Netherlands March 19th, 2015

2015-02-17T07:22:07Z

Maarten: Fixed typo

;[[Netherlands | OWASP Netherland Wiki]]
;[[Netherlands_Previous_Events_2014 | All OWASP NL Events 2015]]
= March 19th, 2015 =
TBD
== Venue ==
;Kroonjuweel
;:DDK E0.02
;Duivendrechtsekade 36-38
;1096 AH Amsterdam

[http://www.hva.nl/over-de-hva/locaties/content/hva-locaties/kroonjuweel.html Click here for directions, HvA]

==Programme:==
:18:30 - 19:00 Registration & Sandwiches
:19:00 - 19:15 OWASP Netherland and Foundation Updates
:19:15 - 20:00 First talk
:20:00 - 20:15 Break
:20:15 - 21:00 Second talk
:20:45 - 21:30 Networking
==Presentations==
TBD

BeNeLux OWASP Day 2013

2013-10-17T13:58:26Z

Maarten: Fixed typo

<center>[[Image:Bnl13header-v.1.0.png]] </center>
 


= Welcome =

=== Welcome to OWASP BeNeLux 2013 ===

'''Registration is now open!'''

[http://owaspbenelux2013.eventbrite.com/ http://www.owasp.org/images/7/77/Buttoncreate.png]



==== Confirmed speakers Conference ====
{{#switchtablink:Conferenceday| 
* Dick Berlijn (ex Chief of Defence NL)
* Jan Joris Vereijken (ING)
* Tom Van Goethem (University Leuven)
* Jerome Nokin (Verizon Business)
* Nick Nikiforakis (University Leuven)
* Fakos Alexios and Jan Philipp (n.runs AG)
more to be announced

}}
 

==== The OWASP BeNeLux Program Committee ====
*Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
*Martin Knobloch / Ferdinand Vroom, OWASP Netherlands
*Jocelyn Aubert / Andre Adelsbach/ Thierry Zoller, OWASP Luxembourg
 

=== Tweet! ===
Event tag is [http://twitter.com/#search?q=%23owaspbnl13 #owaspbnl13]
 
==== Donate to OWASP BeNeLux ====
<paypal>BeNeLux OWASP Day 2013</paypal>



= Registration =

==== OWASP BeNeLux training day and conference are free! ====

=== Registration is not now open: ===

[http://owaspbenelux2013.eventbrite.com/ http://www.owasp.org/images/7/77/Buttoncreate.png]

 
To support the OWASP organisation, consider to become a member, it's only US$50!
 
Check out the [[Membership]] page to find out more.
 



= Venue =

=== Venue is ===

'' 
 
 ''
 

 '''Parking & roadmap''':

There is a public parking close to the conference venue.

Roadmap and parking:

 '''Hotels nearby''': 





= Conferenceday =

==== Conferenceday, November 29th ====

==== Location ====
TBD (for details, check the {{#switchtablink:Venue|Venue}} tab)

==== Agenda ====
{| class="wikitable"
! width="90pt" | Time
! width="130pt" | Speaker !! Topic
|-
| 09h00 - 10h00
| colspan="2" style="text-align: center; background: grey; color: white" | ''Registration''
|-
| 10h00 - 10h15 || OWASP Benelux Organization || Welcome
|-
| 10h15 - 10h30 || TBD || OWASP update
|-
| 10h30 - 11h10 || TBD || ''' Title ''' ''Abstract:''
|-
| 11h10 - 11h50 || TBD || ''' Title ''' ''Abstract:''
|-
| 11h50 - 12h30 || TBD || ''' Title ''' ''Abstract:''
|-
| 12h30 - 13h30
| colspan="2" style="text-align: center;background: grey; color: white" | ''Lunch''
|-
| 13h30 - 14h10 || TBD || ''' Title ''' ''Abstract:''
|-
| 14h10 - 14h50 || TBD || ''' Title ''' ''Abstract:''
|-
| 14h50 - 15h30 || TBD || ''' Title ''' ''Abstract:''
|-
| 15h30 - 15h50
| colspan="2" style="text-align: center;background: grey; color: white" | ''Break''
|-
| 15h50 - 16h30 || TBD || ''' Title ''' ''Abstract:''
|-
| 16h30 - 17h10 || TBD || ''' Title ''' ''Abstract:''
|-
| 17h10 - 17h50 || TBD|| '''Panel Discussion about...'''
|-
| 17h50 - 18h00 || OWASP Benelux 2013 organization || '''Closing Notes'''
|}

 
 

<div id="'JanPhilipp"></div>
=== Getting a Handle on SharePoint Security Complexity, by Jan Philipp (Solutions Consultant Security, n.runs,) and Alexios Fakos (Principal IT Security Consultant, n.runs) ===
''Abstract:'' 
This presentation’s main goal is to provide decision makers, architects, administrators and developers with a comprehensive SharePoint security overview. We will introduce a SharePoint security model applicable to SharePoint versions 2010 and 2013. Then we will take a closer look at the use of different types of security principals and their effective use. This will be followed by covering security aspects when implementing and extending SharePoint to meet business needs and will be emphasized by showcasing common security pitfalls with examples throughout the presentation. This will be demonstrated with security down to the “nitty-gritty” details based on actual use cases and tips and pitfalls that have been encountered during security assessments and implementation of SharePoint solutions.
 
 
''Bio:'' 
'''Jan Philipp''' (MCT since 1989, MCITP, MCSE) works as a security consultant at n.runs, where he is responsible for design and implementation security assessments of complex global SharePoint infrastructures and solutions for major German and international companies. He has been involved with SharePoint technologies from their inception with Digital Dashboards throughout their many development changes (TeamSpaces, MOSS etc.) to the present day SharePoint and SharePoint Live versions. 
'''Alexios Fakos''' (CRISC, CSSLP) began his career in development as a Software Engineer back in 1999. After seven years of inspired insights in the software industry he joined n.runs to be part of the security team. Alexios is leading n.runs SDL services and he is since 2008 part of the German OWASP chapter. Alexios held presentations at OWASP AppSec US and Germany. 
 

<div id="TomVanGoethem"></div>
=== Remote Code Exection in WordPress: an analysis, by Tom Van Goethem (PhD Researcher, University of Leuven) ===
''Abstract:'' 
With over 13 million downloads, WordPress is one of the most popular open source blog platforms and content management systems. One of its key features is the installation of plugins. These are developed by third parties, but WordPress has to maintain its legacy codebase in order to remain compatible with these plugins. As this codebase makes use of unsafe functions, vulnerabilities may arise, affecting thousands websites - if not more. This presentation will focus on a vulnerability that has been present in WordPress versions up to September 2013. This vulnerability, which may lead to Remote Code Execution, was found by a simple combination of two publicly known elements: PHP Object Injection and unexpected behaviour of MySQL regarding Unicode characters.
 
 
''Bio:'' 
'''Tom Van Goethem''' is passionate about web security. After getting a master's degree of Applied Informatics, he enrolled in a PhD at the University of Leuven. As a student with a chronic drinking problem, he still found some time to hunt bugs for fun (and profit). 
 

=== Everything you always wanted to know about web-based device fingerprinting (but were afraid to ask), by Nick Nikiforakis (Postdoctoral Researcher, University of Leuven) ===
''Abstract:'' 
Billions of users browse the web on a daily basis,
and there are single websites that have reached over one billion user
accounts. In this environment, the ability to track users and their online habits can
be very lucrative for advertising companies, yet very intrusive for the privacy of users.

In this talk, we are going to describe web-based device fingerprinting, i.e., the ability
to tell users apart, without the use of cookies or any other client-side identifiers. We
will explain how device fingerprinting works, who is using, for what reason, and how people
are trying to defend against it today.
 
 
''Bio:'' 
'''Nick Nikiforakis''' is a Postdoctoral Researcher at KU Leuven in Belgium. Nick's interests lie
in the analysis of online ecosystems from a security and privacy perspective and he has
published his work in top conferences of his field. More information about him can be found
on his personal page: http://www.securitee.org . 
 





= Social Event =

==== Social Event, November 28th ====
'''TBD'''


= CTF =

==== Capture the Flag! ====

* Do you like puzzles?
* Do you like challenges?
* Are you a hacker?

Whether you are an experienced hacker or new enthusiast you should come to OWASP BeNeLux 2013 and participate in the Capture the Flag event November 29th 2013.

The OWASP CTF is especially designed to support challengers of all skill levels. The CTF contains multiple challenges in various fields related to application security. As every challenge gains you one point, you can pick and choose which challenge you want to play.

All you need is a laptop with a wifi card and your favorite (preferably) non-commercial tools.

So come, show off your skills, learn new tricks and above all have a good time at the CTF event.



= Sponsor =

==== Become a sponsor of OWASP BeNeLux ====

==== Donate to OWASP BeNeLux ====

<paypal>BeNeLux OWASP Day 2013</paypal>

==== Promotion ====
''Feel free to use the text below to promote our event!''

We invite you to our next OWASP event: the '''BeNeLux OWASP Days 2013!'''

Free your agenda on the 28th and 29th of November, 2013.

The good news: free! No fee!

The bad news: there are only 280 seats available (first register, first serve)!


__NOTOC__
<headertabs/>

==== Made possible by our {{#switchtablink:Sponsor|Sponsors}}====

{{MemberLinks|link=http://www.pwc.com/|logo=PWC_log_resized.png}}
[http://www.zionsecurity.com https://www.owasp.org/images/e/e6/Zionsecurity.jpg]
[http://www.vest.nl https://www.owasp.org/images/1/1d/Logo_Vest_BIG_170.gif]
[http://www.Checkmarx.com https://www.owasp.org/images/a/a2/Checkmarx.jpg]
[http://www.sogeti.nl https://www.owasp.org/images/9/94/Sogeti_logo.png]
<!--
[http://www.madisongurkha.nl https://www.owasp.org/images/6/6e/Madison-gurkha-logo.jpg]
[http://www.sogeti.nl https://www.owasp.org/images/9/94/Sogeti_logo.png]
 
[http://www.iminds.be https://www.owasp.org/images/thumb/a/a1/Iminds-logo.png/200px-Iminds-logo.png]
[http://on2it.net https://www.owasp.org/images/3/3d/On2it-sponsor.png]
--!>
 

[[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

OWASP - User contributions [en]

Netherlands March 19th, 2015

BeNeLux OWASP Day 2013