|
|
| (607 intermediate revisions by 17 users not shown) |
| Line 1: |
Line 1: |
| − | {{Chapter Template|chaptername=Netherlands|extra= The chapter leader is [mailto:[email protected] Bert Koelewijn] | + | {{Chapter Template|chaptername=Netherlands|extra=|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-netherlands|emailarchives=http://lists.owasp.org/pipermail/owasp-netherlands}} |
| − | <paypal>Netherlands</paypal>
| |
| − | |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-netherlands|emailarchives=http://lists.owasp.org/pipermail/owasp-netherlands}} | |
| | | | |
| − | == Meeting schedule 2008 ==
| + | <!-- First tab --> |
| − | This is an overview of the 2008 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.
| + | = Local News = |
| − | <pre> | + | =='''News'''== |
| − | March 26th
| + | :;OWASP Netherlands Monthly meetup: |
| − | ----------
| + | :: Next meetup [[OWASP_NL_Monthly_Meetup#June_18.2C_2019 | OWASP NL Chapter Meeting, June 18th]] |
| − | Time : 17.30 - 21.30
| + | ::Slides and recordings are available [[OWASP_NL_Monthly_Meetup#January_17.2C_2019, Hilversum | OWASP Nl Chapter Meeting, January 17th]] |
| − | Main Topic : Software Vulnerability assessment
| + | :;OWASP BeNeLux-Day 2018: |
| − | Presentations: Complex(ity) matters, Mario de Boer (Dutch)
| + | ::[[OWASP_BeNeLux-Day_2018 | OWASP BeNeLux-Day 2018 - Mechelen, Belgium]] |
| − | V.A.C. SQL injection, Marinus Kuivenhoven (Dutch)
| + | ::[[OWASP_BeNeLux-Day_2017#tab=Conferenceday | Click here for the OWASP BeNeLux-Day 2017]] |
| − | Secure Programming with Static Analysis, Brian Chess (English)
| |
| − | Location : Mercure Utrecht Nieuwegein, Buizerdlaan 10, 3435 SB Nieuwegein
| |
| − | Sponsor : Fortify Software
| |
| | | | |
| − | Oktober 27th
| + | =='''Provisional 2017 Chapter Event Calendar'''== |
| − | ----------
| + | *Slide Decks from past Chapter meetings can be downloaded from the [[Netherlands#Past_Events | Past Events page]]. |
| − | Time : 17.30 - 21.30
| |
| − | Main Topic : Privacy and the Internet
| |
| − | Presentations: Privacy and Internet (Dutch), Frank Fruijthoff and Ellen Hoving
| |
| − | Vulnerability and source code scanners. (Dutch) Emile Strijbos
| |
| − | Location : ps_testware B.V., Dorpsstraat 26, 3941 JM DOORN
| |
| − | Sponsor : ps_testware B.V.
| |
| − | </pre>
| |
| − | == Meeting minutes October 27th 2008 == | |
| | | | |
| − | At October 27th, the Dutch OWASP chapter came together at the office of the sponsor of the evening; ps_testware in Doorn. The subject of the evening was 'Privacy and the Internet’. There were 2 speakers and approximately 25 attendees.<br/>
| + | =='''Other OWASP Events'''== |
| − | <br/>
| + | ::;[[OWASP_Events/upcoming_events | OWASP International, Upcoming Events]] |
| − | After a short welcome talk by both the sponsor and OWASP, Mario de Boer had an announcement about a new OWASP project; ORPRO, the Open Review Project. The goal of the project is to review Open Source Software from an independent point of view. Reviews will be done both manually and with the aid of source code analysis software provided by Fortify. The first software package to be reviewed is already available so reviewers are needed. More information can be found on the OWASP project page. [http://www.owasp.org/index.php/Category:OWASP_Open_Review_Project]v
| |
| − | <br/>
| |
| − | The first presentation of the evening was about "Privacy & the Internet" which was presented by Frank Fruijthoff and Ellen Hoving. <br/>
| |
| − | The goal of this presentation was to show the problems in regulating privacy on the internet by law. The presentation was roughly split in 3 parts: definitions, requirements and context. <br/>
| |
| − | The main problem with regulating privacy is that the concept of privacy is very broad and not well defined. Privacy can have different meanings and consequences in different contexts. Most laws therefore focus on the individual and define privacy as 'protection of personal information' where 'personal information' is all data that can be tracked back to a single person. The last years many countries within the EU developed internet laws concerning privacy on the internet. These laws state that information can only be used what it originally was intended for and usage of that information must be reported at central register. This register also makes it possible to file a complaint and check what companies use personal information for what purposes. While these rules are mostly sufficient for local databases they often fail when applied to information stored on or with use of the internet. Problems encountered are captured in the "four D's";<br/>
| |
| − | - Internet is deterritorialized; internet has no boundaries.<br/>
| |
| − | - Internet is deregulated; internet has no law, only terms of use.<br/>
| |
| − | - Internet is dematerialized; internet is not physical.<br/>
| |
| − | - Internet is decentralized; there is no single regulating or controlling organization.<br/>
| |
| − | Although the protection of personal data is more and more covered by laws, the increasing usage of external storage and connections over the internet will make it harder to enforce them. The main conclusion of the evening was that, although many initiatives improving privacy exist, the very properties of the internet make it hard to ensure privacy completely. <br/>
| |
| − | <br/>
| |
| − | The second presentation of the evening was presented by E. Strijbos. He showed the results of his research concerning the feasibility of a Web Application Security Certification by the usage of vulnerability scanners.<br/>
| |
| − | With the daily increasing amount of threads and vulnerabilities in web applications there is a market-driven demand for an independent and automated scan service. Current scan services often lack coverage and depth of scanning and give no details about the used scanning methods.<br/>
| |
| − | In this research several commercial vulnerability scanners and static analysis tools were compared and checked for scantime, accuracy, false positives, and ease of use. The results showed that almost all scanners find most of the vulnerabilities, but also produce many false positives. Also, without proper configuration the amount of results can be overwhelming and inconclusive. Furthermore results showed that static analysis scanners are much faster than vulnerability scanners, but have a more limited usage. The main conclusion was that although vulnerability scanners and static analysis tools can be very helpful in identifying vulnerabilities, their current efficiency is not high enough to use as the basis for an automated vulnerability scan.<br/>
| |
| | | | |
| | + | =='''Call for Presentations'''== |
| | + | ::;[https://docs.google.com/a/owasp.org/spreadsheet/viewform?formkey=dGs1UFN0Ul9YR1pRcGdYRmtYallraUE6MQ#gid=0 OWASP NL Chapter Call For Presentation] |
| | | | |
| − | == Meeting October 27th 2008: Privacy and the Internet == | + | =='''Stay in contact:'''== |
| − | '''Summary'''<br/> | + | <center> |
| − | The main goal of the upcoming OWASP-NL meeting is to provide information to developers and security professionals about personal and technical privacy on the internet. The speakers focus on privacy regulations related to the internet and on the mass amount of personal and technical information available about persons and companies on the internet, with and without their consent. Furthermore tools will be discussed that help prevent leakage of privacy related and other kind of data. They will give specific examples and there will be time to ask questions.<br/>
| + | {| cellspacing="15" |
| − | Please register before October 20th because of the necessary catering arrangements.<br/>
| + | |- |
| − | <br/>
| + | | [[Image:Meetup-logo-2x.png|120px|link=https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup]] |
| − | '''Location'''<br/>
| + | | [[Image:Join the list.png|150px|link=https://groups.google.com/a/owasp.org/forum/#!forum/netherlands-chapter]] |
| − | The location and catering is provided by the sponsor of this meeting:<br/>
| + | | [[Image:Follow-us-on-twitter.png|175px|link=http://www.twitter.com/owasp_NL]] |
| − | <table>
| + | | [[Image:Linkedin-button.gif|135px|link=http://www.linkedin.com/groups/OWASP-Netherlands-Chapter-1987229/about]] |
| − | <tr>
| + | |[[Image:slack-horizontal.png|90px|link=https://owasp.slack.com/messages/chapter-netherlands/details/]] |
| − | <td width="350">
| + | |} |
| − | ps_testware B.V.<br/>
| + | </center> |
| − | Dorpsstraat 26,<br/>
| |
| − | 3941 JM DOORN<br/>
| |
| − | </td>
| |
| − | <td width="350">
| |
| − | [[Image:Pstestware.jpg|100px]] | |
| − | </td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td width="350">
| |
| − | The location has parking facilities for 15 cars. However parking in the direct vicinity of ps_testware shouldn’t be a problem.<br/>
| |
| − | </td>
| |
| − | <td width="350">
| |
| − | ps_testware delivers services related to software testing and software quality. In the field of software development, quality, time-to-market, business processes and software acceptance they play the role of "your devil's advocate" as an independent, flexible and specialized partner.<br/>
| |
| − | For more information please visit: www.pstestware.com.<br/>
| |
| − | </td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | <br/>
| |
| − | <br/>
| |
| − | '''Program'''<br/>
| |
| − | 17.30 - 18.30 '''Check-In''' (catering included)<br/>
| |
| − | <br/>
| |
| − | 18.30 – 19:00 '''Introduction''' (OWASP organization, projects, sponsor)<br/>
| |
| − | <br/>
| |
| − | 19.00 - 20.15 '''Privacy and Internet''' (Dutch), Frank Fruijthoff and Ellen Hoving<br/>
| |
| − | In this presentation the general principles of privacy laws in the Netherlands and the EU and specifically privacy and the internet will be covered.<br/>
| |
| − | Frank Fruijthoff is a Compliance Officer with ING. He has a Compliance and Risk Management background and is specialised in privacy.<br/>
| |
| − | Ellen Hoving is a graduated lawyer. She works as an independent consultant specialized in compliance and privacy.<br/>
| |
| − | <br/>
| |
| − | 20.15 – 20:30 '''Break'''<br/>
| |
| − | <br/>
| |
| − | 20:30 – 21:00 '''Vulnerability and source code scanners''' (Dutch), Emile Strijbos
| |
| − | <br/>
| |
| − | For his Master thesis in computer science at the Radboud Universiteit in Nijmegen, Emile Strijbos investigated vulnerability scanners and source code scanners. These are automated tools that try to detect security flaws, either in running web-applications or in their source code.<br/>
| |
| − | Emile tried out several of these tools, including both free and commercial ones, to see how good they are at detecting standard vulnerabilities, such as SQL injection, XSS, CSRF, etc.<br/>
| |
| − | <br/>
| |
| − | 21.00 – 21:30 '''Discussion, questions and social'''<br/>
| |
| − | <br/>
| |
| − | If you want to attend, please send an email to: owasp@irc2.com.<br>
| |
| − | Please register before October 20th, because of the necessary catering arrangements. The number of registries is limited to 50 due to the capacity of the location and will be handled in order of receipt.<br/>
| |
| − | <br/>
| |
| − | All OWASP chapter meetings are free of charge and you don’t have to be an OWASP member to attend. There are never any vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP's: OWASP Meetings count towards CPE Credits.<br/>
| |
| − | <br/> | |
| − | The announcement and full descriptions can be found here:<br/>
| |
| − | [[Media:Announcement_27_Oktober.pdf]]<br/>
| |
| | | | |
| − | == Meeting minutes March 23th 2008 == | + | =='''Sponsors'''== |
| | + | ::;Our structural Chapter and OWASP [[OWASP_BeNeLux-Day_2017| OWASP BeNeLux-Day 2017 sponsor]] supporters: |
| | + | ::Interested in Sponsoring the Netherlands OWASP Chapter, email netherlands '@' owasp.org |
| | + | <br> |
| | + | '''[https://www.owasp.org/index.php/Corporate_Membership OWASP Corporate Member]:''' |
| | + | <center> |
| | + | {| cellspacing="15" |
| | + | |- |
| | + | | [[File:200x60_netsparker_logo.png|250px|link=https://www.netsparker.com]] |
| | + | |} |
| | + | </center> |
| | + | '''[[OWASP_BeNeLux-Day_2017| OWASP BeNeLux-Day 2017 sponsor]]:''' |
| | + | <center> |
| | + | {| cellspacing="15" |
| | + | | [[File:Achmea_L1_RGB_colour.jpg|250px||link=https://www.achmea.nl/]] |
| | + | |} |
| | + | </center> |
| | + | <center> |
| | + | {| cellspacing="15" |
| | + | | [http://www.vest.nl https://www.owasp.org/images/6/67/Vest.jpg] |
| | + | | [https://secwatch.nl https://www.owasp.org/images/f/ff/Secwatch_logo_small.png] |
| | + | | [[File:Avi Logo Transparent Background 300pix.png|200px|link=https://avinetworks.com/]] |
| | + | |} |
| | + | </center> |
| | + | <center> |
| | + | {| cellspacing="15" |
| | + | |- |
| | + | ] |
| | + | | [http://www.sig.eu/security https://www.owasp.org/images/9/99/SIG_LOGO.png] |
| | + | | [https://www.secura.com/ https://www.owasp.org/images/7/78/Secura_logo_small.png] |
| | + | | [[File:Xebia logo-large-transparent.png|200px|link=https://xebia.com/agile-software-security]] |
| | + | | [https://informatiebeveiliging.nl/ https://www.owasp.org/images/9/9a/Logo_Informatiebeveiliging-200.png] |
| | + | |} |
| | + | </center> |
| | | | |
| − | At March 23th, the Dutch OWASP chapter came together in the Mercury hotel in Nieuwegein. The meeting was sponsored by Fortify Software. The subject of the evening was 'Software Vulnerability Assesment’. There were 3 speakers and approximately 40 attendees.<br/>
| + | <!-- |
| − | <br/>
| + | [[File:VeraCode logo.png|250px|link=https://www.veracode.com]] |
| − | After a short introduction of Migchiel de Jong (Fortify) about the subject of Static and Dynamic Analysis and the tools that Fortify provides the speakers of the evening where introduced.<br/>
| + | [[File:Vest.jpg|250px|link=http://www.vest.nl]] |
| − | <br/>
| + | [[File:Intigriti_verticaal.jpg|250px|link=http://www.intigriti.be]] |
| − | '''First presentation:''' Practices of Complex(ity) matters (Dutch), Mario de Boer<br/>
| + | [[File:Ecurify-2016.png|250px|link=http://www.securify.nl]] |
| − | Mario de Boer has spent much of his free time the last 16 years into disassembling various pieces of software and analyzing the code and its statistics. The main advantage in analyzing binaries is that no access to source code is needed, all dependencies (i.e. the compiler) are included and it’s independent of the tool used. Disassembling compiled code gives great insight in the complexity of the software and the entry and exit points of data. Although there is no direct relation between the complexity of software and its security, statistically the most vulnerabilities appear in the most complex portions of a program. Data entry points in complex portions of the code can give rise to possible exploits so static analysis can give insight in the most vulnerable places in software which is useful information in testing.
| + | [[File:HPE_logo_250.png|250px|link=ttp://www8.hp.com/nl/nl/software-solutions/enterprise-security.html]] |
| − | The disadvantages of static analysis are that an extensive knowledge of assembly is needed and, due to its statistic nature, it gives rise to many false positives.
| + | [[File:Nixu-logo.png|250px|link=https://www.nixu.com/en/nixubenelux]] |
| − | In conclusion static binary analysis, when used by experts, can be a powerful tool to gain insight in the most vulnerable parts of the software and be a valuable tool in both developing and testing software. <br/>
| + | [[File:Logo_xebia.jpg|250px|link=https://xebia.com/agile-software-security]] |
| − | <br/>
| + | [[File:Logo_Informatiebeveiliging-200.png|250px|link=https://informatiebeveiliging.nl]] |
| − | '''Second presentation:''' V.A.C: SQL injection (Dutch), Marinus Kuivenhoven<br/>
| + | --> |
| − | A new reoccurring topic on OWASP presentations will be the so called VAC. In these presentations an expert will talk about a Vulnerability, how to Assess it and possible Countermeasures. This evening Marinus started with the second vulnerability in the OWASP top ten; SQL injections.<br/>
| + | <!-- Second tab --> |
| − | With the aid of Webgoat, a few simple examples and the possible consequences were shown. SQL injection is particularly useful exploit in the reconnaissance phase since it can be abused for information leakage and in getting information about e.g. the table structure. <br/>
| |
| − | On the internet and in literature many countermeasures against SQL injections are described. However, many of these countermeasures are not usable in a maintainable system or cannot prevent SQL injections completely. The most important conclusion was that input should never be trusted and should never be directly used.<br/>
| |
| − | <br/>
| |
| − | '''Third presentation:''' Secure Programming with Static Analysis (English), Brian Chess<br/>
| |
| − | The last speaker of the evening was Brian Chess who presented his new book ‘Secure Programming with Static Analysis’. Brian made clear that, although a powerful tool, static binary analysis is already too late in the SDLC to be successful in preventing vulnerabilities. Scanning for possible vulnerabilities should be implemented as early as possible i.e. during coding. The main advantages of static analysis are the cost and speed. Since errors and bad practices are identified in an early stage they can be solved at the spot, making auditing the software more efficient in term of time and depth. <br/>
| |
| − | Static analysis can successfully be used for style and type checking, program understanding and verification, and for security reviews. The success of static analysis, however, is fully depending on the rules implemented in the scanner. Static analysis is also unable to identify design flaws, right problems, or wrong user input. <br/>
| |
| − | The conclusion was that scanning for vulnerabilities can probably only be successful with the aid of static analysis, but many requirements should be met. Firstly it should become part of the SDLC and culture. Secondly the right tool should be picked and people should be trained in its use. Lastly investments should be made in building up a good rule set and metrics. <br/>
| |
| | | | |
| − | == Meeting March 26th 2008: Software Vulnerability assessment == | + | = Calendar = |
| − | '''Summary'''<br/>
| + | == Provisional Chapter Event Calendar 2019 == |
| − | The main goal of the upcoming OWASP-NL meeting is to provide information to developers and security professionals involved in creating secure (web-)applications. The main focus will be on software vulnerability assessment. The speakers will give specific examples and of course there is time to ask questions about your own experiences.<br/>
| + | {| class="wikitable" style="text-align:center;" border="1" | |
| − | <br/>
| + | ! width="300" | Date |
| − | '''Location'''<br/>
| + | ! width="350" | Type |
| − | The location and catering is provided by the sponsor of this meeting:<br/>
| + | ! width="300" | Location |
| − | <table>
| + | |- align="center" |
| − | <tr>
| + | |- align="center" |
| − | <td width="350">
| + | | [https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/247313273/ February 8th, 2019] |
| − | Mercure Utrecht Nieuwegein<br/>
| + | | [[OWASP_NL_Monthly_Meetup#January_17.2C_2019| OWASP NL Wiki ]] |
| − | Buizerdlaan 10,<br/>
| + | | Amsterdam |
