OWASP - User contributions [en]

Luxembourg

2018-03-26T10:31:27Z

Jocelyn.aubert: add OWASP BeNeLux Day 2017

{{Chapter Template|chaptername=Luxembourg|extra=The chapter leader is [mailto:jocelyn.aubert@owasp.org Jocelyn Aubert]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-luxemburg|emailarchives=http://lists.owasp.org/pipermail/owasp-luxemburg/}}

<paypal>Luxembourg</paypal>

== Local News ==

Join our [http://www.linkedin.com/groups?gid=1781989&trk=anetsrch_name&goback=.gdr_1238414238580_1 LinkedIn group]!

=== OWASP BeNeLux Day 2017 ===

We are proud to announce the dates of the next edition of BeNeLux OWASP Day! The event will take place on 23 (trainings) and 24 (conference) November 2017, in Tilburg - The Netherlands.

See [[OWASP_BeNeLux-Day_2017]] for more details.

=== OWASP BeNeLux Day 2016 - II ===

We are proud to announce the dates of the next edition of BeNeLux OWASP Day! The event will take place on 24 (trainings) and 25 (conference) November 2016, in Leuven - Belgium.

See [[BeNeLux OWASP Day 2016-2]] for more details.

=== OWASP BeNeLux Day, March 17 & 18, 2016 in Esch-sur-Alzette, Luxembourg ===

We are proud to announce that like in 2011, the OWASP BeNeLux Day will be held in Belval Campus, Esch-sur-Alzette, Luxembourg.
More information on [http://www.owaspbenelux.eu www.owaspbenelux.eu]!

=== OWASP AppSecEU 2015, 19-22 May 2015, Amsterdam, The Netherlands ===
The Luxembourg chapter is co-organizing together with Belgium and Netherlands chapters this amazing conference to be held in Amsterdam this spring!
More information on the [http://2015.appsec.eu conference website.]

Hope to see you there!

=== French translation of Top Ten ===
The Luxembourg chapter, in collaboration with other volunteers (French and Swiss) is currently involved in the French translation of the OWASP Top Ten for 2013 (available in release candidate here: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]).

The final version of Top Ten should be available in May, and the French version should be available a few days after the release of the original version.
The document is usually translated into different languages (German, Spanish, Italian, Chinese, etc.)

People potentially interested to contribute to the German translation, can contact the [[OWASP_German_Language_Project]].

=== OWASP BeNeLux Day 2011, December 1st & 2nd 2011 @ University of Luxembourg ===

We are proud to announce that OWASP BeNeLux Day 2011 will take place on December 1st & 2nd 2011 at the University of Luxembourg.

*'''December 1st 2011: Training Day'''

OWASP Training: Secure Application Development, by Eoin Keary This intensive one-day training focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The training will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code

 

*'''December 2nd 2011: Conference Day'''

List of confirmed speakers (more to be announced soon):

*Brenno De Winter (Journalist) on the Diginotar story
*Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
*Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
*Lieven Desmet (Research Manager at University Leuven) on HTML5 security
*Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
*Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
*Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
*Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update

 For more information and updates, please check out [http://www.owaspbenelux.eu/ www.owaspbenelux.eu]

Interested in sponsoring the event and the Luxembourg Chapter in 2012? Please contact Jocelyn Aubert (Jocelyn.Aubert[at]owasp.org)! 

 

=== OWASP @ [http://www.yajug.org/ YAJUG] (Java User Group, Luxembourg) ===

The Luxembourg Chapter will participate to the next YAJUG (Java User Group, Luxembourg) event:

'''YAJUG - How to Secure your Java Applications''' ''Wednesday, May 27th 2009 - 17:45''

[http://www.tudor.lu Centre de Recherche Public Henri Tudor] - 29, avenue John F. Kennedy - L-1855 Luxembourg-Kirchberg

Agenda:

*17h45 - Welcome and registration
*18h00 - Introduction to Cryptography with JCA and JCE, Sébastien Stormacq, Sun Microsystems (French, slides in English)
*19h15 - [http://www.owasp.org/images/b/bb/2009-05-27_owasp%40yajug.ppt OWASP Top 10 Security Breaches for Java Web Applications], Jocelyn Aubert, OWASP-LU (French, slides in English)
*20h30 - Drink

The whole program is available on [http://www.yajug.org/confluence/display/Public/Future+Events YAJUG website].

'''Note:''' This event is NOT an OWASP event! You have to register on YAJUG website (fee: 40 euros).

=== OWASP @ [http://www.c3l.lu/ C3L] (Chaos Computer Club Lëtzebuerg) ===

''Monday, April 6th 2009'' - 20:00 (...until late in the night)

Brasserie [http://www.seppl.lu/ Seppl] (Club-Room) - Luxembourg-Limpertsberg

Agenda:

*15 minutes intro OWASP Luxembourg Chapter
*remaining time - Technical Chaos regarding OWASP

== Chapter Board ==

The Luxembourg chapter is supported by the following board:

*ADELSBACH André
*AUBERT Jocelyn
*DULAUNOY Alexandre
*RIGHETTO Dominique
*STEICHEN Pascal
*ZOLLER Thierry

== Chapter Sponsors ==
OWASP Luxembourg thanks its structural chapter supporters: 
<center>
[[Image:Bnl11-SECURITYANDTRUST-LOGO.jpg|link=http://www.securityandtrust.lu]]
[[Image:Logocircl.png|link=http://circl.lu/]]
[http://www.vest.nl https://www.owasp.org/images/6/67/Vest.jpg]
[https://secwatch.nl https://www.owasp.org/images/f/ff/Secwatch_logo_small.png]
[[File:Avi Logo Transparent Background 300pix.png|200px|link=https://avinetworks.com/]]

[[Category:Europe]]

OWASP BeNeLux-Day 2017

2017-08-20T20:20:46Z

Jocelyn.aubert: Change the header...

<center>[[Image:Header-BNL-2017.png]] </center>

 


= Information =
== Confirmed speakers Conference ==
{{#switchtablink:Conferenceday|
* speaker > Closing keynote: The Future of Security
}}
== OWASP BeNeLux conference is free, but registration is required! ==


== The OWASP BeNeLux Program Committee ==
*Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
*Martin Knobloch, OWASP Netherlands
*Jocelyn Aubert, OWASP Luxembourg
 

== Tweet! ==
Event tag is [http://twitter.com/#search?q=%23owaspbnl17 #owaspbnl17]
 
== Donate to OWASP BeNeLux ==
[https://co.clickandpledge.com/?wid=72689 Donate]



= Registration =

== OWASP BeNeLux conference is free, but registration is required! ==

== OWASP BeNeLux training is reserved for OWASP members, and registration is required! ==
To support the OWASP organisation, we ask training attendees to become an OWASP member, it's only US$50!
Students and faculty are invited to become member as well, but can freely attend.
Check out the [[Membership]] page to find out more.


 
To support the OWASP organisation, consider to become a member, it's only US$50!
 
Check out the [[Membership]] page to find out more.
 



= Venue =

== Venue ==

=== How to reach the venue? ===

=== Hotel nearby ===



= Trainingday =
=== Trainingday is November 23rd ===

== Location ==

== Agenda ==
{| class="wikitable"
! Time !! Description !! Room TBA !! Room TBA !! Room TBA
|-
| 08h30 - 9h30
| colspan="5" style="text-align: center; background: grey; color: white;" | ''Registration''
|-
| 09h30 - 11h00 || Training
| rowspan="7" style="width:100px;" | [[BeNeLux_OWASP_Day_2017#training name! | TBD]] by [[BeNeLux_OWASP_Day_2017#speaker name | TBD]]
| rowspan="7" style="width:100px;" | TBD
| rowspan="7" style="width:100px;" | TBD
|-
| 11h00 - 11h30 || ''Coffee Break''
|-
| 11h30 - 13h00 || Training
|-
| 13h00 - 14h00 || ''Lunch''
|-
| 14h00 - 15h30 || Training
|-
| 15h30 - 16h00 || ''Coffee Break''
|-
| 16h00 - 17h30 || Training
|}

== Trainings ==
=== training title ===
traning desciption


= Mobile Security Summit =
=== The Mobile Security Summit is taking place parallel to the trainings, November 23rd ===


= Conferenceday =
=== Conferenceday is November 24th ===

== Agenda ==
{| class="wikitable"
! width="120pt" | Time
! width="190pt" | Speaker
! width="400pt" | Topic
! width="100pt" | Slides
|-
| 08h30 - 09h00
| colspan="3" style="text-align: center; background: grey; color: white" | ''Registration''
|-
| 09h00 - 09h15
| colspan="3" style="text-align: center; background: grey; color: white" | ''Opening''
|-
| 09h15 - 10h00 || [[BeNeLux_OWASP_Day_2017#speaker name | speaker name]]
|| [[BeNeLux_OWASP_Day_2017#talk title]]
|| 
|-
| 10h00 - 10h45 || TBD
|| TBD
||
|-
| 10h45 - 11h15
| colspan="3" style="text-align: center;background: grey; color: white" | ''Morning Break''
|-
| 11h15 - 12h00 ||TBD
|| TBD
||
|-
| 12h00 - 12h45 || TBD
|| TBD
||
|-
| 12h45 - 13h45
| colspan="3" style="text-align: center;background: grey; color: white" | ''Lunch''
|-
| 13h45 - 14h30 || TBD
|| TBD
||
|-
| 14h30 - 15h15 || TBD
|| TBD
||
|-
| 15h15 - 15h45
| colspan="3" style="text-align: center;background: grey; color: white" | ''Break''
|-
| 15h45 - 16h30 || TBD
|| TBD
||
|-
| 16h30 - 17h15 || TBD
| TBD
| TBD
|| TBD
|-
| 17h15 - 17h30
| colspan="3" style="text-align: center;background: grey; color: white" | ''Closing''
|}

<div id="TBD"></div>

== Talks ==
=== talk title ===
Abstract
== Speakers ==
===speaker name===
Speaker bios

= Social Event =

== Social Event,starting at 7PM ==
TBD


= Sponsor =

=== Become a sponsor of OWASP BeNeLux ===

There are 3 combined sponsorship packages (Gold, Silver or Bronze) that cover the BeNeLux chapter meetings 2018 and the BeNeLux OWASP Days 2017 in Tilburg, the Netherlands.

Download our sponsor brochure TBD and contact [mailto:seba@owasp.org us] for questions or sponsorship confirmation!

Your sponsorship will be invested directly in the chapter meetings, supporting speaker and catering expenses.

The sponsorship will also be dedicated to cover the costs of the OWASP 2017 BeNeLux event.


= Call for Speakers =

== Call for Speakers ==

'''The call for Speakers is closed.
See you next year!'''

OWASP AppSec conferences are true security conferences with all talks and presentations focusing on various areas of information security. Topics should focus on the technical and social aspects of security, and should not contain marketing or sales pitches.

We encourage and prioritize submissions covering research and new work impacting:

* Secure development of web applications.
* Security testing of web applications.
* Security of DevOps processes, architectures, and tools.
* Security of applications designed for mobile devices.
* Security of Internet of Things devices and platforms.
* Cloud platform security
* Browser security
* HTML5 security
* OWASP tools or projects in practice

'''Terms'''

By your submission you agree to the OWASP [https://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement]. It requires that you use an OWASP [https://www.owasp.org/images/7/76/OWASP_Presentation_Template.zip presentation template] or other non-branded template. Presentations may not use company-themed decks or include a company logo except on the speaker bio slide. Failure to observe these requirements will result in talk removal.

All presentation slides will be published on the conference website. Pictures and other materials in presentations should not violate any copyrights. Presentation submitters are solely liable for copyright violations. You may choose any [http://creativecommons.org/licenses Creative Commons] license for your slides, including CC0. OWASP [http://creativecommons.org/licenses suggests the use of open licenses].

We will cover your travel expenses or costs for accommodations.

'''Deadlines'''

* Submission of proposal closes: 11 September, 2016 – 23:59
* Notification of acceptance: 2 October, 2016
* Conference Date: 25 November, 2016

'''Submission'''

To submit a proposal, please submit an abstract of your intended presentation (500 to 4000 characters), a brief biography (150 to 800 characters) and a headshot (combine multiple files in one zip file). Your planned presentation time is 40 minutes (excluding ~5 minutes for discussion and change of speaker). Feel free to attach a preliminary version of your presentation if available. Any proposal submitted is subject to a democratic vote by the program committee. Keep in mind: The better your description of the talk, the better picture the program committee will have to review your submission. Please proofread your submission; after approval your abstract, biography, and headshot will be published verbatim into the program and website.

Submission page: https://easychair.org/conferences/?conf=owaspbenelux162


__NOTOC__
<headertabs/>

=== Made possible by our {{#switchtablink:Sponsor|Sponsors}}===

'''Platinum'''
'''Gold:'''
'''Silver:'''
'''Bronze:'''

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

2016-02-13T18:54:30Z

Jocelyn.aubert: /* OWASP BeNeLux Day, March 17 & 18, 2016 in Esch-sur-Alzette, Luxembourg */

{{Chapter Template|chaptername=Luxembourg|extra=The chapter leader is [mailto:jocelyn.aubert@owasp.org Jocelyn Aubert]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-luxemburg|emailarchives=http://lists.owasp.org/pipermail/owasp-luxemburg/}}

<paypal>Luxembourg</paypal>

== Local News ==

Join our [http://www.linkedin.com/groups?gid=1781989&trk=anetsrch_name&goback=.gdr_1238414238580_1 LinkedIn group]!

=== OWASP BeNeLux Day, March 17 & 18, 2016 in Esch-sur-Alzette, Luxembourg ===

We are proud to announce that like in 2011, the OWASP BeNeLux Day will be held in Belval Campus, Esch-sur-Alzette, Luxembourg.
More information on [http://www.owaspbenelux.eu www.owaspbenelux.eu]!

=== OWASP AppSecEU 2015, 19-22 May 2015, Amsterdam, The Netherlands ===
The Luxembourg chapter is co-organizing together with Belgium and Netherlands chapters this amazing conference to be held in Amsterdam this spring!
More information on the [http://2015.appsec.eu conference website.]

Hope to see you there!

=== French translation of Top Ten ===
The Luxembourg chapter, in collaboration with other volunteers (French and Swiss) is currently involved in the French translation of the OWASP Top Ten for 2013 (available in release candidate here: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]).

The final version of Top Ten should be available in May, and the French version should be available a few days after the release of the original version.
The document is usually translated into different languages (German, Spanish, Italian, Chinese, etc.)

People potentially interested to contribute to the German translation, can contact the [[OWASP_German_Language_Project]].

=== OWASP BeNeLux Day 2011, December 1st & 2nd 2011 @ University of Luxembourg ===

We are proud to announce that OWASP BeNeLux Day 2011 will take place on December 1st & 2nd 2011 at the University of Luxembourg.

*'''December 1st 2011: Training Day'''

OWASP Training: Secure Application Development, by Eoin Keary This intensive one-day training focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The training will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code

 

*'''December 2nd 2011: Conference Day'''

List of confirmed speakers (more to be announced soon):

*Brenno De Winter (Journalist) on the Diginotar story
*Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
*Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
*Lieven Desmet (Research Manager at University Leuven) on HTML5 security
*Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
*Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
*Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
*Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update

 For more information and updates, please check out [http://www.owaspbenelux.eu/ www.owaspbenelux.eu]

Interested in sponsoring the event and the Luxembourg Chapter in 2012? Please contact Jocelyn Aubert (Jocelyn.Aubert[at]owasp.org)! 

 

=== OWASP @ [http://www.yajug.org/ YAJUG] (Java User Group, Luxembourg) ===

The Luxembourg Chapter will participate to the next YAJUG (Java User Group, Luxembourg) event:

'''YAJUG - How to Secure your Java Applications''' ''Wednesday, May 27th 2009 - 17:45''

[http://www.tudor.lu Centre de Recherche Public Henri Tudor] - 29, avenue John F. Kennedy - L-1855 Luxembourg-Kirchberg

Agenda:

*17h45 - Welcome and registration
*18h00 - Introduction to Cryptography with JCA and JCE, Sébastien Stormacq, Sun Microsystems (French, slides in English)
*19h15 - [http://www.owasp.org/images/b/bb/2009-05-27_owasp%40yajug.ppt OWASP Top 10 Security Breaches for Java Web Applications], Jocelyn Aubert, OWASP-LU (French, slides in English)
*20h30 - Drink

The whole program is available on [http://www.yajug.org/confluence/display/Public/Future+Events YAJUG website].

'''Note:''' This event is NOT an OWASP event! You have to register on YAJUG website (fee: 40 euros).

