Difference between revisions of "Netherlands Previous Events 2013"

From OWASP
Jump to: navigation, search
(Added Meeting details January 31st 2013)
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Netherlands]] events held in 2013
+
;[[Netherlands | OWASP Netherland Wiki]]  
 +
{|class="wikitable" border="1" style="text-align:center;"|
 +
! width="300" | Date
 +
! width="350" | Link
 +
! width="300" | Flyer
 +
|- align="center"
 +
| January 31st, 2013  
 +
| [[Netherlands January 31, 2013 | Agenda]]
 +
|
 +
|- align="center"
 +
| March 7th, 2013
 +
| [[Netherlands March 7, 2013 | Agenda]]
 +
| [[Media:OWASP Netherlands Chapter Meeting 2013-03-07.pdf | flyer]]
 +
|- align="center"
 +
| March 13th, 2013
 +
| [[Netherlands March 13, 2013 | Agenda]]
 +
| [[Media:OWASP Netherlands Chapter Meeting 2013-03-13.pdf | flyer]]
 +
|- align="center"
 +
| April 10th, 2013
 +
| [[Netherlands April 10, 2013 | Agenda]]
 +
| [[Media:OWASP Netherlands Chapter Meeting 2013-04-10.pdf | flyer]]
 +
|- align="center"
 +
| May 14, 2013
 +
| [[Netherlands May 14, 2013 | Agenda]]
 +
| [[Media:OWASP Netherlands Chapter Meeting 2013-04-10.pdf | flyer]]
 +
|- align="center"
 +
| June 20th, 2013
 +
| [[EUTour2013_Netherlands_Agenda | The Dutch OWASP European Tour 2013 Event]]
 +
| [[Media:OWASP Netherlands Chapter Meeting 2013-06-20.pdf | flyer]]
 +
|- align="center"
 +
| July 31st to August 4th
 +
| [https://ohm2013.org/wiki/Village:OWASP OWASP Village @ OHM2013]
 +
|
 +
|- align="center"
 +
| October 31st, 201
 +
| [[Netherlands October 31, 2013 | Agenda]]
 +
| [[Media:OWASP Netherlands Chapter Meeting 2013-10-31.pdf | flyer]]
 +
|- align="center"
 +
| November 29th
 +
| [https://www.owasp.org/index.php?title=BeNeLux_OWASP_Day_2013 OWASP Benelux Conference in the Netherlands!]
 +
|
 +
|}
  
= March 13, 2013 =
+
;[[Netherlands October 31, 2013]]
'''The Annual OWASP Netherlands Black Hat Edition Chapter meeting'''
+
*[[Netherlands_October_31,_2013#Third_Party_Java_Libraries_for_Secure_Development - Jim Manico]] - [[Media:Top_10_Java_Defenses_for_Website_Security-Jim_Manico.pdf | Download the presentation as PDF]]
:Every year around Black Hat Europe we try to get Internationally well know speakers to talk at a Chapter Meeting. This year Colin Watson and Georgia Weidman are on the agenda!
+
*[[Netherlands_October_31,_2013#From_the_Trenches:_Real-World_Agile_SDLC - Chris Eng & Ryan O’Boyle]] - [[Media:Agile SDLC v1.1 - OWASP NL.pdf | Download the presentation as PDF]]
:This chaptermeeting will be about web application logging, Access Control Design and the all new OWASP Cornucopia.
+
;[[EUTour2013#tab.3DNetherlands | OWASP Europe Tour - The Netherlands 2013]]
 
+
* The OWASP Zed Attack Proxy (ZAP) - [[User:Simon_Bennetts |Simon Bennetts]] - [[Media:OWASP_2013_EU_TOUR.pdf | Download the presentation as PDF]]
==Programme:==
+
* Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead - [[User:EoinKeary |Eoin Keary]] - [[Media:OWASP_EU_-_Tour_2103-abridged-Ned.pdf | Download the presentation as PDF]]
:18:30 - 19:15 Registration & Pizza
+
* Secure Coding, some simple steps help - [[User:Steven_van_der_Baan |Steven van der Baan]] - [[Media:OWASP_EU_Tour_2013_-_Secure_Coding.pdf | Download the presentation as PDF]]
:19:15 - 19:35 "Record It" - Colin Watson
+
;[[Netherlands May 14, 2013]]
:19:35 - 19:40  Break
+
*[[Netherlands_May_14,_2013#Securing_Password_Storage_-_Increasing_Resistance_to_Brute_Force_Attacks|Securing Password Storage - Increasing Resistance to Brute Force Attacks - Tiago Teles]]
:19:40 - 20:25  “The smartphone penetration testing framework”- Georgia Weidman
+
:[https://github.com/jsteven/psm/tree/master/presentations The presentation (with and without notes) can be found here]
:20:25 - 20:30  Break
+
*[[Netherlands_May_14,_2013#Neutralizing_Peer-to-Peer_Botnets|Neutralizing Peer-to-Peer Botnets - Dennis Andriesse]] - ([[Media:Owaspnl_zeus-owasp-2013‎.pdf | Download the presentation as PDF]])
:20:30 - 21:00  OWASP Cornucopia - Colin Watson
+
;[[Netherlands April 10, 2013]]
:21:00 - 21:30  Networking
+
*[[Netherlands_April_10,_2013#Access_Control_Design_Best_Practices|Access Control Design Best Practices - Jim Manico]] - ([[Media:Owaspnl-jimmanico-toptendefensesv8.pdf‎ | Download the presentation as PDF]])
 
