Netherlands Previous Events 2006

From OWASP
Revision as of 10:34, 20 December 2008 by Martinknobloch (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Netherlands events held in 2006

Meeting schedule 2006

This is an overview of the 2006 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.


March 9th 2006
----------
Time         : 17.30 - 21.30
Main Topic   : Workshop: Architectural and design risk analysis
Presentations: Improving Security in the Application Development Life-cycle, Migchiel de Jong 
Location     : Getronics PinkRoccade - Fauststraat 1, 7323 BA Apeldoorn 
Sponsor      : Getronics PinkRoccade 

Meeting minutes March 9th 2006

On 9 march, the second meeting of OWASP Netherlands local chapter took place. GetronicsPinkRoccade provided the venue, in their luxury conference centre: Connection I.

Agenda:
18.00 - 18.45 Check-In (bread & drinks)
18.45 - 19.00 Opening
19.00 - 20.00 Improving Security in the Application Development Life-cycle, Migchiel de Jong
20.00 - 20.15 Coffee break
20.15 - 22.00 Form focus groups

The presentation of Migchiel de Jong was found very interesting by the audience. At the end of his presentation, he demonstrated a static code analysis of the OWASP webgoat application.

After the coffee break, the attendances started discussing about the largest common topics of interest in the web application security field, in relation to the OWASP Netherlands chapter. As a result, the following focus groups are formed:

Testing
The current OWASP Testing project and the Open Source Security Testing Methodology Manual of ISECOM, provide guidelines and best practices for testers. These guidelines can be used to formalize a standard structure and a set of minimum requirements for a security test. Clients could ask a tester to adhere to these guidelines.
A second idea is to standardize the testing results management report. In practice, testing could result in piles of paper with all the findings. The real value is reporting it in a usable way. For example: mapping technical findings to business risks.

Frans v. Buul
Peter Gouwentak
Arthur Donkers
Eelco Klaver
Migchiel de Jong
Mario de Boer

First focus group meeting: Monday 27 march, 18:00h, PwC Utrecht


Public Relations
This focus group will try to make business aware of the security impact that developing, hosting and using web applications has. What OWASP is and how OWASP can help. This can be done by giving presentations, writing papers and articles, word of mouth, etc. etc.

Remco Bakker
Ronald Eygendaal
Bas van Vossen
Edwin van Vliet
Eelco Klaver

First presentation of OWASP materials: Edwin van Vliet, TestNet - Voorjaarsevenement, 5 april
First focus group meeting: To be planned!


Education
OWASP and universities/schools could benefit from working together. For example:
- OWASP provides lot's of materials usable in colleges.
- Develop OWASP training course.
- Students can participate in OWASP projects
- OWASP can provide a platform for supporting research. Such as thesis projects, etc.
- OWASP representatives could provide guest colleges.

Ronald Eygendaal
Erik Poll
Bas van Vossen
Edwin van Vliet

First focus group meeting: To be planned!

The presentation is available here:
Media:OWASP_NL_Fortify_Software.pdf

Meeting March 9th 2006: Second meeting of the OWASP Netherlands local chapter!

In this second meeting focus groups are to be formed, to discuss common problems, develop and research common solutions in a vendor neutral environment. So this is a very good opportunity to get in contact with others, to exchange knowledge and experiences on specific topics.

For every focus group the following questions has to be answered:
1. Which specific topic is to be addressed?
2. What are the deliverables?
3. What is the relation to OWASP? (Current projects, materials, expertise and knowledge interchange, etc.)
4. Who is the central contact of the subgroup?

It would be nice to have a bigger and more diverse group, compared to the first meeting. So let's recall: "Please, bring at least one friend, next time." And don't hesitate to send this announcement to everybody who may be interested!

We thank Getronics PinkRoccade for offering us a venue:
Getronics PinkRoccade
Fauststraat 1
7323 BA Apeldoorn

The agenda:
18.00 - 18.30 Check-In
18.30 - 18.45 Opening
18.45 - 19.30 Improving Security in the Application Development Life-cycle, Migchiel de Jong
19.30 - 20.00 Collecting focus group initiatives
19.45 - 20.00 Coffee break
20.00 - 21.00 Form focus groups

Presentation Abstract
Rather than spending large amounts of time and money on proving that we have security vulnerabilities after programs go into production, companies should go to the source and correct vulnerabilities as early as possible in the development stage. It is unquestionably faster, simpler, and cheaper for developers to correct vulnerabilities as they build programs.
But how can development management ensure that developers focus on security when there is no time or budget for security at the development stage? Even with the correct focus, how can they learn what to look for? How can they stay ahead of the dedicated and resourceful hacker?
The answer is effective processes and better tools. With advanced software security tools, a developer can pinpoint vulnerabilities in a matter of seconds — the same vulnerabilities that would take a hacker or manual code reviewer weeks or even months to find. These same tools can give development and information security managers useful metrics on application vulnerabilities before they are released into deployment.
This talk will walk through the Application Development Life-Cycle and discuss how tools can help come to grips with software security issues in a particular phase.

About the presenter
Migchiel de Jong has developed hardware and software for 10 years before joining Rational Software. During the 5 years at Rational Software (later acquired by IBM) he was involved in many software development process improvement projects. Currently Migchiel de Jong is working at Fortify Software, Palo Alto, California, as a software security engineer.

If you want to attend send an email to owasp@irc2.nl. Please don't wait, 9 march is not that long anymore!

All OWASP chapter meetings are free, there are never vendor pitches or sales presentations at OWASP meetings.

NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits.