This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Belgium"

From OWASP
Jump to: navigation, search
(WHERE)
(Local News)
 
(451 intermediate revisions by 15 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Belgium-Luxemburg|extra=The chapter leader is [mailto:seba@deleersnyder.eu Sebastien Deleersnyder]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-belgium|emailarchives=http://lists.owasp.org/pipermail/owasp-belgium}}
+
{{Chapter Template|chaptername=Belgium|extra=The chapter leaders are [mailto:seba@owasp.org Sebastien Deleersnyder], [mailto:[email protected] Lieven Desmet] and [mailto:[email protected] Bart De Win]
 +
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-belgium|emailarchives=http://lists.owasp.org/pipermail/owasp-belgium}}  
  
== Local News ==
+
= Local News =
  
The next Belgium Chapter meeting is on November 20 in Leuven. This time it is organized together with ISSA Belgium. See the program below.
+
== Upcoming Chapter Meetings ==
  
We will also set up a first Luxembourg chapter meeting in November: host sponsor, speaker & topic suggestions are welcome!
+
* OWASP BE chapter meeting: registration via https://owasp-belgium-2019-11-25.eventbrite.com/
  
== Chapter Board ==
+
See the {{#switchtablink:Chapter Meetings|Chapter Meetings}} tab for more details and older meetings.
The BeLux Chapter is now supported by an active board:
 
* Erwin Geirnaert, Zion Security
 
* Philippe Bogaerts, NetAppSec
 
* André Mariën, Cybertrust
 
* Lieven Desmet, K.U.Leuven
 
* Joël Quinet, Unisys
 
* Sebastien Deleersnyder, Telindus
 
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.
 
  
== Structural Sponsors 2007 ==
+
== Stay in Touch ==
OWASP BeLux would like to thank the following organizations for sponsoring this chapter. If you are interested in sponsoring the BeLux chapter please contact seba 'at' deleersnyder.eu .
 
  
[http://www.f5.com https://www.owasp.org/images/7/7e/50px-F5_50px.jpg]
+
<center>
 +
{| cellspacing="15"
 +
|-
 +
| [[Image:Meetup-logo-2x.png|120px|link=http://www.meetup.com/Belgium-OWASP-Open-Web-Application-Security-Project/]]
 +
| [[Image:Join the list.png|150px|link=http://lists.owasp.org/mailman/listinfo/owasp-belgium]]
 +
| [[Image:Follow-us-on-twitter.png|175px|link=https://twitter.com/owasp_be]]
 +
| [[Image:Linkedin-button.gif|135px|link=https://www.linkedin.com/groups/37865]]
 +
|}
 +
</center>
 +
If you want to be invited for the next OWASP Belgium Chapter meetings, please [http://eepurl.com/iFZtb drop us your contact info].
  
== Next Event: Chapter Meeting (20-Nov-2007) in Leuven ==
+
== Structural Sponsors 2019 ==
  
===WHEN===
+
OWASP Belgium thanks its structural chapter supporters for 2019 and the OWASP BeNeLux Days 2018:
Tuesday, November 20th, 2007 (18pm-21pm)
 
  
===WHERE===
+
<!-- Gold -->
 +
[[File:Vest.jpg|250px|link=http://www.vest.nl]]
 +
[[File:DavinsiLabs.png|250px|link=https://www.davinsilabs.com]]
  
Pizza and drinks are sponsored by [http://www.netappsec.be/ NetAppSec]
+
<!-- Silver -->
 +
[[File:LogoToreon.jpg|250px|link=https://www.toreon.com]]
 +
[[File:Nviso_logo_RGB_baseline_200px.png|250px|link=http://www.nviso.be]]
 +
&nbsp;[[File:LogoIngenicoGroup.png|250px|link=https://ingenico.be]]
  
[http://www.cs.kuleuven.be/~distrinet/ Katholieke Universiteit Leuven] sponsors the venue
+
If you want to support our chapter, please contact [mailto:seba@owasp.org Seba Deleersnyder]
  
