasp-belgium-2013-06-06.eventbrite.com/]
 
 
 
== Previous Meeting (5th of March 2013) in Leuven ==
 
 
 
=== WHEN ===
 
5th of March 2013 (18h00 - 21h00)
 
 
 
=== WHERE  ===
 
This chapter meeting is co-organized with '''[http://www.secappdev.org SecAppDev]'''.
 
 
 
Both speakers are faculty of the [http://www.secappdev.org Secure Application Development course] which is held in Leuven from 4 March 2013 until 8 March 2013. OWASP Members get a 10% discount to attend the course.
 
 
 
<BR/>
 
Hosted by [http://distrinet.cs.kuleuven.be Distrinet Research Group (K.U.Leuven)].
 
 
 
Address: '''UPDATED!'''<br>
 
'''Welcome & Sandwiches:''' <br>Department of Computer Science (foyer at ground floor)<br> Celestijnenlaan 200 A<br> 3001 Heverlee ([http://googlemapsinterface.kuleuven.be/index.cgi?lang=N&nbol=(50.864186697481145,%204.678754210472107)&zoomlevel=17&plaatsnaam=Department+of+Computer+Science&maptype=roadmap google maps])<br>
 
'''Talks:''' <br>Celestijnenlaan 200L, Auditorium L.00.06<br> 3001 Heverlee ([http://googlemapsinterface.kuleuven.be/index.cgi?lang=N&nbol=(50.86327251977556,%204.679660797119141)&zoomlevel=17&plaatsnaam=200L.00.06&maptype=roadmap google maps])<br>
 
 
 
Routemap: http://distrinet.cs.kuleuven.be/about/route/
 
 
 
=== PROGRAM ===
 
The agenda:
 
*18h00 - 18h30: '''Welcome &amp; sandwiches'''<br>
 
*18h30 - 18h45: '''OWASP Update''' (by Lieven Desmet, OWASP Belgium Board)<br>
 
*18h45 - 19h45: '''25 Years of Vulnerabilities''' (by Yves Younan, Senior Research Engineer at Sourcefire)<br>
 
:This talk will take a look into the interesting world of vulnerability statistics. We have examined data for the last 25 years and used it to map out trends and general information on vulnerabilities in software. Some of the questions we look at are "What were the most popular vulnerabilities? Which had the most impact? Which vendors and products suffered from the most issues? Etc. While some of the statistics are predictable, others are surprising. This data was first introduced at RSA Conference San Francisco 2013.
 
:'''Dr. Yves Younan''' is a Senior Research Engineer in the Vulnerability Research Team (VRT) at Sourcefire where he works on vulnerabilities and mitigations. Prior to joining Sourcefire, he worked as a Security Researcher with BlackBerry Security at Research In Motion. Before joining RIM, he was an academic, founding the Native Code Security group within the DistriNet research group at the KU Leuven in Belgium.  He received a Master's degree in Computer Science from the Vrije Universiteit Brussel (VUB) and a PhD in Engineering: Computer Science from KU Leuven. His PhD focused on building efficient mitigations against vulnerability exploitation, several practical mitigations were published and presented at international conferences.
 
*19h45 - 20h00: Break<br>
 
*20h00 - 21h00: '''Banking Security: Attacks and Defences''' (by Steven Murdoch, Senior Researcher at University of Cambridge)<br>
 
:Designers of banking security systems are faced with a difficult challenge of developing technology within a tightly constrained budget, yet which must be capable of defeating attacks by determined, well-equipped criminals. This talk will summarise banking security technologies for protecting Chip and PIN/EMV card payments, online shopping, and online banking. The effectiveness of the security measures will be discussed, along with vulnerabilities discovered in them both by academics and by criminals. These vulnerabilities include cryptographic flaws, failures of tamper resistance, and poor implementation decisions, and have led not only to significant financial losses, but in some cases unfair allocation of liability. Proposed improvements will also be described, not only to the technical failures but also to the legal and regulatory regimes which are the underlying reason for some of these problems not being properly addressed.
 
:'''Dr. Steven J. Murdoch''' is a Royal Society University Research Fellow in the Security Group of the University of Cambridge Computer Laboratory, working on developing metrics for security and privacy. His research interests include covert channels, banking security, anonymous communications, and censorship resistance. Following his PhD studies on anonymous communications, he worked with the OpenNet Initiative, investigating Internet censorship. He then worked for the Tor Project, on improving the security and usability of the Tor anonymity system. Currently he is supported by the Royal Society on developing methods to understand complex system security. He is also working on analyzing the security of banking systems especially Chip & PIN/EMV, and is Chief Security Architect of Cronto, an online authentication technology provider.
 
 
 
=== PRESENTATIONS ===
 
The slides are available online!
 
