BeNeLux OWASP Day 2011 - Revision history

Bart De Win at 22:06, 15 December 2011

2011-12-15T22:06:29Z

Bart De Win at 22:05, 15 December 2011

2011-12-15T22:05:05Z

Bart De Win at 10:39, 7 December 2011

2011-12-07T10:39:16Z

Bart De Win at 06:50, 7 December 2011

2011-12-07T06:50:06Z

Bart De Win at 20:44, 5 December 2011

2011-12-05T20:44:09Z

Bart De Win at 20:29, 5 December 2011

2011-12-05T20:29:27Z

Sdeleersnyder at 06:44, 2 December 2011

2011-12-02T06:44:12Z

Andre Adelsbach at 21:20, 29 November 2011

2011-11-29T21:20:52Z

Bart De Win at 19:50, 29 November 2011

2011-11-29T19:50:09Z

Andre Adelsbach at 19:26, 29 November 2011

2011-11-29T19:26:45Z

@@ Line 220: / Line 220: @@
 Sébastien Bischof works in the security division at ELCA Where he is specialized in OS-level and communication security.<br>As a major result, he developped a fully-working proof-of-concept of an attack against a sophisticated USB token for safe-browsing.<br>He obtained his Master of Science in Engineering at HEIG-VD/HES-SO with a strong emphasis on IT Security.<br>During his education, he focused on obfuscation and rootkit techniques.<br>Computer security enthusiast, he is very interested in hackings events such as Insomni'hack and keeps himself informed on the latest threats throuhg active participation in security forums.
-======The Rise of the Vulnerability Markets - History, Impacts, Mitigations (by Thierry Zoller, Verizon) ======
+=====The Rise of the Vulnerability Markets - History, Impacts, Mitigations (by Thierry Zoller, Verizon) =====
 A decade has gone by and the security area is no longer the same, amongst other factors sophistication and motivation changed tremendously. This talk will give you a crash course on the history of vulnerability discovery and market value, a brief excurse into the world of Vulnerability Markets, how they emerged, how they vary and what this implies for those that are defending. The presentation will conclude with an Attacker Classification System (Attacker Triad) and an associated assurance model around OWASP OSVS. Some parts of this presentation will only be done in live and will not be published after this conference.

← Older revision		Revision as of 22:05, 15 December 2011
Line 220:		Line 220:
	Sébastien Bischof works in the security division at ELCA Where he is specialized in OS-level and communication security.<br>As a major result, he developped a fully-working proof-of-concept of an attack against a sophisticated USB token for safe-browsing.<br>He obtained his Master of Science in Engineering at HEIG-VD/HES-SO with a strong emphasis on IT Security.<br>During his education, he focused on obfuscation and rootkit techniques.<br>Computer security enthusiast, he is very interested in hackings events such as Insomni'hack and keeps himself informed on the latest threats throuhg active participation in security forums.		Sébastien Bischof works in the security division at ELCA Where he is specialized in OS-level and communication security.<br>As a major result, he developped a fully-working proof-of-concept of an attack against a sophisticated USB token for safe-browsing.<br>He obtained his Master of Science in Engineering at HEIG-VD/HES-SO with a strong emphasis on IT Security.<br>During his education, he focused on obfuscation and rootkit techniques.<br>Computer security enthusiast, he is very interested in hackings events such as Insomni'hack and keeps himself informed on the latest threats throuhg active participation in security forums.

		+	======The Rise of the Vulnerability Markets - History, Impacts, Mitigations (by Thierry Zoller, Verizon) ======
		+	A decade has gone by and the security area is no longer the same, amongst other factors sophistication and motivation changed tremendously. This talk will give you a crash course on the history of vulnerability discovery and market value, a brief excurse into the world of Vulnerability Markets, how they emerged, how they vary and what this implies for those that are defending. The presentation will conclude with an Attacker Classification System (Attacker Triad) and an associated assurance model around OWASP OSVS. Some parts of this presentation will only be done in live and will not be published after this conference.