Location: Department of Computer Science (auditorium 00.225)
+
= Chapter Meetings =
Celestijnenlaan 200 A, 3001 Heverlee
 
  
Map: [http://googlemapsinterface.kuleuven.be/index.cgi?nbol=50.8640699237025,4.67808664523977&zoomlevel=14&plaatsnaam=Departement%20Computerwetenschappen,%20Celestijnenlaan%20200a,%203001%20Heverlee&detailplan=celestijnenlaan200&foto  Detailed map] [http://www.cs.kuleuven.be/cs/algemene_info/plan/index-E.shtml  General map]
+
{{:Belgium_Events_2019}}
  
This time the OWASP chapter meeting is co-organized with ISSA Belgium (http://www.issa-be.org).
+
== Previous Years ==
  
===PROGRAM===
+
Events held in
The agenda looks as follows:
+
[[Belgium Events 2018|2018]],
 +
[[Belgium Events 2017|2017]],
 +
[[Belgium Events 2016|2016]],
 +
[[Belgium Events 2015|2015]],
 +
[[Belgium Events 2014|2014]],
 +
[[Belgium Events 2013|2013]],
 +
[[Belgium Events 2012|2012]],
 +
[[Belgium Events 2011|2011]],
 +
[[Belgium Events 2010|2010]],
 +
[[Belgium Events 2009|2009]],
 +
[[Belgium Events 2008|2008]],
 +
[[Belgium Events 2007|2007]],
 +
[[Belgium Events 2006|2006]],
 +
[[Belgium Events 2005|2005]].
  
* 18h00 - 18h30: Welcome, Pizza and drinks<BR>
+
= Belgium OWASP Chapter Leaders =
* 18h30 - 18h45: Sebastien Deleersnyder, OWASP BeLux<BR>
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''OWASP Update'''<BR>
 
* 18h45 - 19h00: Tomas Vanhoof, ISSA<BR>
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''ISSA Intro'''<BR>
 
* 19h00 - 20h00: Patrick Debois<BR>
 
:'''Operational security impact on developing secure applications'''
 
:As an experienced programmer you are well experienced in applying the OWASP guidelines. At least we hope so ;-) Still we are ainly involved :within the creation of the application during a project phase. But good security management goes beyond that one phase, enter the operational security. Not having programming skills, these operationalunits over the years have created several security layers around the applications. Think firewalls, intrusion detection, prevention, antivirus systems... These server and network oriented security measures more and more influence application deployment and can also benefit from better application integration.
 
:This presentation will show you the impact of f.i. central logmanagement, patch management, identity & access management, loadbalancing, antivirus ..  can have on the application deployment and how with little modification of our application it can make a whole world of difference to the security in the trenches. They will be complementary to the OWASP set of guidelines. Also developers will get a better understanding of an additional set of non-functional requirements that are security related.
 
:'''Patrick Debois''' has been an independent consultant for 15 years and is fascinated by the transition of a projects into operational mode. In order to better understand this interaction, he frequently changes his role from being a project manager, systems engineer, tester and developer.
 
:His  two main technical point of interests are:
 
:* portal, cms, dms, search (f.i. brussels airport, eurocontrol,www.vrtnieuws.net)
 
:*identity/access management: (f.i. ministry of Finance, flemish government, telenet).
 
:Complementary to these technical skills, he stimulates the human factor within projects by using both coaching (NLP) and project manamagement skils(Lean, Scrum).In his latest assignment he is experimenting with Scrum and Coaching within an operational team.
 
* 20h00 - 20h15: break
 
* 20h15 - 21h15: Herman Stevens & Swa Frantzen, NET2S<BR>
 
:'''Security awareness programs for development'''
 
:Security awareness programs for developers are an effective tool to improve not just the security but can be used as a vehicle to improve efficiency in the development cycle just as well. This talk gives an overview of what the different roles in a development department need to know and introduces some key concepts in order to make such a program a success. Real examples from actual security awareness trainings will be given as well.
 