| − | 3435 SB Nieuwegein<br/>
| + | |- align="center" |
| − | </td>
| + | | [https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/261811435/ June 18th, 2019] |
| − | <td width="350">
| + | | [[OWASP_NL_Monthly_Meetup#June_18.2C_2019| OWASP NL Wiki ]] |
| − | [[Image:Fortify.JPG|143px]]
| + | | Amsterdam |
| − | </td>
| + | |} |
| − | </tr>
| + | <!-- Third tab --> |
| − | <tr>
| |
| − | <td width="350">
| |
| − | </td>
| |
| − | <td width="350">
| |
| − | Fortify Software products protect companies from today’s greatest security risk: the software applications that run their businesses. Combining deep application security expertise with extensive software development experience, Fortify Software has defined the market with award-winning products that span the software development cycle. Today, Fortify Software fortifies the software for the most demanding customer deployments, including the world’s largest, most varied code bases.<br/>
| |
| − | <br/>
| |
| − | For more information please visit:<br/>
| |
| − | www.fortify.com<br/> | |
| − | </td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | <br/>
| |
| − | <br/>
| |
| − | '''Program'''<br/>
| |
| − | 17.30 - 18.30 '''Check-In''' (catering included)<br/>
| |
| − | <br/>
| |
| − | 18.30 - 18:50 '''Introduction''' (OWASP, sponsor)<br/>
| |
| − | <br/>
| |
| − | 18.50 - 19.30 '''Complex(ity) matters''' (Dutch), Mario de Boer<br/>
| |
| − | Various methods exist to locate specific vulnerabilities in software. In the presentation we will look at static analysis of binaries, and the problems we face when trying to locate vulnerabilities. Several ideas will be discussed to make the search easier, but at the same time less exact. The first idea is trivial: automate as much as possible. The second idea is nearly trivial: don't aim at exact vulnerabilities but relax the search to locating potential vulnerabilities. We will give examples that illustrate the results.<br/>
| |
| − | Mario de Boer is a senior security consultant at Logica, and as such focuses on security management aspects like security frameworks, compliance, monitoring and control and risk management. Before joining Logica, Mario worked at the Dutch ministries of Defense and Justice, he co-founded a security company and worked as a project manager in the financial sector. For several years he taught courses in software security analysis and secure software development. Besides security management, Mario has interest in software security, reverse engineering and cryptography. Within Logica Netherlands, he is knowledge manager application security. Mario holds a PhD in Mathematics and is CISA and CISSP.<br/>
| |
| − | <br/>
| |
| − | 19.30 - 19:50 '''Break'''<br/>
| |
| − | <br/>
| |
| − | 19:50 - 20:20 '''V.A.C: SQL injection''' (Dutch), Marinus Kuivenhoven
| |
| − | <br/>
| |
| − | <u>'''V'''ulnerability:</u><br/>
| |
| − | An application which uses a database for its information needs, communicates with it trough SQL. SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of a Database for parsing and execution.<br/>
| |
| − | <u>'''A'''ssessment:</u><br/>
| |
| − | SQL injection can threaten the confidentiality, availability and integrity of the data. The various types of SQL injection and their impact will be shown.<br/>
| |
| − | <u>'''C'''ountermeasure:</u><br/>
| |
| − | Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because a database will execute all syntactically valid queries that it receives. How this should be done will be shown for the most popular languages.<br/>
| |
| − | Marinus is a Technology Specialist with Sogeti Nederland B.V. specializing in service oriented architectures and secure application development. His experience includes developing and administrating Oracle-based systems.<br/>
| |
| − | <br/>
| |
| − | 20.20 - 21.00 '''Secure Programming with Static Analysis''' (English), Brian Chess<br/>
| |
| − | Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution. We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.<br/>
| |
| − | Brian Chess is a founder of Fortify Software and serves as Fortify's Chief Scientist, where his work focuses on practical methods for creating secure systems. His book, Secure Programming with Static Analysis, shows how static source code analysis is an indispensable tool for getting security right. Brian holds a Ph.D. in computer engineering from the University of California at Santa Cruz, where he studied the application of static analysis to the problem of finding security-relevant defects in source code. Before settling on security, Brian spent a decade in Silicon Valley working at huge companies and small startups. He has done research on a broad set of topics, ranging from integrated circuit design all the way to delivering software as a service.<br/>
| |
| − | <br/>
| |
| − | 21.00 - 21:30 '''Discussion, questions and social'''<br/>
| |
| − | <br/>
| |
| − | '''Registration'''<br/>
| |
| − | If you want to attend, please send an email to: owasp@irc2.com.<br/>
| |
| − | <br/>
| |
| − | All OWASP chapter meetings are free of charge and you don’t have to be an OWASP member to attend. There are never any vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP's: OWASP Meetings count towards CPE Credits.<br/>
| |
| − | <br/> | |
| | | | |
| − | == Meeting December 20th 2007: Secure Development == | + | = Past Events = |
| − | '''Summary'''<br/>
| + | *Events held in [[Netherlands Previous Events 2019|2019]] |
| − | The main goal of the upcoming OWASP-NL meeting is to provide information to developers and security professionals involved in creating secure (web-)applications. The general and specific security issues involved on project and programming level will be covered from a practical as well as a theoretical point of view. The speakers will give specific examples and of course there is time to ask questions about your own experiences.<br/>
| + | *Events held in [[Netherlands Previous Events 2018|2018]] |
| − | Please register before December the 14th because of the necessary catering arrangements.<br/>
| + | *Events held in [[Netherlands Previous Events 2017|2017]] |
| − | <br/>
| + | *Events held in [[Netherlands Previous Events 2016|2016]] |
| − | '''Location'''<br/>
| + | *Events held in [[Netherlands Previous Events 2015|2015]] |
| − | The location and catering is provided by the sponsor of this meeting:<br/>
| + | *Events held in [[Netherlands Previous Events 2014|2014]] |
| − | <table>