		+	====== Thierry Zoller, Verizon ======
		+	Born and living in Luxembourg, Thierry has been active in the Information Security space since over 14 years, he works as an EMEA wide Practise Lead and Professional Service Manager for Verizon Business Luxembourg. His past experience includes, maintaining a well known malware research site, leading a security software company, shifting over into the realms of Information Security Consulting focusing on Luxembourg (PSF), creating a national penetration test center, being Director of Security Services and Products for n.runs and doing information security consulting for "too big to fail" type of enterprises (formally known as "Fortune 100"). Thierry was endorsed as a TOP 10 Security Researcher by IBM Xforce in 2009.
		+
		+	Thierry is leading the Verizon Business SDLC efforts and is managing the Microsoft SDL PRO partnership EMEA wide, he maintains a blog at http://blog.zoller.lu

	==== CTF ====		==== CTF ====

← Older revision		Revision as of 10:39, 7 December 2011
Line 18:		Line 18:

	[http://owaspbenelux2011.eventbrite.com/ http://www.owasp.org/images/7/77/Buttoncreate.png]		[http://owaspbenelux2011.eventbrite.com/ http://www.owasp.org/images/7/77/Buttoncreate.png]
		+
		+	=== Slides are available online ===
		+	Check out the Conference tab of the website to download the presentations.

	</center>		</center>

@@ Line 119: / Line 119: @@
 | 10h40 - 11h00 || ''Break''  ||
 |-
-| 11h00 - 11h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Justin_Clarke.2C_Director_and_Co-Founder_of_Gotham_Digital_Science_Ltd Justin Clarke] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Practical_Crypto_Attacks_Against_Web_Applications_.28by_Justin_Clarke.2C_Director_and_Co-Founder_of_Gotham_Digital_Science_Ltd.29 practical crypto attacks against web applications]
+| 11h00 - 11h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Justin_Clarke.2C_Director_and_Co-Founder_of_Gotham_Digital_Science_Ltd Justin Clarke] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Practical_Crypto_Attacks_Against_Web_Applications_.28by_Justin_Clarke.2C_Director_and_Co-Founder_of_Gotham_Digital_Science_Ltd.29 practical crypto attacks against web applications] ([https://www.owasp.org/images/0/09/OWASP_BeNeLux_Day_2011_-_J._Clarke_-_Practical_Crypto_Attacks_Against_Web_Apps.pptx PPT])
 |-
-| 11h40 - 12h20 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft Andrey Belenko] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Overcoming_iOS_Data_Protection_to_Re-Enable_iPhone_Forensics_.28by_Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft.29 Overcoming iOS Data Protection to Re-Enable iPhone Forensics]
+| 11h40 - 12h20 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft Andrey Belenko] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Overcoming_iOS_Data_Protection_to_Re-Enable_iPhone_Forensics_.28by_Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft.29 Overcoming iOS Data Protection to Re-Enable iPhone Forensics] ([https://www.owasp.org/images/7/76/OWASP_BeNeLux_Day_2011_-_A._Belenko_-_Overcoming_iOS_Data_Protection.pdf PDF])
 |-
 | 12h20 - 13h00 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Koen_Vanderloock.2C_Leader_Security_Competence_Group_at_Cegeka Koen Vanderloock] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#OWASP_SIMBA_-_guarding_your_applications_.28by_Koen_Vanderloock.2C_Leader_Security_Competence_Group_at_Cegeka.29 OWASP SIMBA - guarding your applications]  ([https://www.owasp.org/images/5/59/OWASP_BeNeLux_Day_2011_-_K._Vanderloock_-_Simba.pptx PPTX])
@@ Line 129: / Line 129: @@
 | 14h00 - 14h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group Ludovic Petit] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Do_you..._Legal.3F_.28by_Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group.29 Do you... Legal?] ([https://www.owasp.org/images/c/ca/OWASP_BeNeLux_Day_2011_-_L._Petit_-_Do_you..._Legal.pptx PPTX])
 |-
-| 14h40 - 15h20 || Thierry Zoller || The  rise  of the Vulnerability Market
+| 14h40 - 15h20 || Thierry Zoller || The  rise  of the Vulnerability Market ([https://www.owasp.org/images/b/b7/OWASP_BeNeLux_Day_2011_-_T._Zoller_-_Rise_of_the_Vulnerability_Market.pdf PDF])
 |-
 | 15h20 - 16h00 || Jean-Marc Bost & Sébastien Bischof  || The limits of e-banking ([https://www.owasp.org/images/8/87/OWASP_BeNeLux_Day_2011_-_BischofBost_-_The_limits_of_ebanking.pptx PPTX])

@@ Line 111: / Line 111: @@
 | 08h30 - 9h30 || ''Registration'' ||
 |-
-| 09h30 - 9h45 || OWASP Benelux Organization & Thomas Engel|| Welcome ([https://www.owasp.org/images/8/8a/2011-11-15_SnT_General.pdf PDF])
+| 09h30 - 9h45 || OWASP Benelux Organization & Thomas Engel|| Welcome ([https://www.owasp.org/images/a/ad/OWASP_BeNeLux_Day_2011_-_Organization_welcome.ppt PPT], [https://www.owasp.org/images/8/8a/2011-11-15_SnT_General.pdf PDF])
 |-
 | 09h45 - 10h00 || Sebastien Deleersnyder & Eion Keary || OWASP update ([https://www.owasp.org/images/d/d7/OWASP-Update-BeNeLux-Day-2011_v1.pptx PPT])
@@ Line 123: / Line 123: @@
 | 11h40 - 12h20 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft Andrey Belenko] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Overcoming_iOS_Data_Protection_to_Re-Enable_iPhone_Forensics_.28by_Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft.29 Overcoming iOS Data Protection to Re-Enable iPhone Forensics]
 |-
-| 12h20 - 13h00 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Koen_Vanderloock.2C_Leader_Security_Competence_Group_at_Cegeka Koen Vanderloock] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#OWASP_SIMBA_-_guarding_your_applications_.28by_Koen_Vanderloock.2C_Leader_Security_Competence_Group_at_Cegeka.29 OWASP SIMBA - guarding your applications]
+| 12h20 - 13h00 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Koen_Vanderloock.2C_Leader_Security_Competence_Group_at_Cegeka Koen Vanderloock] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#OWASP_SIMBA_-_guarding_your_applications_.28by_Koen_Vanderloock.2C_Leader_Security_Competence_Group_at_Cegeka.29 OWASP SIMBA - guarding your applications]  ([https://www.owasp.org/images/5/59/OWASP_BeNeLux_Day_2011_-_K._Vanderloock_-_Simba.pptx PPTX])
 |-
 | 13h00 - 14h00 || ''Lunch'' ||
 |-
-| 14h00 - 14h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group Ludovic Petit] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Do_you..._Legal.3F_.28by_Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group.29 Do you... Legal?]
+| 14h00 - 14h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group Ludovic Petit] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Do_you..._Legal.3F_.28by_Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group.29 Do you... Legal?] ([https://www.owasp.org/images/c/ca/OWASP_BeNeLux_Day_2011_-_L._Petit_-_Do_you..._Legal.pptx PPTX])
 |-
 | 14h40 - 15h20 || Thierry Zoller || The  rise  of the Vulnerability Market
 |-
-| 15h20 - 16h00 || Jean-Marc Bost & Sébastien Bischof  || The limits of e-banking
+| 15h20 - 16h00 || Jean-Marc Bost & Sébastien Bischof  || The limits of e-banking ([https://www.owasp.org/images/8/87/OWASP_BeNeLux_Day_2011_-_BischofBost_-_The_limits_of_ebanking.pptx PPTX])
 |-
 | 16h00 - 16h20 || ''Break'' ||
 |-
-| 16h20 - 17h00 || Sascha Rommelfangen || Dynamic malware analysis - or: The ~five  deadly (anti-)venoms
+| 16h20 - 17h00 || Sascha Rommelfangen || Dynamic malware analysis - or: The ~five  deadly (anti-)venoms ([https://www.owasp.org/images/7/77/OWASP_BeNeLux_Day_2011_-_A._Delauney_-_Dynamic_malware_analysis.pdf PDF])
 |-
-| 17h00 - 17h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven Lieven Desmet] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#HTML5_security_.28by_Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven.29 HTML5 security]
+| 17h00 - 17h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven Lieven Desmet] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#HTML5_security_.28by_Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven.29 HTML5 security] ([https://www.owasp.org/images/e/e6/OWASP_BeNeLux_Day_2011_-_L._Desmet_-_HTML5_security.pptx PPTX])
 |-
 | 17h40 - 18h00 || OWASP Benelux 2011 organization || Closing notes