:'''Swa Frantzen''' first encountered the Internet in its very early days at the KULeuven as a system administrator at the Computer Science department. Ever since he developed an active interest in the security consequences of that network of networks. Swa served in different functions at different levels between engineering and management in the security service industry (Ubizen, Telindus, SANS, NET2S) and the telecommunications world (EUnet, Scarlet). Currently he is an independent security consultant. He is also one of the handlers at the SANS Internet Storm Center.
 
:'''Herman Stevens''' (CISA, CISSP) works in the information security field since nearly a decade. At Smals-MvM he developed applications regarding the Belgian social security system. He started at Ubizen as the security product trainer, and later was asked to become information security consultant. The bulk of his work became doing risk assessments, creating security policies, performing PCI audits and especially application security related work such as application security reviews, penetration testing, code review and training developers. Currently he works as a senior consultant at NET2S, where he focuses on security awareness training for development teams.
 
  
=== REGISTRATION ===
+
The Belgium Chapter is supported by the following board:
Please '''send a mail''' to belgium 'at' owasp.org if you plan to attend, so we can size the venue appropriately and keep you updated on last-minute changes.
 
  
== First Luxembourg Chapter Meeting (27-Nov-2007) in Luxembourg! ==
+
Chapter Leaders
 +
*Sebastien Deleersnyder, Toreon
 +
*Lieven Desmet, KU Leuven
 +
*Bart De Win, PWC
  
===WHEN===
+
Board Members
Tuesday, November 27th, 2007 (18pm-21pm)
+
*Erwin Geirnaert, Zion Security
 +
*David Mathy, Freelance
 +
*Adolfo Solero, Freelance
 +
*Stella Dineva, Ingenico Payment Services
 +
*Thomas Herlea, NVISO
  
===WHERE===
+
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.  
 
+
__NOTOC__ <headertabs></headertabs>
Verizon Business sponsors the venue and catering.
+
[[Category:Europe]]
 
 
Location: Verizon Business Security Solutions Offices, 18 rue Robert Stümper - L2557 Luxembourg - Luxembourg.
 
[[https://www.owasp.org/index.php/Image:OWASP_Lux_2007_11_27_Location.pdf|map]]
 
 
 
===PROGRAM===
 
The agenda looks as follows:
 
 
 
* 18h00 - 18h30: Welcome & Sandwiches<BR>
 
* 18h30 - 19h00: Sebastien Deleersnyder, OWASP BeLux<BR>
 
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'''OWASP Introduction'''<BR>
 
* 19h00 - 20h00: Philippe Bogaerts, NetAppSec<BR>
 
Philippe Bogaerts is an independent consultant specialized in network and application security testing, web application and XML firewalls.
 
:'''How to break Web Applications '''
 
Web applications are riddled with vulnerabilities. Philippe will provide an overview of the most common web application security problems and how to exploit them.
 
* 20h00 - 20h15: break
 
* 20h15 - 21h15: Sebastien Deleersnyder, Telindus<BR>
 
:'''How to secure Web Applications (the OWASP Way)'''
 
:More details soon
 
 
 
=== REGISTRATION ===
 
Please '''send a mail''' to luxembourg 'at' owasp.org if you plan to attend, so we can size the venue appropriately and keep you updated on last-minute changes.
 
 
 
== Previous Event: OWASP Day (6-Sep-2007)==
 
On September 6th, OWASP organized [[OWASP Day]] conferences worldwide triggered by the [http://www.globalsecurityweek.com/ Global Security Week] idea.
 
 
 
In Belgium we organized the mini-conference in Brussels.
 