| + | *Events held in [[Netherlands Previous Events 2013|2013]] |
| − | <tr>
| + | *Events held in [[Netherlands Previous Events 2012|2012]] |
| − | <td width="350">
| + | *Events held in [[Netherlands Previous Events 2011|2011]] |
| − | ps_testware B.V.<br/>
| + | *Events held in [[Netherlands Previous Events 2010|2010]] |
| − | Dorpsstraat 26,<br/>
| + | *Events held in [[Netherlands Previous Events 2009|2009]] |
| − | 3941 JM DOORN<br/>
| + | *Events held in [[Netherlands Previous Events 2008|2008]] |
| − | </td>
| + | *Events held in [[Netherlands Previous Events 2007|2007]] |
| − | <td width="350">
| + | *Events held in [[Netherlands Previous Events 2006|2006]] |
| − | [[Image:Pstestware.jpg|100px]] | + | *Events held in [[Netherlands Previous Events 2005|2005]] |
| − | </td>
| |
| − | </tr>
| |
| − | <tr>
| |
| − | <td width="350">
| |
| − | The location has parking facilities for 15 cars. However parking in the direct vicinity of ps_testware shouldn’t be a problem.<br/>
| |
| − | </td>
| |
| − | <td width="350">
| |
| − | ps_testware delivers services related to software testing and software quality. In the field of software development, quality, time-to-market, business processes and software acceptance they play the role of "your devil's advocate" as an independent, flexible and specialized partner.<br/>
| |
| − | For more information please visit: www.pstestware.com.<br/>
| |
| − | </td>
| |
| − | </tr>
| |
| − | </table>
| |
| − | <br/>
| |
| − | <br/>
| |
| − | '''Program'''<br/>
| |
| − | 17.30 - 18.30 '''Check-In''' (catering included)<br/>
| |
| − | <br/>
| |
| − | 18.30 – 19:00 '''Introduction''' (OWASP organization, projects, sponsor)<br/>
| |
| − | <br/>
| |
| − | 19.00 - 19.30 '''Practices of developing optimal security''' (dutch), Andre Post<br/>
| |
| − | This presentation highlights a number of current practices that lead to sub-optimal security, and suggests ways of avoiding these problems, focusing on the technical side of development.<br/>
| |
| − | André Post works for Fox-IT on a variety of projects including core product development, software architecting, security code reviews, and software project management.<br/>
| |
| − | <br/>
| |
| − | 19.30 – 19:45 '''Break'''<br/>
| |
| − | <br/>
| |
| − | 19:45 – 20:30 '''Problems of developing secure and correct applications''' (dutch), Erik Poll [http://www.cs.ru.nl/~erikpoll/talks/OWASP2007.pdf (slides of the presentation)]
| |
| − | <br/>
| |
| − | This presentation will discuss different possibilities to improve software security. The problem of getting time and money available to be spend on security, not only for developing applications, but also for developing programming languages, will be raised.<br/>
| |
| − | Erik Poll is head of the Security of Systems (SoS) group at the Radboud University of Nijmegen. His research does focus on the security and correctness of software.<br/>
| |
| − | <br/>
| |
| − | 20.30 - 21.00 '''Protecting Web services and Web applications against security threats''' (dutch), Rix Groenboom<br/>
| |
| − | During this session, Rix will explore how to implement development and security best practices in the code to make sure that your webservices and applications perform solidly when they are being hacked or used in malicious ways.<br/>
| |
| − | Rix Groenboom supports fortune 2000 companies in field automated software error prevention and correction for Parasoft. His main area of expertise is in the use of formal languages for the specification, design and validation of software applications.<br/>
| |
| − | <br/>
| |
| − | 21.00 – 21:30 '''Discussion, questions and social'''<br/>
| |
| − | <br/>
| |
| − | All OWASP chapter meetings are free of charge and you don’t have to be an OWASP member to attend. There are never any vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP's: OWASP Meetings count towards CPE Credits.<br/>
| |
| − | <br/>
| |
| − | The announcement and full descriptions can be found here:<br/>
| |
| − | [[Media:Announcement_20_December.pdf]]<br/> | |
| − | [[Media:Announcement_20_December_2.pdf]]<br/> | |
| | | | |
| − | == Meeting September 13th: putting initiatives into practice ==
| + | <!-- Fourth tab --> |
| | | | |
| − | The main goal of the next OWASP meeting is finding a way to put initiatives and all offered help into a form of structural benefit for the OWASP Netherlands local chapter. As a starting point for the discussion, examples will be taken from other European chapters and input delivered by discussions that take place on the mailing list is considered too. Let this be a call to put your ideas on the mailing list before the next meeting!<br/> | + | = Chapter Leaders = |
| − | <br/>
| + | The Netherlands Chapter is supported by the following board: |
| − | The location is provided by the sponsor of this meeting:<br/>
| + | *[https://www.owasp.org/index.php/User:Knoblochmartin Martin Knobloch] |
| − | Comsec Consulting BV<br/>
| + | *[https://www.owasp.org/index.php/User:Joren Joren Poll] |
| − | Rivium Boulevard 102<br/>
| + | *[https://www.owasp.org/index.php/User:Edwin_Gozeling Edwin Gozeling] |
| − | 2909LK Capelle aan den IJssel<br/>
| + | *[https://www.owasp.org/index.php/User:Cooper Tom Wirschell] |
| − | <br/>
| |
| − | The agenda:<br/>
| |
| − | 18.00 - 18.30 Check-In (catering included)<br/>
| |
| − | 18.30 - 18.45 OWASP update, Bert Koelewijn<br/>
| |
| − | 18.45 - 19.15 Security Best Practices for .NET, Boaz Shunami<br/>
| |
| − | 19.15 - 20.00 Discussion: collecting ideas and initiatives<br/>
| |
| − | 20.00 - 20.15 Coffee break<br/>
| |
| − | 20.15 - 21.00 Discussion: how to enable community commitment<br/>
| |
| − | 21.00 - 21.30 Closing discussion and coffee<br/>
| |
| − | <br/>
| |
| − | Boaz Shunami<br/>
| |
| − | Boaz is manager of the Application Security department of Comsec Europe. He has 11 years of experience in the IT Security field, and a large part of them in Application Security.<br/>
| |
| − | Boaz did numerous application security audits in very large organizations and is recognized as one of the greatest expert’s world wide. Boaz' expertise is broad, but especially in-depth for the .NET platform.<br/>
| |
| − | <br/>
| |
| − | Discussion input (until now)<br/>
| |
| − | - division of local chapter work load by multiple people<br/>
| |
| − | - collaboration with other organizations<br/>
| |
| − | <br/>
| |
| − | If you want to attend send an email to owasp@irc2.com.<br/>
| |
| − | <br/>
| |