@@ Line 135: / Line 135: @@
 | 16h00 - 16h20 || ''Break'' ||
 |-
-| 16h20 - 17h00 || Sascha Rommelfangen || Dynamic malware analysis
+| 16h20 - 17h00 || Sascha Rommelfangen || Dynamic malware analysis - or: The ~five  deadly (anti-)venoms
 |-
 | 17h00 - 17h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven Lieven Desmet] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#HTML5_security_.28by_Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven.29 HTML5 security]
@@ Line 205: / Line 205: @@
 LinkedIn Profile: http://www.linkedin.com/in/lpetit
-=====Dynamic Malware Analysis or How to Play in the House of Horrors (by Sascha Rommelfangen, Incident Management - Security Research at CIRCL) =====
+=====Dynamic malware analysis - or: The ~five  deadly (anti-)venoms (by Sascha Rommelfangen, Incident Management - Security Research at CIRCL) =====
 Malware reversing is a time consuming task. Many approaches are available to dissect and analyse suspicious binaries. Dynamic malware analysis is one of the option to better understand them and also a nifty companion to static analysis.  The current dynamic malware analysis techniques will be presented especially the ones relying on instrumented operating system systems (from the filesystem to the network stack).  You'll see a wandering through common and less common malware partially analysed using dynamic analysis and how dynamic malware analysis can help you.

@@ Line 95: / Line 95: @@
 * Lieven Desmet (Research Manager at University Leuven) on [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#HTML5_security_.28by_Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven.29 HTML5 security]
 * Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Overcoming_iOS_Data_Protection_to_Re-Enable_iPhone_Forensics_.28by_Andrey_Belenko.2C_Chief_Security_Researcher_at_ElcomSoft.29 iOS data protection internals]
-* Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
+* Sascha Rommelfangen (Incident Management - Security Research at CIRCL) on dynamic malware analysis
 * Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Do_you..._Legal.3F_.28by_Ludovic_Petit.2C_Group_Fraud_.26_Information_Security_Adviser_at_SFR.2C_Vodafone_Group.29 WebApp Security and legal and regulatory aspects]
 *Jean-Marc Bost and Sébastien Bischof (ELCA) on The limits of e-banking
@@ Line 135: / Line 135: @@
 | 16h00 - 16h20 || ''Break'' ||
 |-
-| 16h20 - 17h00 || Alexandre Dulaunoy || Dynamic malware analysis
+| 16h20 - 17h00 || Sascha Rommelfangen || Dynamic malware analysis
 |-
 | 17h00 - 17h40 || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven Lieven Desmet] || [https://www.owasp.org/index.php/BeNeLux_OWASP_Day_2011#HTML5_security_.28by_Lieven_Desmet.2C_Research_Manager_at_Katholieke_Universiteit_Leuven.29 HTML5 security]
@@ Line 205: / Line 205: @@
 LinkedIn Profile: http://www.linkedin.com/in/lpetit
-=====Dynamic Malware Analysis or How to Play in the House of Horrors (by Alexandre Dulaunoy, Incident Management - Security Research at CIRCL) =====
+=====Dynamic Malware Analysis or How to Play in the House of Horrors (by Sascha Rommelfangen, Incident Management - Security Research at CIRCL) =====
 Malware reversing is a time consuming task. Many approaches are available to dissect and analyse suspicious binaries. Dynamic malware analysis is one of the option to better understand them and also a nifty companion to static analysis.  The current dynamic malware analysis techniques will be presented especially the ones relying on instrumented operating system systems (from the filesystem to the network stack).  You'll see a wandering through common and less common malware partially analysed using dynamic analysis and how dynamic malware analysis can help you.
@@ Line 348: / Line 348: @@
 *Lieven Desmet (Research Manager at University Leuven) on HTML5 security
 *Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
-*Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
+*Sascha Rommelfangen (Incident Management - Security Research at CIRCL) on dynamic malware analysis
 *Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
 *Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update