 
 
Speakers:
 
* Mark Curphey, OWASP Founder, ([http://securitybuddha.com/about/ Marc's blog])
 
* [http://gnucitizen.org/about/pdp Petko D. Petkov], a.k.a pdp (architect), founder of the [http://gnucitizen.org GNUCITIZEN] group. Co-author of the “XSS Attacks” book.
 
* Bart De Win, postdoc researcher within the [http://www.cs.kuleuven.be/cwis/research/distrinet/public/index.php DistriNet research group], K.U.Leuven
 
* [http://gnucitizen.org/about/dk David Kierznowski], founder of [http://blogsecurity.net blogsecurity.net] and active member of the [http://gnucitizen.org GNUCITIZEN] group.
 
* Simon Roses Femerling, Security Technologist at [http://blogs.msdn.com/ace_team/ ACE Team] Microsoft
 
* Luc Beirens, [http://www.polfed-fedpol.be/crim/crim_fccu_nl.php FCCU]
 
 
 
===WHEN===
 
Thursday, September 6th, 2007 (2-7pm)
 
 
 
===WHERE===
 
[http://www.telindus.be Telindus, Belgacom ICT] sponsored the venue: <BR>
 
Location: SURF House, Rue Stroobants 51, 1140 Evere. <BR>
 
You can find a map and itinary [http://www.surfhouse.be/plan.pdf online]. <BR>
 
 
 
===PROGRAM===
 
The theme of the world-wide OWASP Day is “Privacy in the 21st Century”.
 
 
 
The event started with an introductory session on WebGoat & WebScarab
 
at 12h30, the mini-conference itself at 14h.
 
 
 
The agenda:
 
 
 
* 12h30 pre-event: [[Belgium#Getting_started_with_WebGoat_.26_WebScarab_.28Erwin_Geirnaert.29|Getting started with WebGoat & WebScarab]] (Erwin Geirnaert)
 
* 14h00 Welcome & pre-recorded video of OWASP board (Sebastien Deleersnyder)
 
* 14h20 Key note:[[Belgium#OWASP_Evaluation_and_Certification_Criteria_Draft_.28Mark_Curphey.29|OWASP Evaluation and Certification Criteria Draft]] (Mark Curphey)
 
* 15h10 [[Belgium#Automated_Web_FOO_or_FUD.3F_.28David_Kierznowski.29|Automated Web FOO or FUD?]] (David Kierznowski)
 
* 16h00 [[Belgium#OWASP_Pantera_Unleashed_.28Simon_Roses_Femerling.29|OWASP Pantera Unleashed]] (Simon Roses Femerling)
 
* 16h40 Break
 
* 17h00 [[Belgium#CLASP.2C_SDL_and_Touchpoints_Compared_.28Bart_De_Win.29|CLASP, SDL and Touchpoints Compared]] (Bart De Win)
 
* 17h25 [[Belgium#Threats_of_e-insecurity_in_Belgium_and_the_Belgian_response_.28Luc_Beirens.2C_FCCU.29|Threats of e-insecurity in Belgium and the Belgian response]] (Luc Beirens - FCCU)
 
* 17h50 [[Belgium#For_my_next_trick..._hacking_Web2.0_.28pdp.29|For my next trick... hacking Web2.0]] (pdp)
 
* 18h40 Panel Discussion: “Privacy in the 21st Century?”, moderator: André Marien (Verizon Business - Cybertrust)
 
* 19h30 Finish - Drinks !
 
 
 
==== Getting started with WebGoat & WebScarab (Erwin Geirnaert) ====
 
Download [[:Image:OWASPDay2007Belgium_WebGoat-WebScarab.ppt|presentation]].
 
 
 
In this tutorial you will learn how to use WebScarab to solve the lessons in WebGoat.
 