| − | All OWASP chapter meetings are free, there are never vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP's: OWASP Meetings count towards CPE Credits.<br/>
| |
| | | | |
| − | == Meeting minutes Januar 11th 2007 ==
| + | <br> |
| | + | |
| | + | Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects. |
| | | | |
| − | January 11th, the Dutch OWASP chapter came together at the office of Sogeti Netherlands. Subject of the evening was 'putting software security into practice'. The group was small but select.<br/>
| + | <!-- Fifth and last tab --> |
| − | <br/>
| + | = Chapter Support = |
| − | The agenda:<br/>
| + | === Chapter Sponsoring === |
| − | 18.00 - 18.30 Check-In (catering included)<br/>
| + | OWASP Netherlands is looking for organizations to sponsor our chapter. |
| − | 18.30 - 18.45 Sponsor opening<br/>
| + | If you are interested in sponsoring the Netherlands chapter please contact us via email: [mailto:netherlands@owasp.org netherlands 'at' owasp.org]. |
| − | 18.45 - 19.00 OWASP update, Bert Koelewijn<br/>
| |
| − | 19.00 - 19.30 Implementation of Security by Design, Martin Knobloch<br/>
| |
| − | 19.30 - 19.45 Panel introduction<br/>
| |
| − | 19.45 - 20.00 Coffee break<br/>
| |
| − | 20.00 - 21.30 Panel discussion<br/>
| |
| − | <br/>
| |
| − | After being welcomed by Frank Langeveld from Sogeti and Bert Koelewijn, Dutch chapter leader, the evening started with the presentation 'Security By Design'. During the presentation Martin Knobloch told about his experiences during the implementation of the Secure Development Life Cycle in a company like Sogeti Nederland B.V.<br/>
| |
| − | <br/>
| |
| − | The presentation is available here:<br/>
| |
| − | [[Media:Implementation_of_Security_by_Design.ppt]]<br/>
| |
| − | <br/>
| |
| − | After a small break, the panel discussion started with the following panel: Henk van der Heijden - Comsec Consulting, Dr.ir. Mario de Boer - LogicaCMG and Martin Knobloch - Sogeti Nederland.<br/>
| |
| − | During the discussion, it became clear people are struggling to get the Secure Development Life Cycle implemented in their company. The various experiences were shared with the panel and the others. Company typical problems and common misunderstandings about Software security where brought up.<br/>
| |
| − | The consensus of the discussion was that the main problem lies in the lack of security awareness and knowledge of the managers and the developers. And this of course is exactly where OWASP comes in…<br/>
| |
| − | <br/>
| |
| | | | |
| − | == Meeting Januar 11th 2007 == | + | === Donation === |
| | + | If you would like to donate to our chapter, please use the PayPal link at the top of this page. |
| | + | ;Thank you! |
| | | | |
| − | The OWASP meeting of 11 January is about putting software security into practice. A lot of books, standards, organizations and consultants tell us how we should develop secure software. But which methods and measures are commonly adopted and which are not and why?<br/>
| + | === Call for Speakers === |
| − | This will be the main focus of the discussion that we will have with a panel of people that experienced implementing software security in the field.<br/>
| + | We are continuously looking for speakers.<br>'''Presentations:''' Are you working on an interesting subject, would you like to share your experience with the OWASP community and do you have presentation skills. Please let us know! Any topic related to web application security will be appreciated!<br>'''VAC, Vulnerability, Attack, Countermeasure:''' The VAC is a re occuring part of the chapter meetings. The VAC is a half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!<br> |
| − | <br/>
| + | <span style="font-weight: bold;">Links: </span> |
| − | The location is provided by the sponsor of this meeting:<br/>
| + | [http://www.owasp.org/index.php/Speaker_Agreement Speaker Agreement] |
| − | Sogeti Nederland B.V.<br/>
| + | [http://www.owasp.org/images/5/54/Presentation_template.ppt Template] |
| − | "La Charmille" building<br/>
| + | Interested in presenting at a local chapter meeting, please send an email to: netherlands 'at' owasp.org |
| − | Lange Dreef 17<br/>
| |
| − | 4131 NJ Vianen<br/>
| |
| − | <br/>
| |
| − | The agenda:
| |
| − | <br/>
| |
| − | 18.00 - 18.30 Check-In (catering included)<br/>
| |
| − | 18.30 - 18.45 Sponsor opening<br/>
| |
| − | 18.45 - 19.00 OWASP update, Bert Koelewijn<br/>
| |
| − | 19.00 - 19.30 Implementation of Security by Design, Martin Knobloch<br/>
| |
| − | 19.30 - 19.45 Panel introduction<br/>
| |
| − | 19.45 - 20.00 Coffee break<br/>
| |
| − | 20.00 - 21.30 Panel discussion<br/>
| |
| − | <br/>
| |
| − | Implementation of Security by Design<br/>
| |
| − | What is needed to implement a 'Secure Development Life Cycle' within Sogeti Nederland? The speaker started a project called 'Security by Design' in march 2006 implementing a SDLC at Sogeti Nederland.<br/>
| |
| − | In his presentation, the speaker will share his technical and organizational experiences that he gained with the still ongoing implementation.<br/>
| |
| − | <br/>
| |
| − | About the speaker<br/>
| |
| − | Martin Knobloch has more than 8 years experience in design and development of J2EE applications for customers in various sectors of the market. In September 2003 Martin Knobloch started working for Sogeti Nederland, where he does the design, development and review of J2EE applications and architectures.<br/>
| |
| − | From this background, Martin Knobloch experienced the threats of insecure software firsthand. In march 2006, Martin Knobloch started implementing a SDLC within Sogeti Nederland.<br/>
| |
| − | <br/> | |
| − | Panel discussion<br/>
| |
| − | The panel members are:<br/>
| |
| − | Henk van der Heijden, Managing Director - Comsec Consulting B.V.<br/>
| |
| − | Dr.ir. Mario de Boer, Security Consultant - LogicaCMG<br/>
| |
| − | Martin Knobloch, Senior Technologie Specialist - Sogeti Nederland B.V.<br/>
| |
| − | <br/>
| |
| − | In the discussion, we will try to find answers to questions like:<br/>
| |
| − | - What are the most common security practices in software development?<br/>
| |
| − | - How effective are those practices?<br/>
| |
| − | - Where do we start practicing security?<br/>
| |
| − | - What should be the most common security practices in software development?<br/>
| |
| − | - How much does security cost?<br/>
| |
| − | - How does the Systems Security Engineering Capability Maturity Model (SSE-CMM) fit in?<br/>
| |
| − | <br/>
| |
