This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Belgium"
From OWASP
LievenDesmet (talk | contribs) (→WHERE) |
|||
| Line 3: | Line 3: | ||
== Local News == | == Local News == | ||
| − | We are | + | We are preparing for the EU 08 AppSec conference in Brussels. Stay tuned! |
| + | |||
| + | The presentations of the chapter meeting of March with Ken Van Wyck and Bart De Win are online now. We also scheduled the first Luxembourg chapter meeting to April 21st in Luxembourg. See the program below! | ||
| − | |||
== Chapter Board == | == Chapter Board == | ||
| − | The BeLux Chapter is | + | The BeLux Chapter is supported by the following board: |
* Erwin Geirnaert, Zion Security | * Erwin Geirnaert, Zion Security | ||
* Philippe Bogaerts, NetAppSec | * Philippe Bogaerts, NetAppSec | ||
| Line 29: | Line 30: | ||
[http://www.radware.com http://www.owasp.org/images/8/82/Rad_logo.gif] | [http://www.radware.com http://www.owasp.org/images/8/82/Rad_logo.gif] | ||
| − | + | == OWASP on Infosecurity.be 2008 == | |
| − | == | ||
===WHEN=== | ===WHEN=== | ||
| − | + | Thursday, March 20th, 2008 (15h00pm-16h00pm) in Room 2 of the Seminar Program | |
| − | === | + | ===TOPIC: Web hacks of 2007 and how to protect your web applications in 2008 with OWASP === |
| − | + | The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. | |
| − | + | First an overview of the major web hacks of 2007 will be given, including XSS Vulnerabilities in Common Shockwave Flash Files, Universal XSS in Adobe’s Acrobat Reader Plugin , Firefoxurl URI Handler Flaw, Anti-DNS Pinning ( DNS Rebinding ), Port Scan without JavaScript, … | |
| − | |||
| − | + | Then some important OWASP projects are described, covering the OWASP Guide, the OWASP Top Ten, OWASP WebGoat, OWASP CLASP, OWASP WebScarab, OWASP Testing and OWASP Code Review. Using and improving these OWASP solution will aid organisations to prevent 2008 from being as bad as 2007. | |
| − | + | === REGISTRATION === | |
| − | + | Please use the following registration link for you free entrance to Infosecurity.be: [https://www.databadge.net/isbe2008/reg/?link=53d7a0b8f4c0b77c3a5f https://www.databadge.net/isbe2008/reg/?link=53d7a0b8f4c0b77c3a5f] | |
| − | === | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | : | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== First Luxembourg Chapter Meeting (April 21st) in Luxembourg! == | == First Luxembourg Chapter Meeting (April 21st) in Luxembourg! == | ||
| Line 96: | Line 75: | ||
=== REGISTRATION === | === REGISTRATION === | ||
Please '''send a mail''' to luxembourg 'at' owasp.org if you plan to attend, so we can size the venue appropriately and keep you updated on last-minute changes. | Please '''send a mail''' to luxembourg 'at' owasp.org if you plan to attend, so we can size the venue appropriately and keep you updated on last-minute changes. | ||
| + | |||
| + | == Last Chapter Meeting (4-Mar-2008) in Leuven == | ||
| + | |||
| + | ===WHEN=== | ||
| + | Tuesday, March 4th, 2008 (18pm-21pm) | ||
| + | |||
| + | ===WHERE=== | ||
| + | |||
| + | [http://distrinet.cs.kuleuven.be/ Distrinet Research Group, Katholieke Universiteit Leuven] sponsored the venue | ||
| + | |||
| + | Location: Department of Computer Science (auditorium 00.225) | ||
| + | Celestijnenlaan 200 A, 3001 Heverlee | ||
| + | |||
| + | ===PROGRAM=== | ||
| + | The agenda: | ||
| + | |||
| + | * 18h00 - 18h30: Welcome, Refreshments and drinks<BR> | ||
| + | * 18h30 - 18h45: Sebastien Deleersnyder, OWASP BeLux<BR> | ||
| + | '''[http://www.owasp.org/images/f/f9/OWASP_BeLux_2008-03-04_OWASP_Update.ppt OWASP Update]'''<BR> | ||
| + | * 18h45 - 19h00: Kenneth Van Wyck, , KRvW Associates<BR> | ||
| + | :'''[http://www.owasp.org/images/e/ee/Ken_Van_Wyck_Secure_SDLCs_compared.pdf CAcert.org and Thawte]'''<BR> | ||
| + | :If you're using either of these free x.509 certificate services, and are still trying to get the 50 assurance points necessary to have your real name on your certificates, stop by with two forms of government-issued ID (and photocopies, if using Thawte -- not necessary for CAcert). Ken will be happy to help out with either/both 10 Thawte points or 35 CAcert points. No charge, of course. | ||
| + | :If you also are a Thawte or CAcert.org notary, you can help by adding your points to Ken's and thereby allowing other attendees to obtain all the assurance points needed in one swift swoop. | ||
| + | * 19h00 - 20h00: Ken Van Wyk, KRvW Associates<BR> | ||
| + | :'''Development life cycle issues''' | ||