+
*[[Netherlands_April_10,_2013#RESTful_web_services.2C_the_web_security_blind_spot|RESTful web services, the web security blind spot - Ofer Shezaf]] - ([[Media:Owaspnl-oferschezaf-securitytestingforrestapplicationsv6april2013.pdf | Download the presentation as PDF]])
==Presentations==
+
;[[Netherlands March 13, 2013]]
===Record It!===
+
*[[Netherlands_March_13,_2013#Record_It.21|Record It - Colin Watson]] - ([[Media:Owaspnl-colinwatson-recordit.pdf | Download the presentation as PDF]])
Do you know security event information should be recorded by an application? Colin Watson will outline which event properties are useful, what should be avoided and how logging can be implemented. In this short presentation, the benefits of good application logging will also be described.
+
*[[Netherlands_March_13,_2013#The_smartphone_penetration_testing_framework|The smartphone penetration testing framework - Georgia Weidman]] - ([[Media:The_smartphone_penetration_testing_framework-Georgia_Weidman.pdf | Download the presentation as PDF]])
===The smartphone penetration testing framework===
+
*[[Netherlands_March_13,_2013#OWASP_Cornucopia|OWASP Cornucopia - Colin Watson]] - ([[Media:Owaspnl-colinwatson-cornucopia.pdf | Download the presentation as PDF]])
As smartphones enter the workplace, sharing the network and accessing sensitive data, it is crucial to be able to assess the security posture of these devices in much the same way we perform penetration tests on workstations and servers. However, smartphones have unique attack vectors that are not currently covered by available industry tools. The smartphone penetration testing framework, the result of a DARPA Cyber Fast Track project, aims to provide an open source toolkit that addresses the many facets of assessing the security posture of these devices. We will look at the functionality of the framework including information gathering, exploitation, social engineering, and post exploitation through both a traditional IP network and through the mobile modem, showing how this framework can be leveraged by security teams and penetration testers to gain an understanding of the security posture of the smartphones in an organization. We will also show how to use the framework through a command line console, a graphical user interface, and a smartphone based app. Demonstrations of the framework assessing multiple smartphone platforms will be shown.
+
;[[Netherlands March 7, 2013]]
===OWASP Cornucopia===
+
*[[Netherlands March 7, 2013#Incident_Respons_in_a_Cyberwar_context|Incident Respons in a Cyberwar context - Dennis Lemckert ]]
Microsoft's Escalation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for common web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide.
+
*[[Netherlands_March_7,_2013#Disclosure.2C_Prevention_is_better_than_to_cure|Disclosure - Lex Borger & André Koot ]]
==Speakers==
+
;[[Netherlands January 31, 2013]]:
===Colin Watson===
+
*[[Netherlands_January_31,_2013#The_Truth_about_the_e.dentifier2|The Truth about the e.dentifier2 - Erik Poll]]
Colin Watson is an application security consultant, based in London. He is project leader for the OWASP Codes of Conduct and OWASP Cornucopia projects, wrote the Application Logging Cheat sheet, contributes to a number of other OWASP projects including AppSensor,and is a member of the OWASP Global Industry Committee.
+
*[[Netherlands_January_31,_2013#OWASP_Update|OWASP Update - Martin Knobloch]]
===Georgia Weidman===
+
Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and Bsides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia recently founded Bulb Security LLC (http://www.bulbsecurity.com), a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.
+
= March 7, 2013 =
+
'''Incident Respons in a Cyberwar context and Responsible Disclosure'''
+
:This chaptermeeting will be about Incident respons in a cyberwar context and responsible disclosure.
+
==Programme:==
+
:18:30 - 19:00  Registration
+
:19:00 - 19:15  Welcome & Updates
+
:19:15 - 20:00  Incident Respons in a Cyberwar context - Dennis Lemckert
+
:20:00 - 20:15 Break
+
:20:15 - 21:00  Disclosure - Lex Borger & André Koot
+
==Presentations:==
+
===Incident Respons in a Cyberwar context===
+
Cyber Warfare is the new buzz in the IT security. However, is War to compare with today's interconnected world? Are breaches in Integrity, Continuity and Exclusivity similar to an attack on a state?
+
===Disclosure, Prevention is better than to cure===
+
In this presentation we explain what the background was behind our request to CPB to perform research of the Diagnostics for U case. We discuss recent incidents in healthcare (Henk Krol, the Groene Land Hospital), and the effects of the announcement for the companies involved. We will also discuss the practice of Responsible Disclosure (the initiatives of the NCSC and others) and the arise of Responsible Disclosure (Leak October and other hacks) and how companies can ensure that information is sufficiently protected against privacy leaks using data identification and classification.
+
==Speakers==
+
===Dennis Lemckert===
+
Dennis Lemckert is active in the IT world for almost 20 years. 12 Years thereof, he's operating in or around the IT security world. Some roles that at the time he has completed are: Pentester, Security Auditor, Security Architect, Incident Analyst, Security Analyst and Security
+
Advisor. During that time, Dennis has developed a no-nonsense approach on how to build, deliver and maintain secured environments.
+
However, telling others how to do something well, leaves Dennis little time to play with the latest and cool tools, so he spends most of his time writing documentation, both technical and non-technical, giving awareness training, providing training to both technical staff and management and analyzing and improving incident processes.
+
===Lex Borger===
+
Lex Borger is a consultant at Ideas to Interconnect (I-to-I). He has more than 20 years of experience in information security and system security. He was involved in the development of control systems, where he learned to apply security from within.
+
Gradually he broadened his view of information security to the entire field. Most of his experience he has gained in the United States of America. Lex is editor of the journal PvIB "Information"
+
===André Koot===
+
André Koot's Security Consultant with expertise in Identity Management and Access Control.
+
He is also editor of the PvIB journal "Information", trainer and lecturer at the International Management Forum, member EXIN examination committee, NL Chapter Board member CSA and Advisory Board member IDentity.Next. Previously, André worked for the IRS, and Unive VGZ.
+
 