=== OWASP @ [http://www.c3l.lu/ C3L] (Chaos Computer Club Lëtzebuerg) ===

''Monday, April 6th 2009'' - 20:00 (...until late in the night)

Brasserie [http://www.seppl.lu/ Seppl] (Club-Room) - Luxembourg-Limpertsberg

Agenda:

*15 minutes intro OWASP Luxembourg Chapter
*remaining time - Technical Chaos regarding OWASP

== Chapter Board ==

The Luxembourg chapter is supported by the following board:

*ADELSBACH André
*AUBERT Jocelyn
*DULAUNOY Alexandre
*RIGHETTO Dominique
*STEICHEN Pascal
*ZOLLER Thierry

== Chapter Sponsors ==
OWASP Luxembourg thanks its structural chapter supporters: 
<center>
[[Image:Bnl11-SECURITYANDTRUST-LOGO.jpg|link=http://www.securityandtrust.lu]]
[http://circl.lu/ http://circl.lu/pics/logo.png]
[http://www.f5.com https://www.owasp.org/images/f/fd/AppSec_Research_2010_sponsor_F5_logo.jpg]
</center>

[[Category:Europe]]

BeNeLux OWASP Day 2016

2016-02-13T18:30:01Z

Jocelyn.aubert: update the logo

<center>[[File:OWASP_BeNeLux_2016_logo.jpeg|center|512px]] </center>

 


= Information =

== OWASP BeNeLux Announcement ==
We are proud to announce the dates of the next edition of BeNeLux OWASP Day!
The event will take place on 17 and 18 March 2016, in Belval Campus, in Esch-sur-Alzette - Luxembourg.
More information on the venue can be found {{#switchtablink:Venue|here}}.
 
{{#switchtablink:Registration| Don't wait and register now!}}



== Confirmed speakers Conference ==
{{#switchtablink:Conferenceday| 
* Julie Gommes
* Stefan Burgmair (OWASP Germany)
* Erik Poll (Radboud University)
* Arne Swinnen (Nviso)
* Glenn & Riccardo Ten Cate
* Christian Schneider & Alvaro Muñoz (HPE)
* Michael Hamm (CIRCL - Computer Incident Response Center Luxembourg)
}}
 

== The OWASP BeNeLux Program Committee ==
*Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
*Martin Knobloch, OWASP Netherlands
*Jocelyn Aubert, OWASP Luxembourg
 

== Tweet! ==
Event tag is [http://twitter.com/#search?q=%23owaspbnl16 #owaspbnl16]
 
== Donate to OWASP BeNeLux ==
[https://co.clickandpledge.com/?wid=72689 Donate]



= Registration =

== OWASP BeNeLux training day and conference are free, but registration is required! ==

Register today at https://owasp-benelux-day-2016.eventbrite.com . We only have a limited number of seats available for our trainings and conference. First come, first serve!

 
To support the OWASP organisation, consider to become a member, it's only US$50!
 
Check out the [[Membership]] page to find out more.
 



= Venue =

== Venue is ==

'''University of Luxembourg''' 
'''Maison du Savoir''' 
''2, avenue de l'Université 
L-4365 Esch-sur-Alzette''

=== How to reach the venue? ===

==== By car ====
Check the [https://goo.gl/maps/d8lTe Belval Campus map] - available on google maps - for route information.

Outdoor parking areas and underground car parks are available throughout the campus, particularly [http://www.cfl.lu/espaces/voyageurs/en/gares-et-services/auto-moto-v%C3%A9lo/p-r-belval-universit%C3%A9-1-622-places-%C3%A0-votre-disposition P+R Belval Université], or [http://umbelval.lu/wp-content/uploads/2015/08/Tarifs-horaires-2015.pdf Square Mile parking] or [http://umbelval.lu/wp-content/uploads/2015/08/Tarifs-horaires-2015.pdf Belval Plaza].

==== By train ====
Trains departing every 15 minutes from Luxembourg Central Station are direct to "Belval-Université" - line is connection-free via Esch-sur-Alzette. Get information on train schedules on the [http://www.cfl.lu/en CFL’s website].

When on site, access to buildings is easy on foot.

=== Hotel nearby ===
[http://www.accorhotels.com/fr/hotel-7071-ibis-esch-belval/index.shtml Hotel Ibis Esch-Belval] 
12, avenue du Rock'n'Roll 
L-4361 Esch-sur-Alzette, Luxembourg 
From 81 EUR per night



= Trainingday =

=== Trainingday is March 17th ===

== Location ==
The training venue is at the same location as the {{#switchtablink:Venue|conference venue}}.

== Agenda ==
{| class="wikitable"
! Time !! Description !! Room 1 !! Room 2 !! Room 3 !! Room 4
|-
| 08h30 - 9h30
| colspan="5" style="text-align: center; background: grey; color: white;" | ''Registration''
|-
| 09h30 - 11h00 || Training
| rowspan="7" style="width:100px;" | Application Security Primer by Martin Knobloch
| rowspan="7" style="width:100px;" | Hands-on Threat Modeling by Sebastien Deleersnyder
| rowspan="7" style="width:100px;" | Security Shepherd by Mark Denihan
| rowspan="7" style="width:100px;" | O-saft by Achim Hoffman & Torsten Gigler
|-
| 11h00 - 11h30 || ''Coffee Break''
|-
| 11h30 - 13h00 || Training
|-
| 13h00 - 14h00 || ''Lunch''
|-
| 14h00 - 15h30 || Training
|-
| 15h30 - 16h00 || ''Coffee Break''
|-
| 16h00 - 17h30 || Training
|}

== Application Security Primer by Martin Knobloch ==
TBD

== Hands-on Threat Modeling by Sebastien Deleersnyder ==

This is a 1 day, trainer-led, on-site, Threat Modeling course. The training material and hands-on workshops include real live Use Cases. The students will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of threat modeling on:
* B2B web and mobile applications, sharing the same REST backend
* An Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.

Threat modeling allows you to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. Threat modeling also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model.

This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications and databases. The students should bring their own laptop to the course.

==== Course topics (1 day) ====

Threat modeling introduction
*Threat modeling in a secure development lifecycle
*What is threat modeling
*Why threat modeling?
*Threat modeling stages
*Diagrams
*Identify threats
*Addressing threats
*Document a threat model
Diagrams – what are you building?
*Understanding context
*Doomsday scenarios
*Data flow diagrams
*Trust Boundaries
*'''Hands-on: diagram B2B web and mobile applications, sharing the same REST backend'''
Identifying threats – what can go wrong?
*STRIDE introduction
*Spoofing threats
*Tampering threats
*Repudiation threats
*Information disclosure threats
*Denial of service threats
*Elevation of privilege threats
*'''Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service'''
Addressing each threat
*Mitigation patterns
*Authentication: mitigating spoofing
*Integrity: mitigating tampering
*Non-repudiation: mitigating repudiation
*Confidentiality: mitigating information disclosure
*Availability: mitigating denial of service
*Authorization: mitigating elevation of privilege
Threat modeling tools
*General tools
*Open-Source tools
*Commercial tools

The course students receive the following package as part of the course:
*Hand-outs of the presentations
*Work sheets of the use cases,
*Detailed solution descriptions of the use cases
*Template to document a threat model
*Template to calculate risk levels of identified threats
The students should bring their own laptop

==== Threat Modeling – real life use cases ====
As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
In order to minimize that gap we have developed practical Use Cases, based on real life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using this methodology for the hands on workshops we provide our students with a robust training experience and the templates to incorporate threat modeling best practices in their daily work.
The students will be challenged to perform the threat modeling in groups of 3 to 4 people performing the different stages of threat modeling on:
*B2B web and mobile applications, sharing the same REST backend
*An Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service
After each hands-on workshop, the results are discussed, and the students receive a documented solution.

==== Sebastien Deleersnyder ====
Sebastien Deleersnyder, managing partner and application security consultant at [http://www.toreon.com Toreon] will share his practical threat model experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post , Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference.

== Security Shepherd by Mark Denihan ==
TBD

== O-saft by Achim Hoffman & Torsten Gigler ==
==== Abstract ====
The use of SSL/TLS to protect the transport of data has become very common today. On the other hand it does not work pretty 'out of the box'. Furthermore it has more and more secuirty issues. As a consequence it often does not protect as assumed. It is often difficult to understand, what are the root causes of the issues, and how to detect and
finally avoid or fix them. 
This training will give a brief introduction to SSL, how it works i. g., what issues are related to the protocol, the PKI used, and the known vulnerabilities including potential attacks and provide tools to check for these issues. The main focus will be on SSL/TLS used in HTTPS. Other usages i.e. SSL for SMTP are a small subset. As a round-up there will be recommendations how to configure and maintain TLS securely.

==== Course Topics ====
The main part of the course will be a hands-on-training showing by example how to check the established TLS/SSL connection (including ciphers) to a web server and show how to analyse the provided certificate. Various tools will be explained. It will be demonstrated how these tools can be used to detect weaknesses in the TLS/SSL connection and such. 
The explained tools are for example: openssl, sslscan, testssl.sh, o-saft, and some more, as well as some online checking tools like ssllabs.com. We show what are these tools useful for, what they can do, and what they cannot. Finally we show how the OWASP tool o-saft can be used to cover most of the previous shown techniques and how to use its advanced features like:
* checking for ciphers
* checking for special SSL settings
* check multiple servers at a time
* customizing the results
* customizing o-saft itself
* or simple debugging of various SSL connection problems. 
The purpose of this course is to provide a tool set for checking TLS/SSL to the participants, and teach the participants how and when to use which tool, and why some tools do not provide complete results (e.g. protocols, ciphers). The course is about analysing TLS/SSL from a client-site view. It will not go into the details of fuzzing or even breaking TLS/SSL, or exploiting vulnerabilities. Mostly we will analyse HTTPS, furthermore we will provide some examples for protocols using STARTTLS, too (e.g. SMTP). 
Additionally it will give system architects, administrator, or operational people, hints how to set-up and configure TLS/SSL in a proper secure way.
 