 
 
Following points will be explained:
 
* Configure WebScarab as a local proxy
 
* Intercepte HTTP requests and responses
 
* Modify HTTP requests to solve the lesson “Hidden field manipulation”
 
* Modify HTTP responses to solve the lesson “Bypass client-side Javascript validation”
 
* Use the session analysis tab in WebScarab
 
* Use the web services tab in WebScarab
 
* Use WebScarab to analyze Ajax XML messages
 
 
 
'''!! Prerequisites:'''
 
* Bring your own laptop with you!
 
* Download [[OWASP_WebScarab_Project#Download|WebScarab]] onto your laptop
 
* Download [[OWASP_WebGoat_Project#Download|WebGoat]] onto your laptop
 
 
 
 
 
Erwin Geirnaert is CEO and co-founder of [http://www.zionsecurity.com ZION Security]. He is a renowned application security expert and has presented on various conferences like Javapolis, Eurostar, Owasp,… about web security. He is board member of OWASP Belux and actively involved in various OWASP projects like OWASP Java and OWASP WebGoat. Because of his technical experience he loves to do security testing, code review, reverse engineering,.. for Fortune 1000 companies in Europe. More information can be found on his LinkedIn profile: http://www.linkedin.com/in/erwingeirnaert.
 
 
 
==== OWASP Evaluation and Certification Criteria Draft (Mark Curphey) ====
 
Download [[:Image:OWASP_Day_-_Belgium_-_Curphey.pdf|presentation]].
 
 
 
As opposed to me continuing saying what’s wrong with PCI DSS, it seems to me that OWASP is a perfect forum to simply create and publish a “better criteria”. This can either be adopted and implemented by an organization like OWASP or considered to be incorporated into the PCI or other security standards. We won't get bogged down in the politics up-front, but hold something good up to the world for people to adopt. This project would of course draw on and bring together many of the other OWASP Projects including the Guide (What is a secure web app), Testing Guides (How to test for a secure web app), WebGoat (part of how to certify an individual understands and can find web app issues) etc. Many of those projects may not be complete or a perfect fit today, but this project can bring a common connecting theme to a lot of very valuable IP that OWASP has built over the years. I will also create it in such as way that a corporate could adopt/adapt it themseles as well as an industry. Where other OWASP projects are not complete or currently suitable I will build a requirements doc that can be considered by those teams if they feel appropriate.
 
 
 
[http://securitybuddha.com/about/ Mark Curphey] ran Foundstone consulting from 2003 until late 2006 during which time the company was sold to McAfee.  Before joining Foundstone Mark was the Director of Information Security at Charles Schwab (responsible for the software security program) and has also worked for ISS and several financial services companies in Europe. Mark has a Masters degree in information security from Royal Holloway, University of London and was the original founder of the Open Web Application Security Project (OWASP).
 
 
 
==== Automated Web FOO or FUD? (David Kierznowski) ====
 
Download [[:Image:OWASPDay2007-Belgium-dwk.ppt|presentation]].
 
 
 
We take a look into automated web application testing technologies and their effectiveness against real life applications.
 
 
 
Also, we look into one of GNUCITIZENs latest projects, The Technika Security Framework (TSF), which will enable users to automate security testing directly from their browser.
 
 
 
[http://gnucitizen.org/about/dk David Kierznowski] currently works as a Senior Security Analyst for a leading penetration testing company in the UK. He has worked in the security industry for the past 6 years. David is also the founder of both [http://michaeldaw.org michaeldaw.org] and [http://blogsecurity.net blogsecurity.net] and is an active member of the [http://gnucitizen.org GNUCITIZEN] group.
 
 
 
==== OWASP Pantera Unleashed (Simon Roses Femerling) ====
 
Download [[:Image:OWASPDay2007Belgium_Pantera_Unleash.ppt|presentation]].
 
 
 
The presentation will provide a glimpse into what Pantera can offer when performing blackbox web assessments. In the age of Web 2.0 we need powerful tools that provide us rich and accurate information and allows us to manipulate that information into our advantage, that's what Pantera is all about.
 
