EUTour2013 Netherlands Agenda
OWASP EUROPE TOUR 2013
OWASP Europe Tour - The Netherlands 2013
'Thursday, June 20th (Conference)
| OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
| During the OWASP Europe Tour you could become a member and support our mission.|
CONFERENCE (Thursday, June 20th)
|Thursday, June 20th|| Hogeschool van Amstedam
Venue Address: Duivendrechtsekade 36-38, 1096 AH Amsterdam
| Flyer (pdf A4 format)|
Poster(pdf A3 format)
|Price and registration|
| This event is FREE |
Registration Link to the Europe Tour: Click here
| 05:45 PM
|Registration - Sandwiches and drinks provided|
| 06:15 PM
|Opening||Ferdinand Vroom & Martin Knobloch||Welcome and OWASP News|
| 6:30 PM
|The OWASP Zed Attack Proxy (ZAP)|| Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them.
He now works for Mozilla as part of their security team, is the OWASP ZAP project lead and has contributed to many other open source security projects.
| The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. It is also community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.
| 07:15 PM
| 07:30 PM
|Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead||Eoin Keary, CTO and founder of BCC Risk Advisory Ltd.|| "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein|
We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex?
| 08:15 PM
|Secure Coding, some simple steps help||Steven van der Baan is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions. He can also design a solution that fits the wishes of the client. Steven is determined, steadfast and critical, likes to work in teams, but is capable to work on his own. He is always willing to share his knowledge and help his colleagues. Steven follows the latest developments in the security field to keep his knowledge up to date.|| Secure coding is often perceived as difficult and complex.
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.
|09:00 PM to 09:30 PM||Networking|