==== Technical requirements ====
The participants should bring their own laptop with any operating system (recommended is Linux) and at least following tools installed:
* openssl (1.0.1e or newer)
* perl (5.8 or newer), on windows system Strawberry perl is recommended
* Net::SSLeay (1.53 or newer), IO::Socket::SSL (1.37 or newer)
* Tcl (8.5) optional, on a windows system ActiveTcl (8.6) is recommended
* python (2.7) optional 
Optional, for smooth testing, a local SSL-enabled (SSLv2, SSLv3, TLS) web server should be running on the laptop (i.e. OWASP-BWA).
 

==== Bio's ====
* Achim Hoffmann ... Starting with Linux/network security in the nineties. Achim Hoffmann has been working in web application security since more than 15 years. While working as a developer for web-application for several years he started concentrating on web application security as major subject in different roles like penetration tester, doing SCA and giving security workshops. He is author, co-author and maintainer of various papers about web application security at BSI (Germany), OWASP and WASC. He also published some tools (EnDe, EMiR, ReDoS, O-Saft) which aim to make web application security more visible. Achim is owner of sic[!]sec GmbH, Germany, a company that provides information security services. Outside work he is German OWASP Board Member and helps maintaining OWASP's mailing lists.
* Torsten Gigler ... Internernal Security Consultant in a large scale enterprise >15 years (ICT-Infrastructure- and Application Security). He has been volunteering for OWASP since more than 3 years: since 2 years co-developer of O-Saft, contributed to the Transport Layer Protection Cheat Sheet (Cipher Section), project leader 'OWASP Top 10 für Entwickler' / OWASP Top 10 for Developers, contributed to the German translation of OWASP-Top-10 2013, supported the Top_10_2013-Project: Review, Wiki.



= Conferenceday =
=== Conferenceday is March 18th ===

== Agenda ==
{| class="wikitable"
! width="120pt" | Time
! width="180pt" | Speaker !! Topic
|-
| 08h30 - 09h10
| colspan="2" style="text-align: center; background: grey; color: white" | ''Registration''
|-
| 09h15 - 10h00 || Julie Gommes || Gamers, You're the new Botnets
|-
| 10h00 - 10h45 || Stefan Burgmair || OWASP Top 10 Privacy Risks
|-
| 10h45 - 11h15
| colspan="2" style="text-align: center;background: grey; color: white" | ''Morning Break''
|-
| 11h15 - 12h00 || Erik Poll || LangSec meets State Machines
|-
| 12h00 - 12h45 || Arne Swinnen || The Tales of a Bug Bounty Hunter
|-
| 12h45 - 13h45
| colspan="2" style="text-align: center;background: grey; color: white" | ''Lunch''
|-
| 13h45 - 14h30 || Glenn & Riccardo Ten Cate || OWASP Secure Knowledge Framework (SKF)
|-
| 14h30 - 15h15 || Kevin Allix || Mobile Security
|-
| 15h15 - 15h45
| colspan="2" style="text-align: center;background: grey; color: white" | ''Break''
|-
| 15h45 - 16h30 || Christian Schneider & Alvaro Muñoz || Serial Killer: Silently Pwning your Java Endpoints
|-
| 16h30 - 17h15 || Michael Hamm || Experiences with Paste-Monitoring
|-
| 17h15 - 17h30 || OWASP Benelux 2016 organization || '''Closing Notes'''
|}

<div id="TBD"></div>

== Talks ==

=== Julie Gommes - Gamers, You're the New Botnets ===
''Abstract:'' Downloading, playing, downloading, playing, downloading, playing, downloading, playing, downloading, playing... that is really funny.
You can try new games every day but the guys who share those games are not just happy and funny people doing that just for pleasure to share "games".
Yeas, they're sharing games, but lot of other Tools they enjoy to play with...
Let's talk about malwares, about botnets, about backdoors and about some computer which can win a "botnet award".
 
''Bio:'' Julie Gommes is a cybersecurity contractor, working in Paris on risk analysis, Security gap analysis, Security in project management, Audit, CISO support. She is also trainer for exposed professionals (journalists, lawyers, HR, employees of NGOs ...). https://fr.linkedin.com/in/juliegommes; Twitter : @JujuSete
 

=== Stefan Burgmair - OWASP Top 10 Privacy Risks ===
''Abstract:'' There are lively discussions about how to protect personal data especially with the upcoming EU Data Protection Regulation that requires Privacy by Design. But still there was no independent description of privacy risks specifically for web applications available. Thus, companies lack guidance to identify and avoid privacy risks during systems development. Therefore the OWASP Top 10 Privacy Risks project developed a list of the top 10 privacy risks in web applications. The project covers technical and organizational aspects like missing encryption or insufficient transparency and results and practical countermeasures are presented in this session.
 
''Bio:'' Stefan Burgmair is a German security and privacy consultant at msg systems in Munich. He wrote his Master Thesis in information systems and management about the “Top 10 Privacy Risks for Web Applications” and continues to deliver key content for the project.
 

=== Erik Poll - LangSec meets State Machines ===
''Abstract:'' Language-theoretic Security, or LangSec for short, provides
useful insights into the root causes of an important class
security flaws - namely flaws in handling input - and ways to
avoid these. This talk will discuss the core ideas of LangSec and
the relation with security research we have done at over the
years, where we used state machines as a means to systematically
investigate GSM, bank cards, internet banking tokens, and TLS.
 
''Bio:'' Erik Poll is Associate Professor in the Digital Security group of
the Radboud University in Nijmegen. His research interests
include smart cards, security protocols, the security of payment
systems and smart grids, and formal methods that can improve
security by providing a rigorous basis for design, analysis, and
testing.
 

=== Arne Swinnen - The Tales of a Bug Bounty Hunter ===
''Abstract:'' Bug bounty hunting is the new black! During this technical talk, several interesting vulnerabilities identified in Instagram, the increasingly-popular photo-based social media platform, will be presented. 
All vulnerabilities were disclosed responsibly via Facebook’s Public Bug Bounty program over the course of 2015 and 2016, and will be discussed in detail. Required advanced Mobile Security attack techniques for this Research, such as Binary Modification, Dynamic Hooking and Burp Suite Plugin Development will be covered, among other trickery. 
The most interesting vulnerabilities were hybrid: Combinations of complementary vulnerabilities in different environments (e.g. Web and Mobile). All identified issues’ root causes will be mapped onto the Software Development Life Cycle (SDLC), to analyze where they could have been prevented from materializing. Last but not least, the monetary rewards offered by Facebook for each vulnerability and general Bug Bounty Hunting advice will be shared with the community.
 
''Bio:'' Arne Swinnen is an IT Security Consultant at NVISO, a Belgian Cyber Security Consulting firm. Arne specializes in Application Security and Digital Forensics. He co-organized the first edition of the Cyber Security Challenge Belgium in 2015, a National cyber security competition designed exclusively for Belgian students. 
Arne was a speaker at Black Hat USA and BruCON in 2014, presenting novel anti-virus detection and evasion techniques (“One Packer to Rule Them All”). Since 2015, he is also listed on Facebook’s Bug Bounty Half of Fame''. 
 

=== Christian Schneider & Alvaro Muñoz - Serial Killer: Silently Pwning your Java Endpoints ===
''Abstract:'' In this session we begin with modelling the attack surface of Java deserialization, which often leads to remote code execution (RCE), by showcasing vulnerabilities we found in modern and widely used applications and frameworks. We extend existing research about risks of deserialization broadening the attack surface. After a live demo of getting a Meterpreter shell in a modern Java endpoint setup we delve into the exploitation styles for this vulnerability to lay the foundation of the first of three key takeaways for the attendees. The first key takeaway is identification of test types that should be executed during a dynamic assessment of an application in order to find this kind of vulnerability. This includes analyzing the deserialization interface and using blackbox tests to create payloads with gadgets matching the application’s classpath to verify the RCE. Discussion extends to cover indirect deserialization interfaces that use non-binary data formats, such as XML-based interfaces, which can also act as a driver for deserialization within the application. The next key takeaway covers the realm of static code analysis (SAST). We present code patterns security reviewers should look for when doing whitebox assessments of applications or frameworks. This is especially interesting for code offering dynamic functionality including AOP, generic mappings, reflection, interceptors, etc. - all of which have a high probability of including code that can facilitate as deserialization gadgets and thus help the attackers in exploiting deserialization vulnerabilities. In this section we present the techniques used to find the vulnerabilities within the popular frameworks showcased during the live demo at the session’s start. Finally we conclude with tips on implementing different techniques of hardening measures for applications offering deserialisation interfaces (either direct binary deserialization interfaces or indirect XML-based ones) to give the attendees the third key takeaway: protecting applications properly. This includes ways to verify data integrity prior to deserialization and ways to properly inspect the data before it’s handled by the Java deserialization process.