* '''OWASP Update''' (by Lieven Desmet) ([https://www.owasp.org/images/9/91/Owasp_Belgium_update_2013-03-05.pdf PDF])
 
* '''25 Years of Vulnerabilities''' (by Yves Younan, Sourcefire) ([https://www.owasp.org/images/c/cc/OWASP_Belgium_Yves_Younan_2013.pdf PDF])
 
* '''Banking Security: Attacks and Defences''' (by Steven Murdoch, University of Cambridge) ([https://www.owasp.org/images/d/d5/Owasp13bankingsecurity.pdf PDF])
 
 
 
=== COVERAGE ===
 
Follow what they say about us...
 
* [http://blog.rootshell.be/2013/03/05/owasp-belgium-chapter-wrap-up-march-2013/ /dev/random blog]
 
 
 
== Past Events  ==
 
*Events held in [[Belgium Previous Events 2012|2012]]
 
*Events held in [[Belgium Previous Events 2011|2011]]  
 
*Events held in [[Belgium Previous Events 2010|2010]]  
 
*Events held in [[Belgium Previous Events 2009|2009]]  
 
*Events held in [[Belgium Previous Events 2008|2008]]  
 
*Events held in [[Belgium Previous Events 2007|2007]]  
 
*Events held in [[Belgium Previous Events 2006|2006]]  
 
*Events held in [[Belgium Previous Events 2005|2005]]
 
  
 
= Belgium OWASP Chapter Leaders  =
 
= Belgium OWASP Chapter Leaders  =
Line 117: Line 63:
 
The Belgium Chapter is supported by the following board:  
 
The Belgium Chapter is supported by the following board:  
  
 +
*Sebastien Deleersnyder, Toreon
 
*Erwin Geirnaert, Zion Security  
 
*Erwin Geirnaert, Zion Security  
*Philippe Bogaerts, F5
+
*Lieven Desmet, KU Leuven
*André Mariën, Inno.com
+
*Bart De Win, PWC
*Lieven Desmet, K.U.Leuven
+
*David Mathy, Freelance
*Sebastien Deleersnyder, freelance
+
*Adolfo Solero, Freelance
*Bart De Win, Ascure
+
*Stella Dineva, Ingenico Payment Services
*David Mathy, Focus ICT
+
*Thomas Hermes, NVISO
  
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects. __NOTOC__ <headertabs/>
+
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.  
 +
__NOTOC__ <headertabs></headertabs>
 
[[Category:Europe]]
 
[[Category:Europe]]

Latest revision as of 03:03, 24 June 2017

OWASP Belgium

Welcome to the Belgium chapter homepage. The chapter leader is Sebastien Deleersnyder
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.


Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Upcoming events

Upcoming chapter meetings

  • We will welcome you again in autumn 2017!

See https://www.owasp.org/index.php/Belgium#Chapter_Meetings for more details.

Stay in touch

Meetup-logo-2x.png Join the list.png Follow-us-on-twitter.png Linkedin-button.gif

If you want to be invited for the next OWASP Belgium Chapter meetings, please drop us your contact info.

Structural Sponsors 2017

OWASP Belgium thanks its structural chapter supporters for 2017 and the OWASP BeNeLux Days 2016:

VeraCode logo.png Vest.jpg Intigriti verticaal.jpg Ecurify-2016.png HPE logo 250.png LogoToreon.jpg Zionsecurity.jpg Nviso logo RGB baseline 200px.png Whitehat-security hor.jpg

If you want to support our chapter, please contact Seba Deleersnyder

19 June 2017 Meeting

WHEN

Monday 19 June 2017

WHERE

Host
NVISO
Address
Sinter-Goedelevoorplein 5 Parvis Sainte Gudule,
1000 Brussels
(map, directions)

PROGRAM

The agenda:

  • 18h00 - 18h50: Welcome & sandwiches
  • 18h50 - 19h00: OWASP Update (by Sebastien Deleersnyder, OWASP)
Abstract: The OWASP Summit 2017 is a 5-day participant driven event, dedicated to the collaboration of Development and Security professionals, with a strong focus on DevSecOps. This session will be a debriefing of what was delivered by 130+ participants in 145 Working Sessions :-).
Bio: Sebastien is an OWASP volunteer, Summit co-organizer and application security consultant at Toreon."
  • 19h45 - 20h30: 'Threat modeling lessons from Star Wars (by Adam Shostack, freelance security consultant)
Abstract: Everyone knows you ought to threat model, but in practical reality it turns out to be tricky. If past efforts to threat model haven't panned out, perhaps part of the problem is confusion over what works, and how the various approaches conflict or align. This talk captures lessons from years of work helping people throughout the software industry threat model more effectively. It's designed to help security pros, developers and systems managers, all of whom will leave with both threat modeling lessons from Star Wars and a proven foundation, enabling them to threat model effectively.
Bio: Adam is a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board, and helped found the CVE and many other things. He's currently helping a variety of organizations improve their security, and advising and mentoring startups as a Mach37 Star Mentor. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game. Adam is the author of "Threat Modeling: Designing for Security," and the co-author of "The New School of Information Security."
  • 20h30 - ... : Reception