 
 
Simon Roses Femerling is a Security Technologist at the [http://blogs.msdn.com/ace_team/ ACE Team] at Microsoft. Former PwC and @Stake. He has many years of security experience where he has authored and cooperated in several security Open Source projects and advisories. Simon is natural from wonderful Mallorca Island in the Mediterranean Sea. He holds a postgraduate in E-Commerce from Harvard University and a B.S. from Suffolk University at Boston, Massachusetts.
 
 
 
==== CLASP, SDL and Touchpoints Compared (Bart De Win) ====
 
Download [[:Image:OWASPDay2007Belgium_BartDeWin.ppt|presentation]].
 
 
 
Over the years, specific methodologies and techniques for secure software
 
engineering have been proposed, yet dedicated processes have become available
 
only recently. In this presentation, the highlights of an activity-driven
 
comparison of three high-profile processes for the development of secure
 
software are presented.
 
 
 
Bart De Win is a postdoctoral researcher in the research group DistriNet, Department of Computer Science at the Katholieke Universiteit Leuven. His research interests are in secure software engineering, including software development processes, aspect-oriented software development and model driven security.
 
 
 
==== Threats of e-insecurity in Belgium and the Belgian response (Luc Beirens, FCCU) ====
 
Download [[:Image:OWASP_Day_Belgium_FCCU_e-insecurity.pdf|presentation]].
 
 
 
The presentation will give a short overview of the actual threats on the e-society in Belgium.
 
How are public and private sector organized (or not) to tacle the different problems ?
 
What are the tasks of the police within this framework ?
 
 
 
Since 1991, chief superintendent Luc Beirens is engaged in computer forensics and cyber crime investigations.  He is head of the Federal Computer Crime Unit of the Federal Police since 2001. Aside consulting his detectives in current cyber crime investigations, he is responsible for the reorganization, the equipment and the training of Belgian police services concerned with cyber crime investigations. As member of the European Working Party on Information Technology Crime (EWPITC) of Interpol since 1995 and the EUROPOL cyber crime expert group since 2001, he has cooperated in writing several documents concerning computer forensics and cyber crime investigations. He lectures in these fields at several police academies and universities.
 
His is involved in several organizations and platforms that are concerned with e-security, ICT forensics and cyber crime combating. Before his detective career, he has worked from 1987 till 1995 as analyst and project manager on the development of the Police Information System of the Belgian Gendarmerie.  He holds master degrees in criminology and information technology.
 
 
 
==== For my next trick... hacking Web2.0 (pdp) ====
 
Download [[:Image:OWASP_Day_Belgium_2007-pdp.ppt|presentation]].
 
 
 
Web2.0, if I can summarize it with a few simple words, is all about communication, distribution, information, agents, clients and servers. Those who understand the 2.0 fundamentals have the power to manipulate the global Web to suit their needs - hackers, the new digital breed of the 2.0 world. Web2.0 hacking is a mean for communicating and distributing critical information in a better way. It can be used to build ghost infrastructures from where to launch attacks - anonymously, no traces, nothing. Web2.0 hacking is also about the thin line between client-side and server-side security. It is about the endpoints and the electronic highways. It is about reaching the masses and yet being able to perform attacks on specific targets. Web2.0 hacking is also about distribution and influence, covert channels, bots, IA, ghosts inside the electronic frame. Web2.0 hacking is also a movement, a cyber subculture where individuals show their technical abilities, and understandings of the world and use that to manipulate their way through the system.
 
 
 
Web2.0 hacking practices should never be related to AJAX and JavaScript exploitation techniques only. Although it is true that client-side security has a significant part of the Web2.0 ecosystem, it is important to realize its role. There are far too many other aspects that we need to look into. My aim is to cover these aspects and reveal the hidden dangers.
 
