This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Netherlands April 21st, 2016

From OWASP
Jump to: navigation, search
OWASP Netherland Wiki
All OWASP NL Events 2016

April 21st, 2016

Register here

Venue

Universiteit van Amsterdam

Universiteitsbibliotheek
Singel 425, 1012 WP Amsterdam
route

Programme

18:30 - 19:00 Registration & Pizzas
19:00 - 19:15 OWASP Netherland and Foundation Updates
19:15 - 20:00 Securing REST APIs with SSL/TLS - Youssef Oujamaa
20:00 - 20:15 break
20-15 - 21:00 Web Application Firewall, Filter and Bypass - Aatif Khan
21:00 - 21:30 Networking

Presentations

Securing REST APIs with SSL/TLS

This talk will include an introduction and overview on SSL/TLS, after that we will go through some cons and pros and why using mutual authentication to secure your REST API resources is worth taking in consideration. With this in mind we will dive into an example implementation which uses Java EE 6, how to incorporate key management with your continues delivery pipeline and the importance of maintenance. At the end we will go through some hardening examples for the Apache Tomcat web server.

Download the presentation as PDF

Web Application Firewall, Filter and Bypass

This talk will take you through different features used by Web Application Firewall which make it more difficult for penetration testers during their testing. These controls block many of the automated tools and simple techniques used to discover flaws today. It will also give an overview on different filtering techniques and will explore how to determine the rule sets protecting the application. You'll be able to map out the rule sets and determine the specifics of how it detects attacks. After identifying the attacks, you will see how it can be bypassed.

Download the presentation as PDF

Speakers

Youssef Oujamaa

Youssef Oujamaa is a full-stack software engineer who currently works for ING in Amsterdam, in his role he has end-to-end responsibility for the development of API services including the security aspects. As an aspirant engineer he started developing software on Linux during middle school and got interested in computer security after participating in an online security war game. He graduated as a computer engineer at the Hogeschool van Amsterdam and wrote his final essay on the subject of secure code analysis. His goal now is to get actively involved in the computer security community and share his insights.

Aatif Khan

Aatif Khan, cyber security researcher comes with over a decade of experience in information security. Apart from consulting on application security, he has also delivered infosec training's to corporate, defense personnel and cyber crime police officials. He has previously presented talk at OWASP Singapore, Malaysia, India and Dubai. He has also authored papers on Advance Persistence Threats, Hacking the Drones, Web Security 2.0, Android Application Penetration Testing.

Sponsors

The OWASP Netherlands Chapter is sponsored by

Logo_Informatiebeveiliging-200.png Ecurify-2016.png Nixu-logo.png Logo_xebia.jpg