REGISTRATION

Please register via EventBrite: https://owasp-belgium-2017-06-19.eventbrite.com

Coverage

29 May 2017 Meeting

WHEN

Monday 29 May 2017

WHERE

Host
Ernst & Young
Address
De Kleetlaan 2,
1831 Machelen
(map, directions)

PROGRAM

The agenda:

Abstract: Today, the classic infection vectors remain SMTP and HTTP. Many spam & phishing campaigns are delivered to the victim’s mailbox and usually the next step of the attack is performed on top of HTTP, by visiting a malicious website or downloading a piece of malicious code. This talk will be split in two parts. To begin, I’ll explain how HTTP techniques are used to make the life of security researchers and incident handlers more difficult (attackers use many techniques to prevent access to their juicy data). The next part will demonstrate that attackers are also humans and make mistakes like all of us. They also need to follow the OWASP Top-10! I’ll review some example of bad code / bad configuration that I found during my investigations.
Bio: Xavier Mertens is a freelance security consultant based in Belgium. His job focuses on protecting his customers by applying “offensive” (pentesting) as well as “defensive” security (incident handling, log management, SIEM, security visualisation, OSINT). Xavier is also a SANS Internet Storm Center handler (https://isc.sans.org). He’s also maintaining his security blog (https://blog.rootshell.be) and is a co-organizer of the BruCON security conference (http://www.brucon.org).
  • 19h45 - 20h30: Reverse engineering with Panopticon: a Libre Cross-Platform Disassembler (by Kai Michaelis)
Abstract: The Panopticon project aims to develop a tool to end the dominance of proprietary software for reverse engineering.
Panopticon is a graphical disassembler written in Rust that runs on GNU/Linux, Windows and OS X, which aims to create a free replacement for tools like IDA Pro and BinDiff.
What sets Panopticon apart from other free disassembler is the belief that an intuitive GUI is paramount to aid human analysts to understand as much of the binary as possible. As such Panopticon comes with an Qt 5 UI written in QML that allows browsing and annotating control flow graphs.
Bio: Kai Michaelis studies IT-Security in Bochum, Germany and works part-time on Free Software. When he's not on the campus you can meet him at the local hackerspace. His interests are program analysis, reverse engineering and cryptography.
  • 20h30 - ... : Reception

REGISTRATION

Please register via EventBrite: https://owasp-belgium-2017-05-29.eventbrite.com

Coverage

Photo from the 2017-05-29 meeting of the Belgian OWASP chapter

28 February 2017 Meeting

WHEN

Tuesday 28 Feburary 2017

WHERE

Host
Distrinet Research Group (KU Leuven) (Both speakers are faculty of the Secure Application Development course held in Leuven from 2017-02-27 to 2017-03-03.)
Address
Department of Computer Science (foyer at ground floor)
Celestijnenlaan 200 A
3001 Heverlee
(map, directions)

PROGRAM

The agenda:

Abstract: TBD
Bio: Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. Jim is a frequent speaker on secure software practices and is a member of the Java-One Rock Star speaker community. Jim was a Global Board Member for the OWASP foundation and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill..
Abstract: Not a day goes by without a story on a Web security incident somewhere. A data breach disclosing millions of people’s details. A defacement of a major Web site. Malware served from a legitimate Web site to thousands of users. Contrary to popular belief, the people running these Web sites are generally not clueless about security, but getting it right is just not that easy. Recent evolutions, like the rise of public networks, or the strong dependence on third-party code, have made it easier to attack Web sites, and harder to defend them. Join us to get an overview of these threats, and to take a dive into HTTP Strict Transport Security (HSTS), one of the latest Web security technologies that really help you improve security.
Bio: Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.

REGISTRATION

Please register via EventBrite: https://owasp-belgium-2017-02-28.eventbrite.com

Coverage

Previous Years

Events held in 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.

The Belgium Chapter is supported by the following board:

  • Sebastien Deleersnyder, Toreon
  • Erwin Geirnaert, Zion Security
  • Lieven Desmet, KU Leuven
  • Bart De Win, PWC
  • David Mathy, Freelance
  • Adolfo Solero, Freelance
  • Stella Dineva, Ingenico Payment Services
  • Thomas Hermes, NVISO

Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.