Netherlands September 22nd, 2016
September 22nd, 2016
Radboud University Nijmegen
Beta-faculty Huygensgebouw Heyendaalseweg 135, 6525 AJ Nijmegen Parkeergarage P11
- 18:30 - 19:00 Registration & Pizzas
- 19:00 - 19:15 OWASP Netherland and Foundation Updates
- 19:15 - 20:00 Handling of Security Requirements in Software Development Lifecycle, Daniel Kefer, René Reuter
- 20:00 - 20:15 break
- 20-15 - 21:00 Hacking the OWASP Juice Shop, Björn Kimminich
- 21:00 - 21:30 Networking
Handling of Security Requirements in Software Development Lifecycle
The bigger the company you're working in, the more technologies and methodologies used by development teams you are going to face. At the same time, you want to address security risks in an appropriate, reliable and measurable way for all of them.
After a short introduction of a unified process for handling security requirements in a large company, the main part of the talk is going to focus on a tool called SecurityRAT (Requirement Automation Tool) which has been developed in order to support and accelerate this process. The goal of the tool is first to provide a list of relevant security requirements according to properties of the developed software, and afterwards to handle these in a mostly automated way - integration with an issue tracker being used as a core feature.
The tool was open sourced in May 2016 (available at https://github.com/SecurityRAT) and is continuously being further developed since then. The newest implemented features, work in progress and future plans will form the last part of the talk.
Hacking the OWASP Juice Shop
In this talk I will show why and how the app was created followed by a demo how to hack it. Prepare for some nasty XSS, SQLI and CSRF flaws bundled with some seriously broken access control and business logic - all in one single application!
1&1 Mail & Media Development & Techhnology GmbH, Head of Application Security
Daniel Kefer has been working in the application security field since 2007. Having started as a penetration tester, he soon became passionate about proactive security efforts and working closely with developers. Since 2011 he has been working for 1&1 where he focuses on design and continuous improvement of the internal secure SDLC process and its implementation in different development departments. Apart from 1&1, he also works as a volunteer for the OWASP OpenSAMM project.
Robert Bosch GmbH, IT Security Consultant
René Reuter is a security engineer with over 4 years of experience in the application security field. At Robert Bosch GmbH, he works as an IT Security Consultant responsible for identifying vulnerabilities and design flaws that may impact Robert Boschs' applications and infrastructure. René holds a Master's Degree in Computer Science from the University of Applied Sciences Karlsruhe.
Björn Kimminich is working in the area of software development for Kuehne + Nagel for over 8 years where he is now responsible for Global IT Architecture. His most sophisticated Open Source work is the intentionally insecure web application Juice Shop, which just recently was accepted as an OWASP Tool Project. As a side job he lectures software development at the UAS Nordakademie where he teaches Java to engineering students as their first programming language.
- The OWASP Netherlands Chapter is sponsored by