Bkoelewijn: chapter meeting OWASP-NL chapter on Oktober 27th 2008

chapter meeting OWASP-NL chapter on Oktober 27th 2008

2007-12-05T09:51:22Z

Bkoelewijn: ps_testware logo (OWASP Netherlands meeting sponsor)

ps_testware logo (OWASP Netherlands meeting sponsor)

Netherlands

2007-12-03T15:49:30Z

Bkoelewijn: /* Meeting schedule 2007 */

Netherlands

2007-11-29T11:43:43Z

Bkoelewijn: /* Meeting schedule 2007 */

OWASP Community

File:OWASP NL Fortify Software.pdf

2006-11-25T13:28:31Z

Bkoelewijn: Presentation at the second OWASP NL meeting.

Presentation at the second OWASP NL meeting.

File:OWASP NL Top Ten Web Application Vulnerabilities in J2EE.pdf

2006-11-25T13:27:07Z

Bkoelewijn: Presentation at the first OWASP NL meeting.

Presentation at the first OWASP NL meeting.

File:OWASP NL Veilige Web App Boven Alles.pdf

2006-11-25T13:23:50Z

Bkoelewijn: Presentation at the first OWASP NL meeting.

Presentation at the first OWASP NL meeting.

Netherlands

2006-05-25T11:50:33Z

Bkoelewijn:

{{Chapter Template|chaptername=Netherlands|leaderemail=owasp@irc2.nl|leadername=Bert Koelewijn|mailinglistsite=http://lists.sourceforge.net/lists/listinfo/owasp-netherlands/}}

== OWASP Netherlands meeting minutes ==

On 9 march, the second meeting of OWASP Netherlands local chapter took place. GetronicsPinkRoccade provided the venue, in their luxury conference centre: Connection I. 
 
Agenda: 
18.00 - 18.45 Check-In (bread & drinks) 
18.45 - 19.00 Opening 
19.00 - 20.00 Improving Security in the Application Development Life-cycle, Migchiel de Jong 
20.00 - 20.15 Coffee break 
20.15 - 22.00 Form focus groups 
 
The presentation of Migchiel de Jong was found very interesting by the audience. At the end of his presentation, he demonstrated a static code analysis of the OWASP webgoat application. 
 
After the coffee break, the attendances started discussing about the largest common topics of interest in the web application security field, in relation to the OWASP Netherlands chapter. As a result, the following focus groups are formed: 
 
Testing 
The current OWASP Testing project and the Open Source Security Testing Methodology Manual of ISECOM, provide guidelines and best practices for testers. These guidelines can be used to formalize a standard structure and a set of minimum requirements for a security test. Clients could ask a tester to adhere to these guidelines. 
A second idea is to standardize the testing results management report. In practice, testing could result in piles of paper with all the findings. The real value is reporting it in a usable way. For example: mapping technical findings to business risks. 
 
Frans v. Buul 
Peter Gouwentak 
Arthur Donkers 
Eelco Klaver 
Migchiel de Jong 
Mario de Boer 
 
First focus group meeting: Monday 27 march, 18:00h, PwC Utrecht 
 
 
Public Relations 
This focus group will try to make business aware of the security impact that developing, hosting and using web applications has. What OWASP is and how OWASP can help. This can be done by giving presentations, writing papers and articles, word of mouth, etc. etc. 
 
Remco Bakker 
Ronald Eygendaal 
Bas van Vossen 
Edwin van Vliet 
Eelco Klaver 
 
First presentation of OWASP materials: Edwin van Vliet, TestNet - Voorjaarsevenement, 5 april 
First focus group meeting: To be planned! 
 
 
Education 
OWASP and universities/schools could benefit from working together. For example: 
- OWASP provides lot's of materials usable in colleges. 
- Develop OWASP training course. 
- Students can participate in OWASP projects 
- OWASP can provide a platform for supporting research. Such as thesis projects, etc. 
- OWASP representatives could provide guest colleges. 
 
Ronald Eygendaal 
Erik Poll 
Bas van Vossen 
Edwin van Vliet 
 
First focus group meeting: To be planned! 
 
The presentation is available here: 
http://www.owasp.org/docroot/owasp/misc/FortifySoftwareOWASPChapterPresent_NL.pdf 

== 9 March: Second meeting of the OWASP Netherlands local chapter! ==

In this second meeting focus groups are to be formed, to discuss common problems, develop and research common solutions in a vendor neutral environment. So this is a very good opportunity to get in contact with others, to exchange knowledge and experiences on specific topics. 
 
For every focus group the following questions has to be answered: 
1. Which specific topic is to be addressed? 
2. What are the deliverables? 
3. What is the relation to OWASP? (Current projects, materials, expertise and knowledge interchange, etc.) 
4. Who is the central contact of the subgroup? 
 
It would be nice to have a bigger and more diverse group, compared to the first meeting. So let's recall: "Please, bring at least one friend, next time." And don't hesitate to send this announcement to everybody who may be interested! 
 
