This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Netherlands October 15th 2015

Jump to: navigation, search
OWASP Netherland Wiki
All OWASP NL Events 2015

October 15th, 2015



Fontys Hogeschool ICT

Building R1, Room 3.46

Rachelsmolen 1
5612 MA Eindhoven


18:00 - 18:45 Registration & Pizzas
18:45 - 19:00 OWASP Netherland and Foundation Updates
19:00 - 19:45 OWASP Proactive Controls - Jim Manico
19:45 - 20:00 break
20:00 - 20:45 OAuth (and more) - Jim Manico
21:00 - 21:30 Networking


OWASP Proactive Controls

The OWASP Top Ten Proactive Controls is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development.


OAuth is a new kind of security protocol. It's used for delegating various features from one service to another on behalf of your users. OAuth intersects with authentication and access control, let would not likely use OAuth in and of itself for authentication, session management or an access control in your applications. Even more confusing, OAuth is not in an of itself a standard and various service providers will likely have different implementations. Let's say it again, OAuth is not a standard - its a framework for delegation. So this leaves us with questions! What really is delegation? Where does OAuth fit in? How can I use OAuth in a secure fashion? These questions and more will me answered in this talk!


Jim Manico

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/advisor for Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill. For more information, see