''Bio's:''
* Christian Schneider (@cschneider4711) writes software since the nineties, works as a freelance software developer since 1997, focuses on Java since 1999 and on IT-Security - especially Pentesting - since 2005. He enjoys writing articles about web application security as well as speaks and trains at conferences (OWASP AppSecEU, JAX, WJAX, WebTechCon, DevOpsCon, HackPra, RSA). He blogs at [https://www.Christian-Schneider.net Christian-Schneider.net]
* Alvaro Muñoz (@pwntester) works as Principal Security Researcher with HPE Security Fortify. He enjoys researching different programming languages and web application frameworks for vulnerabilities and unsafe APIs. Before joining the HPE research team, he worked as an Application Security Consultant helping enterprises to start and improve their application security programs. He blogs at [http://www.pwntester.com pwntester.com]

=== Michael Hamm - Experiences with Paste-Monitoring ===
''Abstract:'' Paste platforms like Pastebin.com provide the possibility to store and share text online. Often this kind of services are used by programmers but also abused by attackers to present their achievements. CIRCL acts as a fire brigade and monitor several of those paste platforms to early detect potential incidents and help the victims. The findings vary from lists of vulnerable or compromised websites, leaked credentials, database dumps, opportunistic announcements, stolen credit card details and many more. We will present the used techniques, and some key experiences with the findings and introduce the AIL framework - Framework for Analysis of Information Leaks. AIL is designed to analyse unstructured data and identify potential data leaks.

''Bio:'' Works since 2000 in the field of security and since 2010 as CIRCL Operator.

=== Glenn ten Cate, Riccardo ten Cate -- Security knowledge framework ===
Over 10 years of experience in web application security bundled into a single application. 
The Security Knowledge Framework is a vital asset to the coding toolkit of you and your development team. 
Use SKF to learn and integrate security by design in your web application.

SKF is an open source security knowledgebase including manageble projects with checklists and best practice code examples in multiple programming languages showing 
you how to prevent hackers gaining access and running exploits on your application. 

We will be talking about:
<ul>
<li>Training your developers in writing secure code</li>
<li>Security support pre-development (Security by design, early feedback of possible security issues)</li>
<li>Security support post-development(Double check your code by means of the OWASP ASVS checklists )</li>
<li>Code examples for secure coding</li>
</ul>
"Bio:" 
Glenn 
As a coder, hacker, speaker, trainer and security researcher Glenn has over 10 years experience in the field of security. 
His goal is to create an open-source software development life cycle with the tools and knowledge gathered over the years. 

 
Riccardo 
As a developer and penetration tester Riccardo specialises in web-application security and 
has extensive knowledge in securing web applications in multiple coding languages.



= Social Event =

== Social Event ==
'''Wait for it...'''

= CTF =

== Capture the Flag! ==

* Do you like puzzles?
* Do you like challenges?
* Are you a hacker?

Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux Day and participate in the Capture the Flag event.

The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.

All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.

So come, show off your skills, learn new tricks and above all have a good time at the CTF event.



= Sponsor =

=== Become a sponsor of OWASP BeNeLux ===

== Donate to OWASP BeNeLux ==

[https://co.clickandpledge.com/?wid=72689 Sponsor]

== Promotion ==
''Feel free to use the text below to promote our event!''

We invite you to our next OWASP event: the '''BeNeLux OWASP Days 2016!'''

The good news: free! No fee!

The bad news: there are only 150 seats available (first register, first serve)!


__NOTOC__
<headertabs/>

=== Hosted and co-organized by ===
[[Image:Bnl11-university-logo.jpg|link=http://wwwen.uni.lu]]
[[Image:Bnl11-SECURITYANDTRUST-LOGO.jpg|link=http://www.securityandtrust.lu]]

=== Made possible by our {{#switchtablink:Sponsor|Sponsors}}===
[http://circl.lu/ http://circl.lu/pics/logo.png]

 

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

File:OWASP BeNeLux 2016 logo.jpeg

2016-02-13T18:28:59Z

Jocelyn.aubert: Jocelyn.aubert uploaded a new version of "File:OWASP BeNeLux 2016 logo.jpeg"

File:OWASP BeNeLux 2016 logo.jpeg

2016-02-13T18:24:40Z

Jocelyn.aubert:

File:OWASP BeNeLux 2015.png

2016-02-13T18:21:37Z

Jocelyn.aubert: Jocelyn.aubert uploaded a new version of "File:OWASP BeNeLux 2015.png"

2016-01-27T15:44:49Z

Jocelyn.aubert: /* Sponsor */

BeNeLux OWASP Day 2016

2016-01-27T12:43:13Z

Jocelyn.aubert:

<center>[[Image:OWASP BeNeLux 2015.png|center|512px]] </center>

 


= Information =

=== OWASP BeNeLux Announcement ===
We are proud to announce the dates of the next edition of BeNeLux OWASP Day!
The event will take place on 17 and 18 March 2016, in Belval Campus, in Esch-sur-Alzette - Luxembourg.
More information on the venue can be found {{#switchtablink:Venue|here}}.
 
{{#switchtablink:Registration| Don't wait and register now!}}




==== Confirmed speakers Conference ====
{{#switchtablink:Conferenceday| 
* Stephen Burgmair (OWASP Germany)
* Jullie Gommes
* Erik Poll
* Arne Swinnen (Nviso)
* Glenn & Riccardo Ten Cate
* Christian Schneider
* Michael Hamm (CIRCL)
}}
 

==== The OWASP BeNeLux Program Committee ====
*Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
*Martin Knobloch, OWASP Netherlands
*Jocelyn Aubert, OWASP Luxembourg
 

=== Tweet! ===
Event tag is [http://twitter.com/#search?q=%23owaspbnl16 #owaspbnl16]
 
==== Donate to OWASP BeNeLux ====
[https://co.clickandpledge.com/?wid=72689 Donate]



= Registration =

==== OWASP BeNeLux training day and conference are free, but registration is required! ====

Register today at https://owasp-benelux-day-2016.eventbrite.com . We only have a limited number of seats available for our trainings and conference. First come, first serve!

 
To support the OWASP organisation, consider to become a member, it's only US$50!
 
Check out the [[Membership]] page to find out more.
 



= Venue =

==== Venue is ====

University of Luxembourg 
Maison du Savoir 
2, avenue de l'Université 
L-4365 Esch-sur-Alzette

==== How to reach the venue? ====

===== By car =====
Check the [https://goo.gl/maps/d8lTe Belval Campus map] - available on google maps - for route information.

Outdoor parking areas and underground car parks are available throughout the campus, particularly [http://www.cfl.lu/espaces/voyageurs/en/gares-et-services/auto-moto-v%C3%A9lo/p-r-belval-universit%C3%A9-1-622-places-%C3%A0-votre-disposition P+R Belval Université], or [http://umbelval.lu/wp-content/uploads/2015/08/Tarifs-horaires-2015.pdf Square Mile parking] or [http://umbelval.lu/wp-content/uploads/2015/08/Tarifs-horaires-2015.pdf Belval Plaza].

===== By train =====
Trains departing every 15 minutes from Luxembourg Central Station are direct to "Belval-Université" - line is connection-free via Esch-sur-Alzette. Get information on train schedules on the [http://www.cfl.lu/en CFL’s website].

When on site, access to buildings is easy on foot.

===== Hotel nearby =====
[http://www.accorhotels.com/fr/hotel-7071-ibis-esch-belval/index.shtml Hotel Ibis Esch-Belval] 
12, avenue du Rock'n'Roll 
L-4361 Esch-sur-Alzette, Luxembourg 
From 81 EUR per night



= Trainingday =

==== Trainingday ====
The training abstracts will be available soon

==== Location ====
The training venue is at the same location as the {{#switchtablink:Venue|conference venue}}.

