Difference between revisions of "Belgium Previous Events 2005"

From OWASP
Jump to: navigation, search
(New page: Belgium events held in 2005 ===Meeting Notes second OWASP Belgium Chapter meeting (Leuven, 28-Sep-2005)=== On 28th of September 2005 we had our second OWASP Belgium Chapter meeting. W...)
 
 
Line 70: Line 70:
 
We had some interesting discussions with Frank on the position of security controls: within the code or within the supporting infrastructure?<br>
 
We had some interesting discussions with Frank on the position of security controls: within the code or within the supporting infrastructure?<br>
 
Another idea is also to look for a top 10 solutions for Web Applications and have some guidance system when selecting countermeasures.<br>
 
Another idea is also to look for a top 10 solutions for Web Applications and have some guidance system when selecting countermeasures.<br>
 +
 +
----

Latest revision as of 10:12, 8 September 2007

Belgium events held in 2005

Meeting Notes second OWASP Belgium Chapter meeting (Leuven, 28-Sep-2005)

On 28th of September 2005 we had our second OWASP Belgium Chapter meeting. We had nearly 50 people coming to the meeting!

WHEN
Wednesday 28th of September 2005, 18h00 - 21h00 at Ubizen in Leuven.

PROGRAM
18h00 - 18h15: Welcome & get a drink

18h15 - 18h45: Sebastien Deleersnyder, Ascure
        OWASP & OWASP Membership

18h45 - 19h30: Emmanuel Bergmans, I-logs
        Securing Web Applications with ModSecurity
Emmanuel gave an interesting introduction on ModSecurity.
The presentation is included as attachment and contains a lot of great pointers and SWOT analysis.
Conclusions were:
ModSecurity can be particularly useful in an ISP environment
Increased effort is necessary to synchronize multiple ModSecurity configurations in a Webfarm

19h30 - 20h45:
OWASP Top 10 Vulnerabilities: Panel Discussion
        The presentation is included with an introduction of the TOP 10.
Then we had a lively panel Discussion with:

  • Erwin Geirnaert, Security Innovation
  • Dirk Dussart, Belgian Post
  • Eric Devolder, Mastercard
  • Herman Stevens, Ubizen
  • Frank Piessens, KU Leuven


We handled questions about the Top 10:

  • Is the OWASP Top 10 still necessary?
  • Are we talking vulnerabilities, solutions or threats?
  • Can we base our best practices / standards on the Top 10?
  • How to test your web site security on the Top 10?

The overall discussion was interesting, and at times diverted to an overall application security discussion.
Some of the remarkable opinions covered:
Can / or should the OWASP Top 10 form the basis for a certification scheme
If it is used as an awareness tool, can we promote it with an OWASP magazine?
The OWASP Top 10 is too vague
A bigger exhaustive list is needed with a clear classification and taxonomy
It should be based on threat modelling.
One of the more pertinent questions: how did the original authors come to the Top 10?


Meeting Notes First OWASP Belgium Chapter Meeting (Gent, 26-May-2005)

On 26th of May 2005 we held the first OWASP Belgium Chapter meeting!

It was a big success: we had nearly 40 people attending, despite the Belgium-unlike hot weather.


PROGRAM
17h30 - 18h00: Welcome & get a drink

18h00 - 18h45: Sebastien Deleersnyder, Ascure
        OWASP Introduction

19h00 - 19h45: Erwin Geirnaert, Security Innovation
        How to Break Web Application Security

20h00 - 20h45: professor Frank Piessens, KU Leuven
        How to Build Secure Web Applications

We had some interesting discussions with Frank on the position of security controls: within the code or within the supporting infrastructure?
Another idea is also to look for a top 10 solutions for Web Applications and have some guidance system when selecting countermeasures.