| − | If you want to attend send an email to owasp@irc2.com.<br/>
| |
| − | <br/>
| |
| − | All OWASP chapter meetings are free, there are never vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits.<br/>
| |
| | | | |
| − | == OWASP Netherlands meeting minutes == | + | <!-- |
| − | | + | === Call for Location === |
| − | On 9 march, the second meeting of OWASP Netherlands local chapter took place. GetronicsPinkRoccade provided the venue, in their luxury conference centre: Connection I.<br/>
| + | For the OWASP Netherlands chapter meetings to come, we are continuously looking for locations! |
| − | <br/>
| + | Most preferable, the location is good accessible with public transport and by car. Free parking should be provided. |
| − | Agenda:<br/>
| + | What do we expect: |
| − | 18.00 - 18.45 Check-In (bread & drinks)<br/>
| + | *meeting room for at least 50 people |
| − | 18.45 - 19.00 Opening<br/>
| + | *lunch for attendees |
| − | 19.00 - 20.00 Improving Security in the Application Development Life-cycle, Migchiel de Jong<br/>
| + | **drinks, sandwiches... |
| − | 20.00 - 20.15 Coffee break<br/>
| + | *a small present for the speakers |
| − | 20.15 - 22.00 Form focus groups<br/>
| + | **(e.g. bottle of wine, for speakers from aboard alcohol might be less practical if flying in only with hand luggage) |
| − | <br/>
| + | Interested in sponsoring a local chapter meeting, please send an email to: netherlands 'at' owasp.org |
| − | The presentation of Migchiel de Jong was found very interesting by the audience. At the end of his presentation, he demonstrated a static code analysis of the OWASP webgoat application.<br/>
| + | --> |
| − | <br/>
| + | <!-- Don't remove this tag --> |
| − | After the coffee break, the attendances started discussing about the largest common topics of interest in the web application security field, in relation to the OWASP Netherlands chapter. As a result, the following focus groups are formed:<br/>
| + | __NOTOC__ |
| − | <br/>
| + | <headertabs></headertabs> |
| − | Testing<br/>
| + | [[Category:Europe]] |
| − | The current OWASP Testing project and the Open Source Security Testing Methodology Manual of ISECOM, provide guidelines and best practices for testers. These guidelines can be used to formalize a standard structure and a set of minimum requirements for a security test. Clients could ask a tester to adhere to these guidelines.<br/>
| |
| − | A second idea is to standardize the testing results management report. In practice, testing could result in piles of paper with all the findings. The real value is reporting it in a usable way. For example: mapping technical findings to business risks.<br/>
| |
| − | <br/>
| |
| − | Frans v. Buul<br/>
| |
| − | Peter Gouwentak<br/>
| |
| − | Arthur Donkers<br/>
| |
| − | Eelco Klaver<br/>
| |
| − | Migchiel de Jong<br/>
| |
| − | Mario de Boer<br/>
| |
| − | <br/>
| |
| − | First focus group meeting: Monday 27 march, 18:00h, PwC Utrecht<br/>
| |
| − | <br/>
| |
| − | <br/>
| |
| − | Public Relations<br/>
| |
| − | This focus group will try to make business aware of the security impact that developing, hosting and using web applications has. What OWASP is and how OWASP can help. This can be done by giving presentations, writing papers and articles, word of mouth, etc. etc.<br/>
| |
| − | <br/>
| |
| − | Remco Bakker<br/>
| |
| − | Ronald Eygendaal<br/>
| |
| − | Bas van Vossen<br/>
| |
| − | Edwin van Vliet<br/>
| |
| − | Eelco Klaver<br/>
| |
| − | <br/>
| |
| − | First presentation of OWASP materials: Edwin van Vliet, TestNet - Voorjaarsevenement, 5 april<br/>
| |
| − | First focus group meeting: To be planned!<br/>
| |
| − | <br/>
| |
| − | <br/>
| |
| − | Education<br/>
| |
| − | OWASP and universities/schools could benefit from working together. For example:<br/>
| |
| − | - OWASP provides lot's of materials usable in colleges.<br/>
| |
| − | - Develop OWASP training course.<br/>
| |
| − | - Students can participate in OWASP projects<br/>
| |
| − | - OWASP can provide a platform for supporting research. Such as thesis projects, etc.<br/>
| |
| − | - OWASP representatives could provide guest colleges.<br/>
| |
| − | <br/>
| |
| − | Ronald Eygendaal<br/>
| |
| − | Erik Poll<br/>
| |
| − | Bas van Vossen<br/>
| |
| − | Edwin van Vliet<br/>
| |
| − | <br/>
| |
| − | First focus group meeting: To be planned!<br/>
| |
| − | <br/>
| |
| − | The presentation is available here:<br/>
| |
| − | [[Media:OWASP_NL_Fortify_Software.pdf]]<br/>
| |
| − | | |
| − | == 9 March: Second meeting of the OWASP Netherlands local chapter! ==
| |
| − | | |
| − | In this second meeting focus groups are to be formed, to discuss common problems, develop and research common solutions in a vendor neutral environment. So this is a very good opportunity to get in contact with others, to exchange knowledge and experiences on specific topics.<br/>
| |
| − | <br/>
| |
| − | For every focus group the following questions has to be answered:<br/>
| |
| − | 1. Which specific topic is to be addressed?<br/>
| |
| − | 2. What are the deliverables?<br/>
| |
| − | 3. What is the relation to OWASP? (Current projects, materials, expertise and knowledge interchange, etc.)<br/>
| |
| − | 4. Who is the central contact of the subgroup?<br/>
| |
| − | <br/>
| |
| − | It would be nice to have a bigger and more diverse group, compared to the first meeting. So let's recall: "Please, bring at least one friend, next time." And don't hesitate to send this announcement to everybody who may be interested!<br/>
| |
| − | <br/>
| |
| − | We thank Getronics PinkRoccade for offering us a venue:<br/>
| |
| − | Getronics PinkRoccade<br/>
| |
| − | Fauststraat 1<br/>
| |
| − | 7323 BA Apeldoorn <br/>
| |
| − | <br/>
| |
| − | The agenda:<br/>
| |
| − | 18.00 - 18.30 Check-In<br/>
| |
| − | 18.30 - 18.45 Opening<br/>
| |
| − | 18.45 - 19.30 Improving Security in the Application Development Life-cycle, Migchiel de Jong<br/>
| |
| − | 19.30 - 20.00 Collecting focus group initiatives<br/>
| |
| − | 19.45 - 20.00 Coffee break<br/>
| |
| − | 20.00 - 21.00 Form focus groups<br/>
| |
| − | <br/>
| |
| − | Presentation Abstract<br/>
| |
| − | Rather than spending large amounts of time and money on proving that we have security vulnerabilities after programs go into production, companies should go to the source and correct vulnerabilities as early as possible in the development stage. It is unquestionably faster, simpler, and cheaper for developers to correct vulnerabilities as they build programs.<br/>