==== Agenda ====
{| class="wikitable"
! Time !! Description !! Room 1 !! Room 2 !! Room 3 !! Room 4
|-
| 08h30 - 9h30
| colspan="5" style="text-align: center; background: grey; color: white;" | ''Registration''
|-
| 09h30 - 11h00 || Training
| rowspan="7" style="width:100px;" | Application Security Primer by Martin Knobloch
| rowspan="7" style="width:100px;" | Hands-on Threat Modeling by Sebastien Deleersnyder
| rowspan="7" style="width:100px;" | Security Shepherd by Mark Denihan
| rowspan="7" style="width:100px;" | O-saft by Achim Hoffman
|-
| 11h00 - 11h30 || ''Coffee Break''
|-
| 11h30 - 13h00 || Training
|-
| 13h00 - 14h00 || ''Lunch''
|-
| 14h00 - 15h30 || Training
|-
| 15h30 - 16h00 || ''Coffee Break''
|-
| 16h00 - 17h30 || Training
|}

==Application Security Primer by Martin Knobloch==
TBD

==Hands-on Threat Modeling by Sebastien Deleersnyder==

This is a 1 day, trainer-led, on-site, Threat Modeling course. The training material and hands-on workshops include real live Use Cases. The students will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of threat modeling on:
* B2B web and mobile applications, sharing the same REST backend
* An Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.

Threat modeling allows you to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. Threat modeling also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model.

This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications and databases. The students should bring their own laptop to the course.

===Course topics (1 day)===

Threat modeling introduction
*Threat modeling in a secure development lifecycle
*What is threat modeling
*Why threat modeling?
*Threat modeling stages
*Diagrams
*Identify threats
*Addressing threats
*Document a threat model
Diagrams – what are you building?
*Understanding context
*Doomsday scenarios
*Data flow diagrams
*Trust Boundaries
*'''Hands-on: diagram B2B web and mobile applications, sharing the same REST backend'''
Identifying threats – what can go wrong?
*STRIDE introduction
*Spoofing threats
*Tampering threats
*Repudiation threats
*Information disclosure threats
*Denial of service threats
*Elevation of privilege threats
*'''Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service'''
Addressing each threat
*Mitigation patterns
*Authentication: mitigating spoofing
*Integrity: mitigating tampering
*Non-repudiation: mitigating repudiation
*Confidentiality: mitigating information disclosure
*Availability: mitigating denial of service
*Authorization: mitigating elevation of privilege
Threat modeling tools
*General tools
*Open-Source tools
*Commercial tools

The course students receive the following package as part of the course:
*Hand-outs of the presentations
*Work sheets of the use cases,
*Detailed solution descriptions of the use cases
*Template to document a threat model
*Template to calculate risk levels of identified threats
The students should bring their own laptop

===Threat Modeling – real life use cases===
As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
In order to minimize that gap we have developed practical Use Cases, based on real life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using this methodology for the hands on workshops we provide our students with a robust training experience and the templates to incorporate threat modeling best practices in their daily work.
The students will be challenged to perform the threat modeling in groups of 3 to 4 people performing the different stages of threat modeling on:
*B2B web and mobile applications, sharing the same REST backend
*An Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service
After each hands-on workshop, the results are discussed, and the students receive a documented solution.

===Sebastien Deleersnyder===
Sebastien Deleersnyder, managing partner and application security consultant at [http://www.toreon.com Toreon] will share his practical threat model experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post , Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference.

==Security Shepherd by Mark Denihan==
TBD

==O-saft by Achim Hoffman==
TBD

 



= Conferenceday =
==== Conferenceday, March 18th ====

==== Agenda ====
{| class="wikitable"
! width="120pt" | Time
! width="180pt" | Speaker !! Topic
|-
| 09h00 - 09h10
| colspan="2" style="text-align: center; background: grey; color: white" | ''Registration''
|-
| 09h15 - 10h00 || Jullie Gommes || Gamers You're the new Botnets
|-
| 10h00 - 10h45 || Stephen Burgmair || OWASP Top 10 Privacy Risks
|-
| 10h45 - 11h15
| colspan="2" style="text-align: center;background: grey; color: white" | ''Morning Break''
|-
| 11h15 - 12h00 || Erik Poll || LangSec meets State Machines
|-
| 12h00 - 12h45 || Arne Swinnen || The Tales of a Bug Bounty Hunter
|-
| 12h45 - 13h45
| colspan="2" style="text-align: center;background: grey; color: white" | ''Lunch''
|-
| 13h45 - 14h30 || Glenn & Riccardo Ten Cate || OWASP Secure Knowledge Framework (SKF)
|-
| 14h30 - 15h15 || University Luxembourg || Mobile Security
|-
| 15h15 - 15h45
| colspan="2" style="text-align: center;background: grey; color: white" | ''Break''
|-
| 15h45 - 16h30 || Christian Schneider || Java Deserialization Security Issues
|-
| 16h30 - 17h15 || Michael Hamm || Experiences with Paste-Monitoring
|-
| 17h15 - 17h30 || OWASP Benelux 2015 organization || '''Closing Notes'''
|}

 
 

<div id="TBD"></div>

'''Arne Swinnen - The Tales of a Bug Bounty Hunter'''
''Abstract:'' 
TBD
 
''Bio:'' Arne Swinnen is an IT Security Consultant at NVISO, a Belgian Cyber Security Consulting firm. Arne specializes in Application Security and Digital Forensics. He co-organized the first edition of the Cyber Security Challenge Belgium in 2015, a National cyber security competition designed exclusively for Belgian students. 
Arne was a speaker at Black Hat USA and BruCON in 2014, presenting novel anti-virus detection and evasion techniques (“One Packer to Rule Them All”). Since 2015, he is also listed on Facebook’s Bug Bounty Half of Fam''. 
 



= Social Event =

==== Social Event ====
'''Wait for it...'''

= CTF =

==== Capture the Flag! ====

* Do you like puzzles?
* Do you like challenges?
* Are you a hacker?

Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux Day and participate in the Capture the Flag event.

The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.

All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.

So come, show off your skills, learn new tricks and above all have a good time at the CTF event.



= Sponsor =

==== Become a sponsor of OWASP BeNeLux ====

==== Donate to OWASP BeNeLux ====

[https://co.clickandpledge.com/?wid=72689 Sponsor]

==== Promotion ====
''Feel free to use the text below to promote our event!''

We invite you to our next OWASP event: the '''BeNeLux OWASP Days 2016!'''

The good news: free! No fee!

The bad news: there are only 280 seats available (first register, first serve)!


__NOTOC__
<headertabs/>

==== Made possible by our {{#switchtablink:Sponsor|Sponsors}}====

 

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

BeNeLux OWASP Day 2016

2016-01-27T09:01:19Z

Jocelyn.aubert: /* Agenda */

<center>[[Image:OWASP BeNeLux 2015.png|center|512px]] </center>

 


= Information =

=== OWASP BeNeLux Announcement ===
We are proud to announce the dates of the next edition of BeNeLux OWASP Day!
The event will take place on 17 and 18 March 2016, in Belval Campus, in Esch-sur-Alzette - Luxembourg.
More information on the venue can be found {{#switchtablink:Venue|here}}.
 
{{#switchtablink:Registration| Don't wait and register now!}}




==== Confirmed speakers Conference ====
{{#switchtablink:Conferenceday| 
* Stephen Burgmair (OWASP Germany)
* Jullie Gommes
* Erik Poll
* Arne Swinnen
* Glenn & Riccardo Ten Cate
* Christian Schneider
* Michael Hamm & Alexandre Dulaunoy (CIRCL)
* and a Mysterious speaker from Luxembourg University
}}
 

==== The OWASP BeNeLux Program Committee ====
*Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
*Martin Knobloch, OWASP Netherlands
*Jocelyn Aubert / Thierry Zoller, OWASP Luxembourg
 

=== Tweet! ===
Event tag is [http://twitter.com/#search?q=%23owaspbnl16 #owaspbnl16]
 
==== Donate to OWASP BeNeLux ====
[https://co.clickandpledge.com/?wid=72689 Donate]



= Registration =

==== OWASP BeNeLux training day and conference are free, but registration is required! ====

Register today at https://owasp-benelux-day-2016.eventbrite.com . We only have a limited number of seats available for our trainings and conference. First come, first serve!

 
To support the OWASP organisation, consider to become a member, it's only US$50!
 
Check out the [[Membership]] page to find out more.
 



= Venue =

==== Venue is ====

University of Luxembourg 
Maison du Savoir 
2, avenue de l'Université 
L-4365 Esch-sur-Alzette

==== How to reach the venue? ====

===== By car =====
Check the [https://goo.gl/maps/d8lTe Belval Campus map] - available on google maps - for route information.

Outdoor parking areas and underground car parks are available throughout the campus, particularly [http://www.cfl.lu/espaces/voyageurs/en/gares-et-services/auto-moto-v%C3%A9lo/p-r-belval-universit%C3%A9-1-622-places-%C3%A0-votre-disposition P+R Belval Université], or [http://umbelval.lu/wp-content/uploads/2015/08/Tarifs-horaires-2015.pdf Square Mile parking] or [http://umbelval.lu/wp-content/uploads/2015/08/Tarifs-horaires-2015.pdf Belval Plaza].