| + | :Several secure software development processes have been published in the past few years. These include Microsoft's Secure Development Lifecycle, Cigital's "Touchpoints", and OWASP's own CLASP project. Which one is right for your organization, or would your needs be best served by taking the best of each and coming up with "your own" process? In this talk, we'll compare and contrast each of these approaches and talk about the practical aspects of putting them to maximum use, including pitfalls to avoid. | ||
| + | :'''Ken Van Wyk''' Ken van Wyk, has over 20 years of professional experience in IT Security and has worked at Carnegie Mellon University's CERT®, the U.S. Department of Defense, SAIC and Para-Protect. Co-author of two popular O'Reilly books, [http://www.amazon.com/gp/product/0596001304/qid=1133642048/sr=1-2/ref=sr_1_2?s=books%26v=glance%26n=283155 Incident Response: Planning & Management] and [http://www.amazon.com/gp/product/0596001304/qid=1133642048/sr=1-2/ref=sr_1_2?s=books%26v=glance%26n=283155 Secure Coding: Principles and Practices], Ken also writes a monthly column for IT Security on-line news portal, [http://www.esecurityplanet.com/ eSecurityPlanet]. He is one of the founders of the Carnegie Mellon CERT/CC, and a much sought after lecturer on security technology. He is a partner at [http://krvw.com/ KRvW Associates]. | ||
| + | * 20h00 - 20h15: break | ||
| + | * 20h15 - 21h15: Bart De Win, DistriNet, K.U.Leuven<BR> | ||
| + | :'''[http://www.owasp.org/images/a/a2/BArt_De_Win_ProcessImprovements_final.pdf Structural improvements for SDLs]'''<BR> | ||
| + | :Based on an extensive study and comparison of a number of secure software development processes (the results of which have been presented during the Belgium OWASP day last year), we have identified a number of structural improvements for these processes. In this talk, I will present these improvements from a general perspective, give hints on how they could be addressed and I will elaborate on some of them (e.g., the integration of security principles in a process) in more detail with results of ongoing research. | ||
| + | :'''Bart De Win''' Bart De Win is a postdoctoral researcher in the DistriNet research group at the Department of Computer Science, Katholieke Universiteit Leuven. His research focuses on secure software engineering, including software development processes, aspect-oriented software development and model-driven security. Bart has served on the organizing and program committees of several international secure software engineering workshops. | ||
| + | |||
== Past Events == | == Past Events == | ||
Revision as of 19:13, 9 March 2008
OWASP Belgium-Luxemburg
Welcome to the Belgium-Luxemburg chapter homepage. The chapter leader is Sebastien Deleersnyder
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
Local News
We are preparing for the EU 08 AppSec conference in Brussels. Stay tuned!
The presentations of the chapter meeting of March with Ken Van Wyck and Bart De Win are online now. We also scheduled the first Luxembourg chapter meeting to April 21st in Luxembourg. See the program below!
Chapter Board
The BeLux Chapter is supported by the following board:
- Erwin Geirnaert, Zion Security
- Philippe Bogaerts, NetAppSec
- André Mariën, Inno.com
- Lieven Desmet, K.U.Leuven
- Joël Quinet, Telindus
- Sebastien Deleersnyder, Telindus
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.
Structural Sponsors 2008
OWASP BeLux would like to thank the following organizations for sponsoring this chapter. If you are interested in sponsoring the BeLux chapter please contact seba 'at' deleersnyder.eu .
Special Luxembourg sponsor:
OWASP on Infosecurity.be 2008
WHEN
Thursday, March 20th, 2008 (15h00pm-16h00pm) in Room 2 of the Seminar Program
TOPIC: Web hacks of 2007 and how to protect your web applications in 2008 with OWASP
The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks.
First an overview of the major web hacks of 2007 will be given, including XSS Vulnerabilities in Common Shockwave Flash Files, Universal XSS in Adobe’s Acrobat Reader Plugin , Firefoxurl URI Handler Flaw, Anti-DNS Pinning ( DNS Rebinding ), Port Scan without JavaScript, …
Then some important OWASP projects are described, covering the OWASP Guide, the OWASP Top Ten, OWASP WebGoat, OWASP CLASP, OWASP WebScarab, OWASP Testing and OWASP Code Review. Using and improving these OWASP solution will aid organisations to prevent 2008 from being as bad as 2007.
