This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Belgium"
| Line 10: | Line 10: | ||
the latest OWASP related information. Enjoy! | the latest OWASP related information. Enjoy! | ||
| − | == Next Chapter Meeting | + | == Next Chapter Meeting == |
===WHEN=== | ===WHEN=== | ||
Thursday 14th of September 2006, 18h00 - 21h00. | Thursday 14th of September 2006, 18h00 - 21h00. | ||
| Line 36: | Line 36: | ||
| − | == Last Chapter Meeting ( | + | == Last Chapter Meeting (Antwerp, 14-Sep-2006) == |
| + | ===WHEN=== | ||
| + | Thursday 14th of September 2006, 18h00 - 21h00. | ||
| + | ===WHERE !!! Location changed !!! === | ||
| + | ING sponsored the venue and sandwiches.<br> | ||
| + | '''Location changed: Desguinlei 92 - B-2018 Antwerpen.''' I have put a map [https://www.owasp.org/index.php/Image:Map-owasp-meeting-BE.JPG online].<br> | ||
| + | |||
| + | ===PROGRAM=== | ||
| + | * 18h00 - 18h30: Welcome, get drink & sandwiches<BR> | ||
| + | * 18h20 - 18h40: Sebastien Deleersnyder, Ascure <BR> | ||
| + | '''[http://www.owasp.org/index.php/Image:OWASP_Belgium_Chapter_Meeting_-_Antwerp_-_14_Sep_2006_-_1_OWASP_2.0_Update.ppt OWASP 2.0 Update]'''<BR> | ||
| + | * 18h45 – 19h00: Toon Mordijck, ISSA<BR> | ||
| + | '''ISSA Introduction'''<BR> | ||
| + | * 19h00 - 19h55: Serge Moreno, ING<BR> | ||
| + | '''Business Application Security through Information Risk Management'''<BR> | ||
| + | ''Presentation + Discussion''<BR> | ||
| + | The presentation will show how ING has implemented business application security by implementing a risk management approach. By starting from the definition of risks and risk management, we have changed the program governance and project lifecycle to ensure that security is not seen as an add-on in a late stage of the project, but that the security requirements are defined in the early start of a project. By this approach the security requirements are becoming real functional requirements which are supported by the business. The net result is that security is not an after-thought anymore but totally integrated in the product and its (functional) requirements. As security requirements have become demands of the business, they are not taken out when the project is getting in time and budget constraints. These are all the positive consequences we have obtained from the method that will be explained throughout the presentation. | ||
| + | *20h05 - 21h00: Guy Crets, Apogado<BR> | ||
| + | '''Secure and Reliable Web Services'''<BR> | ||
| + | ''Presentation + Discussion''<BR> | ||
| + | Web Services are becoming a very popular protocol for communication between IT systems within and between organizations. Web services offer a nice alternative for all sorts of communication middleware. The security of Web Services is a major attention point, now being well addressed with the WS-Security standards. Guy Crets not only explains what WS-Security is, but also opens up the subject by addressing many related topics: how does WS-* compare to B2B protocols such as EDIINT AS2, why not use SOAP over email or FTP, the importance of WS-Addressing, shortcomings in WS-ReliableMessaging, what is the importance of Microsoft WCF (aka Indigo), ... and many more. | ||
| + | |||
| + | |||
| + | == Chapter Meeting Archive == | ||
| + | ===Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006) === | ||
===WHEN=== | ===WHEN=== | ||
Monday 8th of May 2006, 18h30 - 22h30. | Monday 8th of May 2006, 18h30 - 22h30. | ||
| Line 56: | Line 80: | ||
also be put to work to reduce the number of security vulnerabilities?<br> | also be put to work to reduce the number of security vulnerabilities?<br> | ||
The audience added to the discussion with questions and remarks!<br> | The audience added to the discussion with questions and remarks!<br> | ||
| − | |||
| − | |||
===Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006) === | ===Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006) === | ||
Revision as of 05:06, 16 September 2006
- 1 OWASP Belgium
- 2 Participation
- 3 Sponsorship/Membership
- 4 Local News
- 5 Next Chapter Meeting
- 6 Last Chapter Meeting (Antwerp, 14-Sep-2006)
- 7 Chapter Meeting Archive
- 7.1 Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006)
- 7.2 WHEN
- 7.3 WHERE
- 7.4 PROGRAM
- 7.5 Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006)
- 7.6 Belgium OWASP 2006 New Year Drink
- 7.7 Meeting Notes second OWASP Belgium Chapter meeting (Leuven, 28-Sep-2005)
- 7.8 Meeting Notes First OWASP Belgium Chapter Meeting (Gent, 26-May-2005)
OWASP Belgium
Welcome to the Belgium chapter homepage. The chapter leader is Sebastien Deleersnyder
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
Local News
OWASP Moves to MediaWiki Portal - 10:45, 20 May 2006 (EDT)
OWASP is pleased to announce the arrival of OWASP 2.0!