===== By train =====
Trains departing every 15 minutes from Luxembourg Central Station are direct to "Belval-Université" - line is connection-free via Esch-sur-Alzette. Get information on train schedules on the [http://www.cfl.lu/en CFL’s website].

When on site, access to buildings is easy on foot.

===== Hotel nearby =====
[http://www.accorhotels.com/fr/hotel-7071-ibis-esch-belval/index.shtml Hotel Ibis Esch-Belval] 
12, avenue du Rock'n'Roll 
L-4361 Esch-sur-Alzette, Luxembourg 
From 81 EUR per night



= Trainingday =

==== Trainingday ====
The training abstracts will be available soon

==== Location ====
The training venue is at the same location as the {{#switchtablink:Venue|conference venue}}.

==== Agenda ====
{| class="wikitable"
! Time !! Description !! Room 1 !! Room 2 !! Room 3 !! Room 4
|-
| 08h30 - 9h30
| colspan="5" style="text-align: center; background: grey; color: white;" | ''Registration''
|-
| 09h30 - 11h00 || Training
| rowspan="7" style="width:100px;" | Application Security Primer by Martin Knobloch
| rowspan="7" style="width:100px;" | Hands-on Threat Modeling by Sebastien Deleersnyder
| rowspan="7" style="width:100px;" | Security Shepherd by Mark Denihan
| rowspan="7" style="width:100px;" | O-saft by Achim Hoffman
|-
| 11h00 - 11h30 || ''Coffee Break''
|-
| 11h30 - 13h00 || Training
|-
| 13h00 - 14h00 || ''Lunch''
|-
| 14h00 - 15h30 || Training
|-
| 15h30 - 16h00 || ''Coffee Break''
|-
| 16h00 - 17h30 || Training
|}

==Application Security Primer by Martin Knobloch==
TBD

==Hands-on Threat Modeling by Sebastien Deleersnyder==

This is a 1 day, trainer-led, on-site, Threat Modeling course. The training material and hands-on workshops include real live Use Cases. The students will be challenged to perform practical threat modeling in groups of 3 to 4 people covering the different stages of threat modeling on:
* B2B web and mobile applications, sharing the same REST backend
* An Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service

Threat modeling is the primary security analysis task performed during the software design stage. Threat modeling is a structured activity for identifying and evaluating application threats and vulnerabilities. The security objectives, threats, and attacks modeling activities during the threat modeling are designed to help you find vulnerabilities in your application. You can use the identified vulnerabilities to help shape your design and direct and scope your security testing.

Threat modeling allows you to consider, document, and discuss the security implications of designs in the context of their planned operational environment and in a structured fashion. Threat modeling also allows consideration of security issues at the component or application level. The threat modeling course will teach you to perform threat modeling through a series of workshops, where our trainer will guide you through the different stages of a practical threat model.

This course is aimed at software developers, architects, system managers or security professionals. Before attending this course, students should be familiar with basic knowledge of web and mobile Applications and databases. The students should bring their own laptop to the course.

===Course topics (1 day)===

Threat modeling introduction
*Threat modeling in a secure development lifecycle
*What is threat modeling
*Why threat modeling?
*Threat modeling stages
*Diagrams
*Identify threats
*Addressing threats
*Document a threat model
Diagrams – what are you building?
*Understanding context
*Doomsday scenarios
*Data flow diagrams
*Trust Boundaries
*'''Hands-on: diagram B2B web and mobile applications, sharing the same REST backend'''
Identifying threats – what can go wrong?
*STRIDE introduction
*Spoofing threats
*Tampering threats
*Repudiation threats
*Information disclosure threats
*Denial of service threats
*Elevation of privilege threats
*'''Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service'''
Addressing each threat
*Mitigation patterns
*Authentication: mitigating spoofing
*Integrity: mitigating tampering
*Non-repudiation: mitigating repudiation
*Confidentiality: mitigating information disclosure
*Availability: mitigating denial of service
*Authorization: mitigating elevation of privilege
Threat modeling tools
*General tools
*Open-Source tools
*Commercial tools

The course students receive the following package as part of the course:
*Hand-outs of the presentations
*Work sheets of the use cases,
*Detailed solution descriptions of the use cases
*Template to document a threat model
*Template to calculate risk levels of identified threats
The students should bring their own laptop

===Threat Modeling – real life use cases===
As highly skilled professionals with years of experience under our belts we know that there is a gap between academic knowledge of threat modeling and the real world.
In order to minimize that gap we have developed practical Use Cases, based on real life projects. Each use case includes a description of the environment, together with questions and templates to build a threat model. Using this methodology for the hands on workshops we provide our students with a robust training experience and the templates to incorporate threat modeling best practices in their daily work.
The students will be challenged to perform the threat modeling in groups of 3 to 4 people performing the different stages of threat modeling on:
*B2B web and mobile applications, sharing the same REST backend
*An Internet of Things (IoT) deployment with an on premise gateway and cloud-based secure update service
After each hands-on workshop, the results are discussed, and the students receive a documented solution.

===Sebastien Deleersnyder===
Sebastien Deleersnyder, managing partner and application security consultant at [http://www.toreon.com Toreon] will share his practical threat model experience. Sebastien led engagements in the domain of ICT-security, Web and Mobile Security with several customers including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post , Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, served as vice-chair of the global OWASP Foundation Board and performed several public presentations on Web Application, Mobile and Web Services Security. Furthermore, Sebastien co-founded the yearly BruCON conference.

==Security Shepherd by Mark Denihan==
TBD

==O-saft by Achim Hoffman==
TBD

 



= Conferenceday =
==== Conferenceday, March 18th ====

==== Agenda ====
{| class="wikitable"
! width="120pt" | Time
! width="180pt" | Speaker !! Topic
|-
| 09h00 - 09h10
| colspan="2" style="text-align: center; background: grey; color: white" | ''Registration''
|-
| 09h15 - 10h00 || Gamers You're the new Botnets || Jullie Gommes
|-
| 10h00 - 10h45 || OWASP Top 10 Privacy Risks || Stephen Burgmair
|-
| 10h45 - 11h15
| colspan="2" style="text-align: center;background: grey; color: white" | ''Morning Break''
|-
| 11h15 - 12h00 || LangSec meets State Machines || Erik Poll
|-
| 12h00 - 12h45 || The Tales of a Bug Bounty Hunter: 10+ Interesting Vulnerabilities in Instagram || Arne Swinnen
|-
| 12h45 - 13h45
| colspan="2" style="text-align: center;background: grey; color: white" | ''Lunch''
|-
| 13h45 - 14h30 || OWASP Secure Knowledge Framework (SKF) || Glenn & Riccardo Ten Cate
|-
| 14h30 - 15h15 || Mobile Security || University Luxembourg
|-
| 15h15 - 15h45
| colspan="2" style="text-align: center;background: grey; color: white" | ''Break''
|-
| 15h45 - 16h30 || Java Deserialization Security Issues || Christian Schneider
|-
| 16h30 - 17h15 || Experiences with Paste-Monitoring || Michael Hamm
|-
| 17h15 - 17h30 || OWASP Benelux 2015 organization || '''Closing Notes'''
|}

 
 

<div id="TBD"></div>





= Social Event =

==== Social Event ====
'''Wait for it...'''

= CTF =

==== Capture the Flag! ====

* Do you like puzzles?
* Do you like challenges?
* Are you a hacker?

Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux Day and participate in the Capture the Flag event.

The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.

All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.

So come, show off your skills, learn new tricks and above all have a good time at the CTF event.



= Sponsor =

==== Become a sponsor of OWASP BeNeLux ====

==== Donate to OWASP BeNeLux ====

[https://co.clickandpledge.com/?wid=72689 Sponsor]

==== Promotion ====
''Feel free to use the text below to promote our event!''

We invite you to our next OWASP event: the '''BeNeLux OWASP Days 2016!'''

The good news: free! No fee!

The bad news: there are only 280 seats available (first register, first serve)!


__NOTOC__
<headertabs/>

==== Made possible by our {{#switchtablink:Sponsor|Sponsors}}====

 

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

Luxembourg

2015-12-29T15:54:34Z

Jocelyn.aubert: /* Local News */

{{Chapter Template|chaptername=Luxembourg|extra=The chapter leader is [mailto:jocelyn.aubert@owasp.org Jocelyn Aubert]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-luxemburg|emailarchives=http://lists.owasp.org/pipermail/owasp-luxemburg/}}

<paypal>Luxembourg</paypal>

== Local News ==

Join our [http://www.linkedin.com/groups?gid=1781989&trk=anetsrch_name&goback=.gdr_1238414238580_1 LinkedIn group]!

=== OWASP BeNeLux Day, March 17 & 18, 2016 in Esch-sur-Alzette, Luxembourg ===

We are proud to announce that like in 2011, the OWASP BeNeLux Day will be held in Belval Campus, Esch-sur-Alzette, Luxembourg.
More information to follow, stay tuned!