 
 
[http://gnucitizen.org/about/pdp Petko D. Petkov], a.k.a pdp (architect), is the founder and leading contributer of the [http://gnucitizen.org GNUCITIZEN] group. He is a senior IT security consultant based in London, UK. His day-to-day work involves identifying vulnerabilities, building attack strategies and creating attack tools and penetration testing infrastructures. Petko is known in the underground circles as pdp or architect but his name is well known in the IT security industry for his strong technical background and creative thinking. He has been working for some of the world's top companies, providing consultancy on the latest security vulnerabilities and attack technologies.
 
 
 
=== REGISTRATION ===
 
Please '''send a mail''' to belgium 'at' owasp.org if you plan to attend, so we can size the venue appropriately and keep you updated on last-minute changes.
 
 
 
== Past Events ==
 
* Events held in [[Belgium_Previous_Events_2007|2007]]
 
* Events held in [[Belgium_Previous_Events_2006|2006]]
 
* Events held in [[Belgium_Previous_Events_2005|2005]]
 

Latest revision as of 18:57, 13 November 2019

OWASP Belgium

Welcome to the Belgium chapter homepage. The chapter leaders are Sebastien Deleersnyder, Lieven Desmet and Bart De Win


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Upcoming Chapter Meetings

See the Chapter Meetings tab for more details and older meetings.

Stay in Touch

Meetup-logo-2x.png Join the list.png Follow-us-on-twitter.png Linkedin-button.gif

If you want to be invited for the next OWASP Belgium Chapter meetings, please drop us your contact info.

Structural Sponsors 2019

OWASP Belgium thanks its structural chapter supporters for 2019 and the OWASP BeNeLux Days 2018:

Vest.jpg DavinsiLabs.png

LogoToreon.jpg Nviso logo RGB baseline 200px.png  LogoIngenicoGroup.png

If you want to support our chapter, please contact Seba Deleersnyder

25 November 2019 Meeting

Where

  • Address:
Park Inn by Radisson Leuven
Martelarenlaan 36
3010  Leuven

Agenda

Program

Recent evolutions in the OAuth 2.0 and OpenID Connect landscape

Abstract

Ever since the introduction of OAuth 2.0, the framework has been in continuous evolution. The initial specification addressed a strong need for delegation. However, since then, various addendums focus on the needs of modern applications. Today, the suite of OAuth 2.0 specifications supports a broad spectrum of different scenarios. For each of these scenarios makes their security assumptions and defines a set of best practices.

In this talk, we will investigate a number of these recent additions. We look at the recently added “Proof of Key for Code Exchange” (PKCE) flow. We also investigate how it is becoming the default flow for Single Page Applications. We also extensively dive into “Proof of Possession” tokens. Their security properties are significantly better than bearer tokens. Consequentially, everyone should know what they entail, and how to use them. You will walk away with a solid overview of recent evolutions in OAuth 2.0, and where to use them in your applications.

Speaker Bio

Philippe De Ryck helps developers protect companies through better web security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security and security engineering. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his work on security in Angular applications.

Detection and Prevention of DNS abuse in .eu TLD

Abstract

This session reports on an extensive analysis of 14 months of domain registration in the .eu TLD. In particular, we investigate domain names that are registered for malicious purposes (such as spam, phishing, botnets C&C, ...). The goal of our research is to understand and identify large-scale malicious campaigns, and to early detect and prevent malicious registrations.

We explore the ecosystem and modus operandi of elaborate cyber criminal entities that recurrently register large amounts of domains for one-shot, malicious use. We further report on insights in the operational aspects of this business and observe, for instance, that their processes are only partially automated.

Finally, we present our automatic prediction system, that classifies at registration time whether a domain name will be used maliciously or benign. As such, malicious domain registrations can effectively be prevented from doing any harm. As part of the talk, we discuss the first results of this prediction system, which currently runs in production at EURid, the registry of the .eu TLD.

Speaker Bio

Lieven Desmet is a Senior Research Manager on Secure Software in the imec-DistriNet Research Group at the Katholieke Universiteit Leuven (Belgium), where he outlines and implements the research strategy, coaches junior researchers in web and infrastructure security, and participates in dissemination, valorisation and spin-off activities.