REGISTRATION
Please use the following registration link for you free entrance to Infosecurity.be: https://www.databadge.net/isbe2008/reg/?link=53d7a0b8f4c0b77c3a5f
First Luxembourg Chapter Meeting (April 21st) in Luxembourg!
WHEN
Tuesday, date April 21st, 2008 (16h30pm-19h30pm) - To be confirmed
WHERE
tbd sponsors the venue and catering.
Location: tbd - Luxembourg.
https://www.owasp.org/index.php/Image:OWASP_Lux_2007_11_27_Location.pdf
PROGRAM
The agenda looks as follows:
- 18h00 - 18h30: Welcome & Sandwiches
- 18h30 - 19h00: OWASP Introduction (by Sebastien Deleersnyder, OWASP BeLux)
- 19h00 - 20h00: How to break Web Applications (by Philippe Bogaerts, NetAppSec)
- Presentation + discussion:Web applications are riddled with vulnerabilities. Philippe will provide an overview of the most common web application security problems and how to exploit them.
- Philippe Bogaerts is an independent consultant specialized in network and application security testing, web application and XML firewalls.
- 20h00 - 20h15: break
- 20h15 - 21h15: How to secure Web Applications (the OWASP Way): (by Sebastien Deleersnyder, Telindus)
- Presentation + discussion: There is no silver bullet when it comes to securing web applications. This problem has to be addressed from different angles, covering the involved actors, processes (development as well as deployment) and Technologies.
- Sebastien Deleersnyder is responsible for the Telindus Application Security solutions. Sebastien has 5 years of development and 7 years of information security experience and is now specialized in application security. He started the Belgian OWASP Chapter and performed several public presentations on Web Application and Web Services Security.
REGISTRATION
Please send a mail to luxembourg 'at' owasp.org if you plan to attend, so we can size the venue appropriately and keep you updated on last-minute changes.
Last Chapter Meeting (4-Mar-2008) in Leuven
WHEN
Tuesday, March 4th, 2008 (18pm-21pm)
WHERE
Distrinet Research Group, Katholieke Universiteit Leuven sponsored the venue
Location: Department of Computer Science (auditorium 00.225) Celestijnenlaan 200 A, 3001 Heverlee
PROGRAM
The agenda:
- 18h00 - 18h30: Welcome, Refreshments and drinks
- 18h30 - 18h45: Sebastien Deleersnyder, OWASP BeLux
- 18h45 - 19h00: Kenneth Van Wyck, , KRvW Associates
- CAcert.org and Thawte
- If you're using either of these free x.509 certificate services, and are still trying to get the 50 assurance points necessary to have your real name on your certificates, stop by with two forms of government-issued ID (and photocopies, if using Thawte -- not necessary for CAcert). Ken will be happy to help out with either/both 10 Thawte points or 35 CAcert points. No charge, of course.
- If you also are a Thawte or CAcert.org notary, you can help by adding your points to Ken's and thereby allowing other attendees to obtain all the assurance points needed in one swift swoop.
- 19h00 - 20h00: Ken Van Wyk, KRvW Associates
- Development life cycle issues
- Several secure software development processes have been published in the past few years. These include Microsoft's Secure Development Lifecycle, Cigital's "Touchpoints", and OWASP's own CLASP project. Which one is right for your organization, or would your needs be best served by taking the best of each and coming up with "your own" process? In this talk, we'll compare and contrast each of these approaches and talk about the practical aspects of putting them to maximum use, including pitfalls to avoid.
- Ken Van Wyk Ken van Wyk, has over 20 years of professional experience in IT Security and has worked at Carnegie Mellon University's CERT®, the U.S. Department of Defense, SAIC and Para-Protect. Co-author of two popular O'Reilly books, Incident Response: Planning & Management and Secure Coding: Principles and Practices, Ken also writes a monthly column for IT Security on-line news portal, eSecurityPlanet. He is one of the founders of the Carnegie Mellon CERT/CC, and a much sought after lecturer on security technology. He is a partner at KRvW Associates.
- 20h00 - 20h15: break
- 20h15 - 21h15: Bart De Win, DistriNet, K.U.Leuven
- Structural improvements for SDLs
- Based on an extensive study and comparison of a number of secure software development processes (the results of which have been presented during the Belgium OWASP day last year), we have identified a number of structural improvements for these processes. In this talk, I will present these improvements from a general perspective, give hints on how they could be addressed and I will elaborate on some of them (e.g., the integration of security principles in a process) in more detail with results of ongoing research.
- Bart De Win Bart De Win is a postdoctoral researcher in the DistriNet research group at the Department of Computer Science, Katholieke Universiteit Leuven. His research focuses on secure software engineering, including software development processes, aspect-oriented software development and model-driven security. Bart has served on the organizing and program committees of several international secure software engineering workshops.