OWASP 2.0 utilizes the MediaWiki portal to manage and provide the latest OWASP related information. Enjoy!
Next Chapter Meeting
WHEN
Thursday 14th of September 2006, 18h00 - 21h00.
WHERE !!! Location changed !!!
ING sponsors the venue and sandwiches.
Location changed: Desguinlei 92 - B-2018 Antwerpen. I have put a map online.
The restaurant on the 11th floor is reserved for us:
The reception phone number is: 03 244 40 06
Only a few parking places (around 15) are available within the building perimeter but there is no major problem to park in the street at this time.
PROGRAM
- 18h00 - 18h30: Welcome, get drink & sandwiches
- 18h20 - 18h40: Sebastien Deleersnyder, Ascure
OWASP 2.0 Update
- 18h45 – 19h00: Toon Mordijck, ISSA
ISSA Introduction
- 19h00 - 19h55: Serge Moreno, ING
Business Application Security through Information Risk Management
Presentation + Discussion
The presentation will show how ING has implemented business application security by implementing a risk management approach. By starting from the definition of risks and risk management, we have changed the program governance and project lifecycle to ensure that security is not seen as an add-on in a late stage of the project, but that the security requirements are defined in the early start of a project. By this approach the security requirements are becoming real functional requirements which are supported by the business. The net result is that security is not an after-thought anymore but totally integrated in the product and its (functional) requirements. As security requirements have become demands of the business, they are not taken out when the project is getting in time and budget constraints. These are all the positive consequences we have obtained from the method that will be explained throughout the presentation.
- 20h05 - 21h00: Guy Crets, Apogado
Secure and Reliable Web Services
Presentation + Discussion
Web Services are becoming a very popular protocol for communication between IT systems within and between organizations. Web services offer a nice alternative for all sorts of communication middleware. The security of Web Services is a major attention point, now being well addressed with the WS-Security standards. Guy Crets not only explains what WS-Security is, but also opens up the subject by addressing many related topics: how does WS-* compare to B2B protocols such as EDIINT AS2, why not use SOAP over email or FTP, the importance of WS-Addressing, shortcomings in WS-ReliableMessaging, what is the importance of Microsoft WCF (aka Indigo), ... and many more.
Last Chapter Meeting (Antwerp, 14-Sep-2006)
WHEN
Thursday 14th of September 2006, 18h00 - 21h00.
WHERE !!! Location changed !!!
ING sponsored the venue and sandwiches.
Location changed: Desguinlei 92 - B-2018 Antwerpen. I have put a map online.
PROGRAM
- 18h00 - 18h30: Welcome, get drink & sandwiches
- 18h20 - 18h40: Sebastien Deleersnyder, Ascure
- 18h45 – 19h00: Toon Mordijck, ISSA
ISSA Introduction
- 19h00 - 19h55: Serge Moreno, ING
Business Application Security through Information Risk Management
Presentation + Discussion
The presentation will show how ING has implemented business application security by implementing a risk management approach. By starting from the definition of risks and risk management, we have changed the program governance and project lifecycle to ensure that security is not seen as an add-on in a late stage of the project, but that the security requirements are defined in the early start of a project. By this approach the security requirements are becoming real functional requirements which are supported by the business. The net result is that security is not an after-thought anymore but totally integrated in the product and its (functional) requirements. As security requirements have become demands of the business, they are not taken out when the project is getting in time and budget constraints. These are all the positive consequences we have obtained from the method that will be explained throughout the presentation.
- 20h05 - 21h00: Guy Crets, Apogado
Secure and Reliable Web Services
Presentation + Discussion
Web Services are becoming a very popular protocol for communication between IT systems within and between organizations. Web services offer a nice alternative for all sorts of communication middleware. The security of Web Services is a major attention point, now being well addressed with the WS-Security standards. Guy Crets not only explains what WS-Security is, but also opens up the subject by addressing many related topics: how does WS-* compare to B2B protocols such as EDIINT AS2, why not use SOAP over email or FTP, the importance of WS-Addressing, shortcomings in WS-ReliableMessaging, what is the importance of Microsoft WCF (aka Indigo), ... and many more.
Chapter Meeting Archive
Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006)
WHEN
Monday 8th of May 2006, 18h30 - 22h30.
WHERE
Deloitte sponsored the venue, drinks and snacks.