Registration

Registration is via EventBrite: https://owasp-belgium-2019-11-25.eventbrite.com.

Coverage

n/a

summit working session on OWASP SAMM

OWASP Belgium presents a summit working session on OWASP SAMM in Antwerp on 30 April:

Registration via https://www.eventbrite.com/e/open-security-summit-working-session-tickets-60456102831

20 February 2019 Meeting

Where

Department of Computer Science (foyer at ground floor)
Celestijnenlaan 200 A
3001 Heverlee

Agenda

  • 18h15 - 19h00: Welcome & sandwiches
  • 19h00 - 19h10: OWASP Update by Sebastien Deleersnyder (OWASP)
  • 19h10 - 20h00: ''CSP in the age of Script Gadgets by Prof. Martin Johns (TU Braunschweig)
  • 20h00 - 20h10: Break
  • 20h10 - 21h00: Zero to DevSecOps - security in a DevOps world (part 1, 2, 3) by Jimmy Mesta (CTO, Manicode Security)

Program

CSP in the age of Script Gadgets

  • Speaker: Prof. Martin Johns (TU Braunschweig)
  • Presentation: not yet available

Abstract

Content Security Policy (CSP) was first introduced in 2012. It should have been a silver-bullet defense against various injection attacks, including the rampant Cross-Site Scripting vulnerabilities. Unfortunately, modern development practices and legacy code bases proved to be substantial obstacles. New versions of CSP were released to address usability and compatibility for developers. Unfortunately, researchers discovered many bypasses and vulnerabilities in real-world CSP policies. The latest problem is known as script gadgets, where data is turned into code by legitimate functionality.

In this session, we will take a look at the problems you might encounter when deploying CSP. We start at CSP level 1 and work towards the latest level 3 version. We discuss CSP's features, potential bypasses, and pitfalls to avoid. In the end, you will have gained the knowledge to deploy a secure and effective CSP policy.

Speaker Bio

Martin Johns is a full professor at the TU Braunschweig.

Zero to DevSecOps - security in a DevOps world

  • Speaker: Jimmy Mesta (CTO, Manicode Security)
  • Presentation: not yet available

Abstract

The way that software is being deployed is undergoing a massive transformation. As a result, security teams are at a point where they must adapt or be left in the dust. Traditional application security used to be heavyweight and human-driven. Tasks are more often than not mostly manual efforts. Time-consuming security testing often breaks down in an automated world. Dynamic vulnerability scanning and manual code reviews are incompatible with a world where code changes are automatically being pushed to production hundreds of times per day.

This talk will share lessons learned from helping teams of all sizes and maturity levels with their transformation to a DevSecOps model where security goes from being a blocker to an enabler. Specifically, we will cover some of the tools and processes you can start using right now. These tools allow you to start adding real value to your organization through enhanced visibility, vulnerability discovery, and feedback loops. It is time to adapt and embrace a new era of security.

Speaker Bio

Jimmy Mesta is CTO at Manicode Security. He is a DevSecOps, Mobile, and Kubernetes Secure Coding Instructor.

Registration

Registration is via EventBrite: https://owasp-belgium-2019-02-20.eventbrite.com.

Coverage

n/a

Previous Years

Events held in 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.

The Belgium Chapter is supported by the following board:

Chapter Leaders

  • Sebastien Deleersnyder, Toreon
  • Lieven Desmet, KU Leuven
  • Bart De Win, PWC

Board Members

  • Erwin Geirnaert, Zion Security
  • David Mathy, Freelance
  • Adolfo Solero, Freelance
  • Stella Dineva, Ingenico Payment Services
  • Thomas Herlea, NVISO

Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.

Retrieved from "https://wiki.owasp.org/index.php?title=Belgium&oldid=256044"