=== OWASP AppSecEU 2015, 19-22 May 2015, Amsterdam, The Netherlands ===
The Luxembourg chapter is co-organizing together with Belgium and Netherlands chapters this amazing conference to be held in Amsterdam this spring!
More information on the [http://2015.appsec.eu conference website.]

Hope to see you there!

=== French translation of Top Ten ===
The Luxembourg chapter, in collaboration with other volunteers (French and Swiss) is currently involved in the French translation of the OWASP Top Ten for 2013 (available in release candidate here: [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]).

The final version of Top Ten should be available in May, and the French version should be available a few days after the release of the original version.
The document is usually translated into different languages (German, Spanish, Italian, Chinese, etc.)

People potentially interested to contribute to the German translation, can contact the [[OWASP_German_Language_Project]].

=== OWASP BeNeLux Day 2011, December 1st & 2nd 2011 @ University of Luxembourg ===

We are proud to announce that OWASP BeNeLux Day 2011 will take place on December 1st & 2nd 2011 at the University of Luxembourg.

*'''December 1st 2011: Training Day'''

OWASP Training: Secure Application Development, by Eoin Keary This intensive one-day training focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The training will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code

 

*'''December 2nd 2011: Conference Day'''

List of confirmed speakers (more to be announced soon):

*Brenno De Winter (Journalist) on the Diginotar story
*Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
*Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
*Lieven Desmet (Research Manager at University Leuven) on HTML5 security
*Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
*Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
*Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
*Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update

 For more information and updates, please check out [http://www.owaspbenelux.eu/ www.owaspbenelux.eu]

Interested in sponsoring the event and the Luxembourg Chapter in 2012? Please contact Jocelyn Aubert (Jocelyn.Aubert[at]owasp.org)! 

 

=== OWASP @ [http://www.yajug.org/ YAJUG] (Java User Group, Luxembourg) ===

The Luxembourg Chapter will participate to the next YAJUG (Java User Group, Luxembourg) event:

'''YAJUG - How to Secure your Java Applications''' ''Wednesday, May 27th 2009 - 17:45''

[http://www.tudor.lu Centre de Recherche Public Henri Tudor] - 29, avenue John F. Kennedy - L-1855 Luxembourg-Kirchberg

Agenda:

*17h45 - Welcome and registration
*18h00 - Introduction to Cryptography with JCA and JCE, Sébastien Stormacq, Sun Microsystems (French, slides in English)
*19h15 - [http://www.owasp.org/images/b/bb/2009-05-27_owasp%40yajug.ppt OWASP Top 10 Security Breaches for Java Web Applications], Jocelyn Aubert, OWASP-LU (French, slides in English)
*20h30 - Drink

The whole program is available on [http://www.yajug.org/confluence/display/Public/Future+Events YAJUG website].

'''Note:''' This event is NOT an OWASP event! You have to register on YAJUG website (fee: 40 euros).

=== OWASP @ [http://www.c3l.lu/ C3L] (Chaos Computer Club Lëtzebuerg) ===

''Monday, April 6th 2009'' - 20:00 (...until late in the night)

Brasserie [http://www.seppl.lu/ Seppl] (Club-Room) - Luxembourg-Limpertsberg

Agenda:

*15 minutes intro OWASP Luxembourg Chapter
*remaining time - Technical Chaos regarding OWASP

== Chapter Board ==

The Luxembourg chapter is supported by the following board:

*ADELSBACH André
*AUBERT Jocelyn
*DULAUNOY Alexandre
*RIGHETTO Dominique
*STEICHEN Pascal
*ZOLLER Thierry

== Chapter Sponsors ==
OWASP Luxembourg thanks its structural chapter supporters: 
<center>
[[Image:Bnl11-SECURITYANDTRUST-LOGO.jpg|link=http://www.securityandtrust.lu]]
[http://circl.lu/ http://circl.lu/pics/logo.png]
[http://www.f5.com https://www.owasp.org/images/f/fd/AppSec_Research_2010_sponsor_F5_logo.jpg]
</center>

[[Category:Europe]]

BeNeLux OWASP Day 2015

2015-11-30T08:29:05Z

Jocelyn.aubert: /* Venue is */

BeNeLux OWASP Day 2015

2015-11-30T08:27:42Z

Jocelyn.aubert: /* Hotel nearby */

2015-10-19T06:30:42Z

Jocelyn.aubert: Jocelyn.aubert uploaded a new version of "File:OWASP BeNeLux 2015.png"

BeNeLux OWASP Day 2015

2015-09-13T17:43:22Z

Jocelyn.aubert:

<center>[[Image:OWASP BeNeLux 2015.png|center|512px]] </center>

 


= Welcome =

=== Welcome to OWASP BeNeLux 2015 ===

Registration to open soon!


==== Confirmed speakers Conference ====
{{#switchtablink:Conferenceday| 
* TBD
}}
 

==== The OWASP BeNeLux Program Committee ====
*Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
*Martin Knobloch
*Jocelyn Aubert / Thierry Zoller, OWASP Luxembourg
 

=== Tweet! ===
Event tag is [http://twitter.com/#search?q=%23owaspbnl15 #owaspbnl15]
 
==== Donate to OWASP BeNeLux ====
[https://co.clickandpledge.com/?wid=72689 Donate]



= Registration =

==== OWASP BeNeLux training day and conference are free! ====

=== Registration is to be opened soon ===
Stay tuned, we are working on it

 
To support the OWASP organisation, consider to become a member, it's only US$50!
 
Check out the [[Membership]] page to find out more.
 



= Venue =

=== Venue is ===

 '''Parking & roadmap''':

There is a public parking at the conference venue.

Roadmap and parking:

 '''Hotels nearby''': 





= Conferenceday =

==== Conferenceday, November 27th ====

==== Location ====
TBD (for details, check the {{#switchtablink:Venue|Venue}} tab)

==== Agenda ====
{| class="wikitable"
! width="90pt" | Time
! width="130pt" | Speaker !! Topic
|-
| 09h00 - 10h00
| colspan="2" style="text-align: center; background: grey; color: white" | ''Registration''
|-
| 10h00 - 10h15 || OWASP Benelux Organization || '''[[Media: OWASP_benelux-day_2015_opening_agenda_closing.pdf | Welcome]]'''
|-
| 10h15 - 10h30 || TBD ||
|-
| 10h30 - 11h10 || TBD ||
|-
| 11h10 - 11h30
| colspan="2" style="text-align: center;background: grey; color: white" | ''Morning Break''
|-
| 11h30 - 12h10 || TBD ||
|-
| 12h10 - 12h50 || TBD ||
|-
| 12h50 - 13h30
| colspan="2" style="text-align: center;background: grey; color: white" | ''Lunch''
|-
| 13h30 - 14h10 || TBD ||
|-
| 14h10 - 14h50 || TBD ||
|-
| 14h50 - 15h30 || TBD ||
|-
| 15h30 - 15h50
| colspan="2" style="text-align: center;background: grey; color: white" | ''Break''
|-
| 16h30 - 17h10 || TBD ||
|-
| 17h10 - 17h50 || TBD ||
|-
| 17h50 - 18h00 || OWASP Benelux 2015 organization || '''Closing Notes'''
|}

 
 

<div id="TBD"></div>

=== Key note: TBD ===
''Abstract:'' 
TBD
 
 
''Bio:'' 
TBD 
 



= Social Event =

==== Social Event, November 26th ====
'''TBD'''

= CTF =

==== Capture the Flag! ====

* Do you like puzzles?
* Do you like challenges?
* Are you a hacker?

Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux 2015 and participate in the Capture the Flag event November 26th 2015.

The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.

All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.

So come, show off your skills, learn new tricks and above all have a good time at the CTF event.



= Sponsor =

==== Become a sponsor of OWASP BeNeLux ====

==== Donate to OWASP BeNeLux ====

[https://co.clickandpledge.com/?wid=72689 Sponsor]

==== Promotion ====
''Feel free to use the text below to promote our event!''

We invite you to our next OWASP event: the '''BeNeLux OWASP Days 2015!'''

Free your agenda on the 26th and 27th of November, 2015.

The good news: free! No fee!

The bad news: there are only 280 seats available (first register, first serve)!


__NOTOC__
<headertabs/>

==== Made possible by our {{#switchtablink:Sponsor|Sponsors}}====

 

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

2014-06-23T17:57:08Z

Jocelyn.aubert: profile photo of Jocelyn Aubert

profile photo of Jocelyn Aubert

File:Bnl14header-v.1.0.png

2014-06-14T18:52:56Z

Jocelyn.aubert: Header for the OWASP BeNeLux Day 2014

Header for the OWASP BeNeLux Day 2014