Thomas Herlea: Added non-transcluding navigation links.

2017-05-16T07:10:17Z

Added non-transcluding navigation links.

Thomas Herlea: Thomas Herlea moved page Belgium Previous Events 2007 to Belgium Events 2007: Made page title timeless

2017-05-11T10:30:20Z

Thomas Herlea moved page Belgium Previous Events 2007 to Belgium Events 2007: Made page title timeless

Sdeleersnyder at 07:30, 19 January 2008

2008-01-19T07:30:32Z

Show changes

Sdeleersnyder: New page: Belgium events held in 2007 == Last Chapter Meeting (Brussels, 22-June-2007)== During an extra edition we brought you 2 big names in web application security. [http://www.f5.com/ F5 N...

2007-09-08T15:14:04Z

New page: Belgium events held in 2007 == Last Chapter Meeting (Brussels, 22-June-2007)== During an extra edition we brought you 2 big names in web application security. [http://www.f5.com/ F5 N...

New page

[[Belgium]] events held in 2007

== Last Chapter Meeting (Brussels, 22-June-2007)==
During an extra edition we brought you 2 big names in web application security. [http://www.f5.com/ F5 Networks] sponsored Ivan Ristic and Dinis Cruz to come to Brussels on Friday 22nd of June to bring you hot items from the last conference in Italy last May (agenda with presentations [http://www.owasp.org/index.php/6th_OWASP_AppSec_Conference_-_Italy_2007/Agenda online]).

We also had the skipped presentation of last time: Hillar Leoste from Zone-H will provided us with an update on defacements in the BE domain for last year.

===WHEN===
Friday 22nd of June 2007
===WHERE===
[http://www.deloitte.be Deloitte] sponsored the venue, drinks and snacks:
Location: Deloite Diegem

===PROGRAM===
* 18h00 - 18h20: Welcome, coffee & sandwiches 
* 18h20 - 18h40: Sebastien Deleersnyder 
        '''OWASP Update''' 
* 18h40 - 19h00: '''Hillar Leoste (Zone-H)''' 
        '''[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-06-22_Update_on_Internet_Attack_Statistics_for_Belgium_in_2006.ppt Update on Internet Attack Statistics for Belgium in 2006]'''
* 19h00 – 20h00: '''Ivan Ristic, Chief Evangelist, Breach Security''' 
:Ivan Ristic is the creator of [http://www.modsecurity.org/ ModSecurity] (an open source web application firewall and intrusion detection/prevention engine). Ivan also wrote Apache Security for O'Reilly, a web security guide for administrators, system architects, and programmers.
:For more info, see Anurag Agarwal’s [http://myappsecurity.blogspot.com/2007/03/reflection-on-ivan-ristic.html reflection on Ivan Ristic].
        '''[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-06-22_Protecting_Web_Applications_from_Universal_PDF_XSS.ppt Protecting Web Applications from Universal PDF XSS]'''
:Presentation + A discussion of how weird the web application security world has become
* 20h00 - 20h15: break
* 20h15 - 21h15: '''Dinis Cruz, Chief Owasp Evangelist''' 
:Dinis Cruz is a renowned application security expert who is passionate about training developers to move beyond the ‘comfort zone’ of standard ASP.NET development and into the world of advanced security aware development with the aim of making the Web Applications as secure as possible against malware and malicious hackers. Dinis is also the project leader for the OWASP .Net Project and the and the main developer of several of OWASP .Net tools (SAM’SHE, ANBS, SiteGenerator, PenTest Reporter, ASP.Net Reflector, Online IIS Metabase Explorer). author of many Open Source security tools (see http://www.owasp.org/index.php/.Net).
        '''Buffer Overflows on .Net and Asp.Net''' 
:One of the common myths about the .Net Framework is that it is immune to Buffer Overflows. Although this might be correct in pure managed and verifiable .Net code, large percentage of .Net and Asp.Net applications code is unmanaged code. In this talk Dinis will show the areas in .Net and Asp.Net applications that are vulnerable to Buffer Overflows (including the demo of a .Net Buffer Overflow Fuzzer).

== Chapter Meeting Archive ==
=== Meeting Notes OWASP Chapter Meeting (Leuven, 10-May-2007)===
'''WHEN''' 
May 10th 2007 
'''WHERE''' 
[http://www.pstestware.com ps_testware] sponsored the venue: 
Location: Kasteel de Bunswyck, Tiensesteenweg 343, 3010 Leuven. 
You can find a map and itinary [http://www.kasteeldebunswyck.be/contact.htm online].
'''PROGRAM''' 
* 18h00 - 18h20: Welcome, coffee & sandwiches 
* 18h20 - 18h40: Sebastien Deleersnyder 
        '''[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_OWASP_Update.zip OWASP Update and OWASP BeLux Board Presentation]''' 
* 18h40 - 20h00: Jos Dumortier 
        '''[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_Legal_Aspects_Jos_Dumortier.zip Legal Aspects of (Web) Application Security]''' ''(Presentation + Discussion)''
: Jos Dumortier discussed important questions such as:
:* How far can you go if you want to ‘test’ the security of a web site?
:* How much application security can you contractually demand for when you outsource your application development?
:* Who is legally responsible when you personal data is exposed through hacking activity in Belgium?
:'''Jos Dumortier''' is Of Counsel in the ICT and e-Business department of Lawfort. He is also Professor of Law at the Faculty of Law (K.U.Leuven) and Director of the Interdisciplinary Centre for Law and Information Technology (http://www.icri.be).
* 20h00 - 20h15: break
* 20h15 - 21h15: Lieven Desmet 
        '''[http://www.owasp.org/index.php/Image:OWASP_BeLux_2007-05-10_AppSec_Research_Lieven_Desmet.zip Formal absence of implementation bugs in web applications: a case study on indirect data sharing]''' ''(Presentation + Discussion)'' 
:Several research tracks focus on tools and techniques to verify or guarantee the absence of implementation bugs in web applications, either at compile-time or at run-time. By guaranteeing the absence of certain implementation bugs, the reliability and security of the application can be improved. In this presentation, we will focus on the absence of implementation bugs due to broken data dependencies.
:Web applications typically share non-persistent session data between different parts of the application, e.g. a shopping cart in a e-commerce application. By doing so, implicit dependencies arise between the different parts of the application, and breaking these dependencies in an application may result in information leakage of erroneous behavior.
:In our research, we explicitly model dependencies between components that indirectly share data. Next, we verify that in a given composition these dependencies are not broken by applying a combination of static verification and dynamic checking (e.g. by using a Web Application Firewall).
:We validated the presented approach in two existing applications: a Struts-based, open-source webmail application (GatorMail) and an e-commerce site (Duke's BookStore from the J2EE 1.4 tutorial).

:'''Lieven Desmet''' Lieven Desmet was born on January 16, 1979 in Roeselare. He received a Bachelor of Applied Sciences and Engineering degree and graduated magna cum laude in Master of Applied Sciences and Engineering: Computer Science from the Katholieke Universiteit Leuven in July 2002.
:He started working as a Ph.D. student at the DistriNet (Distributed systems and computer Networks) research group of the Department of Computer Science at the Katholieke Universiteit Leuven. Within DistriNet, he was active in both the networking and security task forces. Lieven received his PhD on software security in January 2007 and is currently active as a post-doctoral security researcher within DistriNet.

=== OWASP Top 10 2007 Update (Infosecurity Belgium, 21 & &22 Mar 2007)===
Seba presented the 2007 OWASP Top 10 (currently available as [[Top 10 2007|OWASP Top 10 2007 RC1]]) on the [http://www.infosecurity.be Infosecurity event in Belgium] on the 21st and 22nd of March 2007. 

The presentation is uploaded on: [[Image:OWASP_Intro_and_Top_10_2007.zip]]. 

=== Meeting Notes OWASP Chapter Meeting (Brussels, 23-Jan-2007)===
'''WHEN''' 
January 23rd 2007 
'''WHERE''' 
Ernst&Young Offices (Business Centre) in Brussels. Parking places are available at nr 216. 
Here you can find [http://www.owasp.org/index.php/Image:EY_Brussels_Office_english.pdf directions]. 
'''PROGRAM''' 
* 18h00 - 18h30: Welcome, get drink & sandwiches? 
* 18h20 - 18h40: Sebastien Deleersnyder 
        '''[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_OWASP_Update.zip OWASP Update]''' 
* 18h45 – 19h45: Philippe Bogaerts 
        '''[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_WebGoat-Pantera.zip WEBGOAT and the Pantera Web Assessment Studio Project]''' 
The OWASP presentation will shed a light on WEBGOAT and the Pantera Web Assessment Studio Project. Both OWASP projects will be covered and illustrated with a live demo, with a special focus on Webgoat and web services.         ''Presentation + Discussion?'' 
Philippe Bogaerts is an independent consultant specialized in network and application security testing, web application and XML firewalls. 
* 19h45 - 20h00: break 
* 20h00 - 21h00: Bart De Win 
        '''[http://www.owasp.org/index.php/Image:OWASP_BE_2007-01-23_AOP_security.zip Security implications of AOP for secure software] 
Over the last decade, Aspect Oriented Programming (AOP), a development paradigm that focuses on improving the modularisation of crosscutting concerns, has received a great deal of attention from the academic as well as from the industrial community. In the context of secure software development, AOP has been shown to bring a number of benefits, at least from a software engineering perspective. From a security perspective, the characteristics of AOP have been studied less. One of the key questions at this moment is whether we can really use AOP to build \emph{secure} software ? 
In this presentation we will address this key question by elaborating on a number of security implications of AOP. Risks will be shown to originate from the core concepts of AOP, as well as from tool-specific implementation strategies (with a specific focus on AspectJ). The presentation will be concluded by indicating how these risks could be mitigated, both from a theoretical and from a practical perspective. 
        ''Presentation + Discussion?'' 
Bart De Win is a postdoctoral researcher in the research group DistriNet, Department of Computer Science at the Katholieke Universiteit Leuven. His research interests are in secure software engineering, including software development processes, aspect-oriented software development and model driven security.

← Older revision		Revision as of 07:10, 16 May 2017
Line 1:		Line 1:
−	[[Belgium]] ~~events held in 2007~~	+	<noinclude>
		+	These are the 2007 events of the [[Belgium\|OWASP Belgium Chapter]].
		+
		+	Previous year: [[Belgium Events 2006\|2006]].
		+	Next year: [[Belgium Events 2008\|2008]].
		+	</noinclude>
	== Chapter Meeting (20-Nov-2007) in Leuven ==		== Chapter Meeting (20-Nov-2007) in Leuven ==

← Older revision	Revision as of 10:30, 11 May 2017
(No difference)

Belgium Events 2007 - Revision history

Thomas Herlea: Added non-transcluding navigation links.

Thomas Herlea: Thomas Herlea moved page Belgium Previous Events 2007 to Belgium Events 2007: Made page title timeless

Sdeleersnyder at 07:30, 19 January 2008

Sdeleersnyder: New page: Belgium events held in 2007 == Last Chapter Meeting (Brussels, 22-June-2007)== During an extra edition we brought you 2 big names in web application security. [http://www.f5.com/ F5 N...