Netherlands April 24th, 2014 - Revision history

Knoblochmartin: added links to presentations

2014-04-25T08:02:44Z

added links to presentations

Knoblochmartin at 11:49, 16 April 2014

2014-04-16T11:49:47Z

Knoblochmartin at 11:30, 16 April 2014

2014-04-16T11:30:20Z

Knoblochmartin at 08:15, 14 April 2014

2014-04-14T08:15:53Z

Knoblochmartin: Created page with "; OWASP Netherland Wiki ; All OWASP NL Events 2014 = April 24th, 2014 = '''Broken Online Strong Authentication and OWAS..."

2014-04-07T08:46:42Z

Created page with "; OWASP Netherland Wiki ; All OWASP NL Events 2014 = April 24th, 2014 = '''Broken Online Strong Authentication and OWAS..."

New page

;[[Netherlands | OWASP Netherland Wiki]]
;[[Netherlands_Previous_Events_2014 | All OWASP NL Events 2014]]
= April 24th, 2014 =
'''Broken Online Strong Authentication and OWASP update'''
:This chaptermeeting will be about broken online strong authentication with banking web applications and OWASP updates.
==Programme:==
:18:30 - 19:00 Registration & Sandwiches
:19:00 - 19:15 Intro and OWASP Netherland and Foundation Updates
:19:15 - 20:00 Security as part of Quality Assurance – Boy Baukema
:20:00 - 20:15 Break
:20:15 - 21:00 Don't be a tool's fool – Dave van Stein
:20:45 - 21:30 Networking
==Presentations==
===OWASP Update===
Retrospective of 2013 activities as the BeNeLux-Day 2013 at the RAI Amsterdam and looking forward to OWASP Conferences and event 2014.
===Security as part of Quality Assurance===
We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device – a smartcard reader with a display and numeric keyboard – to authorise transactions with their bank card and PIN code. Such a set-up could provide a very strong defence against online attackers, notably Man-in-the-Browser attacks, where an attacker controls the browser and host PC. However, we show that the system we studied is flawed: an attacker who controls an infected host PC can get the smartcard to sign transactions that the user does not explicitly approve, which is precisely what the device is meant to prevent.
===Don't be a tool's fool===
Tools are important to both hackers and security testers, but they are not 'the silver bullit'. You need to understand the limitations of tools in order to get the most efficiency out of them. In this presentation some tips and tricks for well-known tools will be shown to get you started getting the right mind-set in using them.
==Speakers==
===Boy Baukema===
Boy is a Senior Software Engineer of 10+ years @ Ibuildings.nl, a web and mobile development organization behind sites like nu.nl, kieskeurig.nl and rtlnieuws.nl. As in-house WebAppSec specialist he is responsible for implementing a SDLC and verifying the security of all delivered projects.
===Dave van Stein===
Dave van Stein is principal consultant security at KZA bv. He has more than 13 years of experience in software and acceptance testing and started specializing in Web Application Security in the beginning of 2008. Over the years Dave has gained experience with many open source and commercial testing tools and has grown a special interest in the more technical testing areas and virtualization techniques. Dave is an active participant in the Dutch OWASP chapter and has certifications for ISEB/ISTQB, C|EH, and GWAPT.

@@ Line 4: / Line 4: @@
 '''Quality assurance and tools'''
 :[http://www.eventbrite.nl/e/owasp-netherlands-chapter-meeting-april-24th-2014-amsterdam-tickets-10967561271 Link to the registration!]
 ==Programme:==
 :18:30 - 19:00 Registration & Sandwiches

@@ Line 22: / Line 22: @@
 ===OWASP Update===
 Retrospective of 2013 activities as the BeNeLux-Day 2013 at the RAI Amsterdam and looking forward to OWASP Conferences and event 2014.
 ===Security as part of Quality Assurance===
 How can you be sure your application is 'secure'? Or 'secure enough'?
 The answer off course, is Security Testing. But which kind of testing? How much? When? By whom? How? And most important to the customer / manager: how much is it going to cost. In this talk I'll be presenting the 'Application Security Verification Standard 2013' (ASVS) by the OWASP Foundation. A comprehensive framework for determining a security 'level' and steps to take to 'verify' this level. With this tool you'll be able to answer all the questions above. I'll also talk briefly on how it integrates with a Secure Software Development Lifecycle at Ibuildings .
 ===Don't be a tool's fool===
 Tools are important to both hackers and security testers, but they are not 'the silver bullit'. You need to understand the limitations of tools in order to get the most efficiency out of them. In this presentation some tips and tricks for well-known tools will be shown to get you started getting the right mind-set in using them.
 ==Speakers==
 ===Boy Baukema===

@@ Line 2: / Line 2: @@
 ;[[Netherlands_Previous_Events_2014 | All OWASP NL Events 2014]]
 = April 24th, 2014 =
-'''Broken Online Strong Authentication and OWASP update'''
+'''Quality assurance and tools'''
-:This chaptermeeting will be about broken online strong authentication with banking web applications and OWASP updates.
+:[http://www.eventbrite.nl/e/owasp-netherlands-chapter-meeting-april-24th-2014-amsterdam-tickets-10967561271 Link to the registration!]
 ==Programme:==
 :18:30 - 19:00 Registration & Sandwiches