PROGRAM
- 18h00 - 18h30: Welcome, get drink & snack
- 18h20 - 18h40: Sebastien Deleersnyder, Ascure
OWASP Update
- 18h45 - 19h15: Hillar Leoste, Zone-H
Internet Attack Statistics for Belgium in 2005
- 19h15 - 20h30: Johan Peeters, Program Director secappdev.org
Can "Agile" Development Produce Secure Applications?
Received wisdom has it that secure development and agile processes do
not mix. Is that really so? Agile practices have proven in many
projects to yield applications with fewer functional defects. Can they
also be put to work to reduce the number of security vulnerabilities?
The audience added to the discussion with questions and remarks!
Meeting Notes OWASP Belgium Chapter Meeting (Leuven, 22-Feb-2006)
WHEN
Wednesday 22nd of February 2006, 18h00 - 21h00.
WHERE
KUL sponsored the venue:
Location: Auditorium N00.01, Celestijnenlaan 200A, Heverlee.
Itinerary to Dept Computer Science.
Detailed map of campus with building N.
BeeWare sponsored the Pizza and Drinks!
PROGRAM
18h00 - 18h20: Welcome, get Pizza & Drink
18h20 - 18h40: Sebastien Deleersnyder, Ascure
OWASP (Membership) and new OWASP Projects
18h40 - 19h30: Philippe Bogaerts, BeeWare
WebScarab demonstration
19h30 - 20h45: Web Application Firewalls (WAF): Panel Discussion
First a WAF Primer was presented.
Then we organized a panel discussion with people from industry, vendors and research:
How mature are WAFs?
What do WAFs protect you from? What not?
Where do you position WAFs in your architecture?
What WAF functionality do you really need?
…
A panel Discussion with:
- Philippe Bogaerts, BeeWare
- Jaak Cuppens, F5 Networks
- David Van der Linden, ING Belgium
- Lieven Desmet, K.U.Leuven
The audience (up to 50 !) added to the discussion with questions and remarks!
Belgium OWASP 2006 New Year Drink
On January 19th we had a New Years Drink.
Presentation (TBD)
Meeting Notes second OWASP Belgium Chapter meeting (Leuven, 28-Sep-2005)
On 28th of September 2005 we had our second OWASP Belgium Chapter meeting. We had nearly 50 people coming to the meeting!
WHEN
Wednesday 28th of September 2005, 18h00 - 21h00 at Ubizen in Leuven.
PROGRAM
18h00 - 18h15: Welcome & get a drink
18h15 - 18h45: Sebastien Deleersnyder, Ascure
OWASP & OWASP Membership
18h45 - 19h30: Emmanuel Bergmans, I-logs
Securing Web Applications with ModSecurity
Emmanuel gave an interesting introduction on ModSecurity.
The presentation is included as attachment and contains a lot of great pointers and SWOT analysis.
Conclusions were:
ModSecurity can be particularly useful in an ISP environment
Increased effort is necessary to synchronize multiple ModSecurity configurations in a Webfarm
19h30 - 20h45:
OWASP Top 10 Vulnerabilities: Panel Discussion
OWASP Top 10:
The presentation is included with an introduction of the TOP 10.
Then we had a lively panel Discussion with:
- Erwin Geirnaert, Security Innovation
- Dirk Dussart, Belgian Post
- Eric Devolder, Mastercard
- Herman Stevens, Ubizen
- Frank Piessens, KU Leuven
We handled questions about the Top 10:
- Is the OWASP Top 10 still necessary?
- Are we talking vulnerabilities, solutions or threats?
- Can we base our best practices / standards on the Top 10?
- How to test your web site security on the Top 10?
- …
The overall discussion was interesting, and at times diverted to an overall application security discussion.
Some of the remarkable opinions covered:
Can / or should the OWASP Top 10 form the basis for a certification scheme
If it is used as an awareness tool, can we promote it with an OWASP magazine?
The OWASP Top 10 is too vague
A bigger exhaustive list is needed with a clear classification and taxonomy
It should be based on threat modelling.
One of the more pertinent questions: how did the original authors come to the Top 10?
Meeting Notes First OWASP Belgium Chapter Meeting (Gent, 26-May-2005)
On 26th of May 2005 we held the first OWASP Belgium Chapter meeting!
It was a big success: we had nearly 40 people attending, despite the Belgium-unlike hot weather.
PROGRAM
17h30 - 18h00: Welcome & get a drink
18h00 - 18h45: Sebastien Deleersnyder, Ascure
OWASP Introduction
19h00 - 19h45: Erwin Geirnaert, Security Innovation
How to Break Web Application Security
20h00 - 20h45: professor Frank Piessens, KU Leuven
How to Build Secure Web Applications
You can download the presentations.
We had some interesting discussions with Frank on the position of security controls: within the code or within the supporting infrastructure?
Another idea is also to look for a top 10 solutions for Web Applications and have some guidance system when selecting countermeasures.