| |
| − | But how can development management ensure that developers focus on security when there is no time or budget for security at the development stage? Even with the correct focus, how can they learn what to look for? How can they stay ahead of the dedicated and resourceful hacker?<br/>
| |
| − | The answer is effective processes and better tools. With advanced software security tools, a developer can pinpoint vulnerabilities in a matter of seconds — the same vulnerabilities that would take a hacker or manual code reviewer weeks or even months to find. These same tools can give development and information security managers useful metrics on application vulnerabilities before they are released into deployment.<br/>
| |
| − | This talk will walk through the Application Development Life-Cycle and discuss how tools can help come to grips with software security issues in a particular phase.<br/>
| |
| − | <br/>
| |
| − | About the presenter<br/>
| |
| − | Migchiel de Jong has developed hardware and software for 10 years before joining Rational Software. During the 5 years at Rational Software (later acquired by IBM) he was involved in many software development process improvement projects. Currently Migchiel de Jong is working at Fortify Software, Palo Alto, California, as a software security engineer.<br/>
| |
| − | <br/>
| |
| − | If you want to attend send an email to [email protected]. Please don' t wait, 9 march is not that long anymore!<br/> | |
| − | <br/>
| |
| − | All OWASP chapter meetings are free, there are never vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits.<br/>
| |
| − | | |
| − | == OWASP Netherlands kick-off meeting minutes ==
| |
| − |
| |
| − | On 17 November, OWASP Netherlands had it's first meeting. We moved to a bigger location, the Mercure hotel in Nieuwegein, to host all the 35 attendees.<br/>
| |
| − | <br/>
| |
| − | The agenda:<br/>
| |
| − | 18.00 - 18.30 Check-In (bread & drinks)<br/>
| |
| − | 18.30 - 18.45 Chapter opening<br/>
| |
| − | 18.45 - 19.30 Presentation - 'Top tien web applicatie kwetsbaarheden in J2EE', Eelco Klaver<br/>
| |
| − | 19.30 - 19.45 Presentation - 'Veilige webapplicaties boven alles', Mike Wardi<br/>
| |
| − | 19.45 - 20.00 Coffee break<br/>
| |
| − | 20.00 - 21.00 Discussion - About the OWASP Netherlands local chapter<br/>
| |
| − | <br/> | |
| − | The discussion took place in a 'round table' session, where all attendees were able to take part. The focus of the discussion was how to give the OWASP Netherlands local chapter additional value, next to the OWASP project. What the goals and tasks will be. And which actions will have to be taken at short term.<br/>
| |
| − | Different people have interest in different subjects. In general meetings there is no time to address all subjects and address them specific enough. Therefore subgroups can be formed, focusing on specific topics. They can have their own communication channel and meetings, but should keep close contact with the OWASP body.<br/>
| |
| − | <br/>
| |
| − | An inventarisation:<br/>
| |
| − | <br/>
| |
| − | Discussion Topics<br/>
| |
| − | - Awareness: writing articles, press publications, interviews<br/>
| |
| − | - Education: contact universities, schools and their common boards. Develop and gather education materials.<br/>
| |
| − | - General: discuss ideas for OWASP NL<br/>
| |
| − | <br/>
| |
| − | Focusgroup Topics<br/>
| |
| − | - (dutch) metrics project<br/>
| |
| − | - (dutch) legal project<br/>
| |
| − | - standard framework for pentest reports<br/>
| |
| − | - safe outsourcing<br/>
| |
| − | <br/>
| |
| − | Actions that should be taken on short term are:<br/>
| |
| − | - provide communication channels<br/>
| |
| − | - plan next (sub)meetings<br/>
| |
| − | - start discussions and focusgroups<br/>
| |
| − | <br/>
| |
| − | The presentations are available here:<br/>
| |
| − | <br/>
| |
| − | [[Media:OWASP_NL_Top_Ten_Web_Application_Vulnerabilities_in_J2EE.pdf]]<br/> | |
| − | [[Media:OWASP_NL_Veilige_Web_App_Boven_Alles.pdf]]<br/>
| |
| − | | |
| − | == You are welcome to the OWASP Netherlands local chapter kick-off meeting! ==
| |
| − | | |
| − | Thursday, November 17th (2005) at 18.00h.<br/>
| |
| − | <br/>
| |
| − | ATTENTION! Because of the large amount of attendees, the location has changed:<br/>
| |
| − | <br/>
| |
| − | Hotel Mercure Utrecht/Nieuwegein<br/>
| |
| − | Buizerdlaan 10<br/>
| |
| − | 3435 SB NIEUWEGEIN<br/>
| |
| − | Tel: 00 31 (0) 30 60 84 122<br/>
| |
| − | Fax: 00 31 (0) 30 60 38 374<br/>
| |
| − | <br/>
| |
| − | This first meeting will be an introduction to the OWASP. A constructive discussion will be held about the actual form of the OWASP Netherlands local chapter.<br/>
| |
| − | <br/>
| |
| − | The agenda:<br/>
| |
| − | 18.00 - 18.30 Check-In (bread & drinks)<br/>
| |
| − | 18.30 - 18.45 Chapter opening<br/>
| |
| − | 18.45 - 19.30 Presentation - 'Top tien web applicatie kwetsbaarheden in J2EE', Eelco Klaver<br/>
| |
| − | 19.30 - 19.45 Presentation - 'Veilige webapplicaties boven alles', Mike Wardi<br/>
| |
| − | 19.45 - 20.00 Coffee break<br/>
| |
| − | 20.00 - 21.00 Discussion - About the OWASP Netherlands local chapter<br/>
| |
| − | <br/>
| |
| − | About the presenters<br/>
| |
| − | <br/>
| |
| − | Eelco Klaver<br/>
| |
| − | Eelco Klaver is a senior consultant for Xebia IT Architects, since 2003. Doing software reviews, security audits and giving security workshops are part of his job. He has almost 10 years experience with developing enterprise applications in J2EE for different employees. At the moment, Eelco is the front man of the security business unit for Xebia, focussing on the security aspects of enterprise applications build on J2EE.<br/>
| |
| − | <br/>
| |
| − | Mike Wardi<br/>
| |
| − | Mike Wardi is an internet application manager for a financial institute. He's responsible for the safety of internet applications provided to customers and the implementation of the security policies in software developement.<br/>
| |
| − | <br/>
| |
| − | <br/>
| |
| − | If you want to attend, please send an email to [email protected] or the mailing list.<br/> | |
| − | <br/>
| |
| − | All OWASP chapter meetings are free! There are never vendor pitches or sales presentations at OWASP meetings.<br/>
| |
| − | <br/>
| |
| − | NOTE TO CISSP’s: OWASP Meetings count towards CPE Credits.<br/>
| |
| − | <br/>
| |
Welcome to the Netherlands chapter homepage.
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