We thank Getronics PinkRoccade for offering us a venue: 
Getronics PinkRoccade 
Fauststraat 1 
7323 BA Apeldoorn 
 
The agenda: 
18.00 - 18.30 Check-In 
18.30 - 18.45 Opening 
18.45 - 19.30 Improving Security in the Application Development Life-cycle, Migchiel de Jong 
19.30 - 20.00 Collecting focus group initiatives 
19.45 - 20.00 Coffee break 
20.00 - 21.00 Form focus groups 
 
Presentation Abstract 
Rather than spending large amounts of time and money on proving that we have security vulnerabilities after programs go into production, companies should go to the source and correct vulnerabilities as early as possible in the development stage. It is unquestionably faster, simpler, and cheaper for developers to correct vulnerabilities as they build programs. 
But how can development management ensure that developers focus on security when there is no time or budget for security at the development stage? Even with the correct focus, how can they learn what to look for? How can they stay ahead of the dedicated and resourceful hacker? 
The answer is effective processes and better tools. With advanced software security tools, a developer can pinpoint vulnerabilities in a matter of seconds — the same vulnerabilities that would take a hacker or manual code reviewer weeks or even months to find. These same tools can give development and information security managers useful metrics on application vulnerabilities before they are released into deployment. 
This talk will walk through the Application Development Life-Cycle and discuss how tools can help come to grips with software security issues in a particular phase. 
 
About the presenter 
Migchiel de Jong has developed hardware and software for 10 years before joining Rational Software. During the 5 years at Rational Software (later acquired by IBM) he was involved in many software development process improvement projects. Currently Migchiel de Jong is working at Fortify Software, Palo Alto, California, as a software security engineer. 
 
If you want to attend send an email to owasp@irc2.nl. Please don't wait, 9 march is not that long anymore! 
 
All OWASP chapter meetings are free, there are never vendor pitches or sales presentations at OWASP meetings. 
 
NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits. 

== OWASP Netherlands kick-off meeting minutes ==

On 17 November, OWASP Netherlands had it's first meeting. We moved to a bigger location, the Mercure hotel in Nieuwegein, to host all the 35 attendees. 
 
The agenda: 
18.00 - 18.30 Check-In (bread & drinks) 
18.30 - 18.45 Chapter opening 
18.45 - 19.30 Presentation - 'Top tien web applicatie kwetsbaarheden in J2EE', Eelco Klaver 
19.30 - 19.45 Presentation - 'Veilige webapplicaties boven alles', Mike Wardi 
19.45 - 20.00 Coffee break 
20.00 - 21.00 Discussion - About the OWASP Netherlands local chapter 
 
The discussion took place in a 'round table' session, where all attendees were able to take part. The focus of the discussion was how to give the OWASP Netherlands local chapter additional value, next to the OWASP project. What the goals and tasks will be. And which actions will have to be taken at short term. 
Different people have interest in different subjects. In general meetings there is no time to address all subjects and address them specific enough. Therefore subgroups can be formed, focusing on specific topics. They can have their own communication channel and meetings, but should keep close contact with the OWASP body. 
 
An inventarisation: 
 
Discussion Topics 
- Awareness: writing articles, press publications, interviews 
- Education: contact universities, schools and their common boards. Develop and gather education materials. 
- General: discuss ideas for OWASP NL 
 
Focusgroup Topics 
- (dutch) metrics project 
- (dutch) legal project 
- standard framework for pentest reports 
- safe outsourcing 
 
Actions that should be taken on short term are: 
- provide communication channels 
- plan next (sub)meetings 
- start discussions and focusgroups 
 
The presentations are available here: 
 
http://www.owasp.org/docroot/owasp/misc/OWASP-TopTenWebApplicationVulnerabilities_in_J2EE.pdf 
http://www.owasp.org/docroot/owasp/misc/veilige_web_app_boven_alles.ppt 
http://www.owasp.org/docroot/owasp/misc/Introduction_to_OWASP_NL.ppt 

== You are welcome to the OWASP Netherlands local chapter kick-off meeting! ==

Thursday, November 17th (2005) at 18.00h. 
 
ATTENTION! Because of the large amount of attendees, the location has changed: 
 
Hotel Mercure Utrecht/Nieuwegein 
Buizerdlaan 10 
3435 SB NIEUWEGEIN 
Tel: 00 31 (0) 30 60 84 122 
Fax: 00 31 (0) 30 60 38 374 
 
This first meeting will be an introduction to the OWASP. A constructive discussion will be held about the actual form of the OWASP Netherlands local chapter. 
 
The agenda: 
18.00 - 18.30 Check-In (bread & drinks) 
18.30 - 18.45 Chapter opening 
18.45 - 19.30 Presentation - 'Top tien web applicatie kwetsbaarheden in J2EE', Eelco Klaver 
19.30 - 19.45 Presentation - 'Veilige webapplicaties boven alles', Mike Wardi 
19.45 - 20.00 Coffee break 
20.00 - 21.00 Discussion - About the OWASP Netherlands local chapter 
 
About the presenters 
 
Eelco Klaver 
Eelco Klaver is a senior consultant for Xebia IT Architects, since 2003. Doing software reviews, security audits and giving security workshops are part of his job. He has almost 10 years experience with developing enterprise applications in J2EE for different employees. At the moment, Eelco is the front man of the security business unit for Xebia, focussing on the security aspects of enterprise applications build on J2EE. 
 
Mike Wardi 
Mike Wardi is an internet application manager for a financial institute. He's responsible for the safety of internet applications provided to customers and the implementation of the security policies in software developement. 
 
 
If you want to attend, please send an email to owasp-nl@ascure.com or the mailing list. 
 
All OWASP chapter meetings are free! There are never vendor pitches or sales presentations at OWASP meetings. 
 
NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits.