Netherlands November 7th, 2016
November 7th, 2016
- Hogeschool Rotterdam
- Wijnhaven 107, Rotterdam
- The room is H.5.314 on the 5th floor
- Route information
- 18:30 - 19:00 Registration & Pizzas
- 19:00 - 19:15 OWASP Netherland and Foundation Updates
- 19:15 - 20:00 "Web Security: Broken by default?" by Niels Tanis
- 20:00 - 20:15 break
- 20-15 - 21:00 "Building A Software Security Program" by Kuai Hinojosa
- 21:00 - 21:30 Networking
Web Security: Broken by default?
Web applications and used technologies are becoming more complex and if we (as developers) need to deal with security problems we mainly focus on fixing our code which can be very hard. At the end one part of the problem chain is still there; the browser. Browsers are known for being broken by default and that will make it even more hard to fix the problem, some people say it maybe not even possible at all!
There are some good web standards (discussed & drafted) that might be able to help out with these problems in some way. In this session we will dig into a couple of those in more detail and see if that’s really the case!
Building A Software Security Program
The proliferation of applications of all types continues unabated. As organizations put more of their business functions in custom applications their risk profile increases tremendously. Application security is more difficult than any other area of security as it relies on the due diligence of people supported by limited processes whereas other aspects of security can be more easily automated and are supported by well-defined policies. The successful management of the development and release process through a comprehensive Software Security Program that incorporates appropriate processes and check points will allow organizations to reduce their risk profile while benefiting from a more efficient end-to-end development process.
Please join me as I will provide an overview of how one organization built a Software Security Program that addressed People, Process and Technology challenges surrounding software development and security. I will highlight the approach we took and the benefits we are reaping in both lower costs and lower risk profiles of their applications.
Niels Tanis works as an Application Security Consultant with Veracode. He is a CSSLP and with a background in .NET software development and penetration testing he is now helping out development teams in creating more secure software.
Kuai Hinojosa is a Managing Software Security Consultant at Intel Security, Foundstone Professional Services. He has been developing and securing enterprise applications for over a decade. At Foundstone Kuai is a member of the Software Application Security Services Team and serves as the Service Line Lead for Security Development Lifecycle Gap Assessments, Threat Modeling and the implementation of Software Security Programs. Kuai specializes in linking together technical risks and remediation advice, ensuring that development teams can correctly interpret and act upon software security risks. Kuai has been responsible for directly interfacing with C-level executives, Sr. Developers, Software Architects and Sr. Management to guide and verify remediation efforts as part of the implementation of Enterprise Software Security Programs.
Before joining Foundstone, Kuai worked at Cigital where He delivered security code reviews, penetration tests, architecture risk analysis and contributed building training material for mobile security training. In his time off, Kuai volunteers leading OWASP Global education efforts and is a current co-leader of the Open Software Assurance Maturity Model project.
- The OWASP Netherlands Chapter is sponsored by