+
= January 31, 2013 =
+
'''Broken Online Strong Authentication and OWASP update'''
+
:This chaptermeeting will be about broken online strong authentication with banking web applications and OWASP updates.  
+
==Programme:==
+
:18:30 - 19:00  Registration
+
:19:00 - 19:45  The Truth about the e.dentifier2 - Erik Poll
+
:19:45 - 20:00  Break
+
:20:00 - 20:45  OWASP Update - Martin Knobloch
+
:20:45 - 21:30  Networking
+
==Presentations==
+
===The Truth about the e.dentifier2===
+
We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device – a smartcard reader with a display and numeric keyboard – to authorise transactions with their bank card and PIN code. Such a set-up could provide a very strong defence against online attackers, notably Man-in-the-Browser attacks, where an attacker controls the browser and host PC. However, we show that the system we studied is  flawed: an attacker who controls an infected host PC can get the smartcard to sign transactions that the user does not explicitly approve, which is precisely what the device is meant to prevent.
+
===OWASP Update===
+
News and updates on OWASP BeneLux 2013, OWASP Dutch Chapter meetings, AppSec EU 2013, OWASP Connector, the OWASP Newsletter and new OWASP initiatives.
+
==Speakers==
+
===Erik Poll===
+
Erik works in the Digital Security group of the Radboud University on a range of topics in security, including smartcards, security protocols, software security, and critical infrastructures (esp. the smart grid).
+
===Martin Knobloch===
+
Martin Knobloch is member of the Dutch chapter board and chair of the Global Education Committee. Next to this he contributes to several projects as the OWASP Education Project and the OWASP Academy Portal.
+
Martin is an independent security consultant and owner of PervaSec. His main working area is (software) security in general, from awareness to implementation. In his daily work, Martin is responsible for education in application security matters, advise and implementation of application security measures.
+

Latest revision as of 11:46, 21 January 2014

OWASP Netherland Wiki
Date Link Flyer
January 31st, 2013 Agenda
March 7th, 2013 Agenda flyer
March 13th, 2013 Agenda flyer
April 10th, 2013 Agenda flyer
May 14, 2013 Agenda flyer
June 20th, 2013 The Dutch OWASP European Tour 2013 Event flyer
July 31st to August 4th OWASP Village @ OHM2013
October 31st, 201 Agenda flyer
November 29th OWASP Benelux Conference in the Netherlands!
Netherlands October 31, 2013
OWASP Europe Tour - The Netherlands 2013
Netherlands May 14, 2013
The presentation (with and without notes) can be found here
Netherlands April 10, 2013
Netherlands March 13, 2013
Netherlands March 7, 2013
Netherlands January 31, 2013