BeNeLux OWASP Day 2011

Welcome

Venue is the University of Luxembourg (Grand Duchy of Luxembourg)

Training and conference location, together with hotel information, can be found here.

Training and first list of conference speakers are announced!

See here and here

Tweet!

Event tag is #owaspbnl11

Registrations are open:

Training, December 1st

OWASP Training: Secure Application Development, by Eoin Keary

Abstract: Writing Secure code is the most effective method to securing your web applications. Writing secure code takes skill and know-how but results in a more stable and robust application and assists in protecting an organisations brand. Application security is not commonly a part of many computer science curricula today and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training efforts. This intensive one-day course focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The course will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

This course includes coverage of the following areas:

• Unvalidated Input
• Injection Flaws, OS commanding, SQL Injection
• Cross-Site Scriping & Client-side security
• CSRF/XSRF
• Authentication & Session Management
• Access control & Authorisation
• Broken Caching
• Error Handling & Resource Management
• The Secure SDLC
• Fuzzing, Proxy use and testing approach

Hands on Exercises

To cement the principles discussed, students can participate in a number of hands-on security testing exercises where they attack a live web application (i.e., OWASP Bank etc) that has been seeded with common web application vulnerabilities.

The students will use proxy tools commonly used by the hacker community to complete the exercises. Students need to bring their own windows based laptop to participate in the exercises. Wireless capability is recommended.

Audience

Developers who want to understand the most common web application security flaws, and how to avoid them and code in a secure manner.

Level: Beginner/Intermediate

Prerequisite: Basic knowledge of a web programming language like Java or .NET recommended but not required.

Bringing your own windows based laptop is recommended so you can participate in the hands on exercises

Trainer Bio:

Eoin Keary is a Global OWASP board member since 2009. He is a long time member of OWASP and have contributed year on year to OWASP projects and the OWASP mission of fighting the causes of software insecurity. He is based in Dublin, Ireland and director of Bccriskadvisory.

Conference, December 2nd

We are pleased to announce a first list of confirmed speakers:

• Brenno De Winter (Journalist) on the Diginotar story
• Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
• Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
• Lieven Desmet (Research Manager at University Leuven) on HTML5 security
• Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
• Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
• Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
• Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update

Stay tuned for the final agenda!

HTML5 security (by Lieven Desmet, Research Manager at Katholieke Universiteit Leuven)

In this talk, Lieven will highlight the results of the HTML5 security analysis, conducted by the DistriNet Research Group (K.U.Leuven). The security analysis of next generation web standards, commissioned by ENISA, looked into 13 emerging W3C web standards (i.e. the specification of HTML 5 and some of the associated APIs), and assessed the security of each of them as well as the overall security and consistency across specifications.

In total 51 security threats and issues have been identified, and detailed in the ENISA report (http://www.enisa.europa.eu/html5). During the talk, Lieven will discuss the methodology developed to assess the huge amount of specifications, and zoom into a representative set of identified threats and their remediation.

Lieven Desmet, Research Manager at Katholieke Universiteit Leuven

Lieven Desmet is the Research Manager on Secure Software at the Katholieke Universiteit Leuven (Belgium), where he coaches junior researchers in web application security and participates in dissemination and valorization activities. His interests are in software verification and security of middleware and web-enabled technologies. Lieven is actively engaged in OWASP and is board member of the OWASP Chapter Belgium.

Program

CTF

TBD

Registration

The training day and the conference are free! 

To support the OWASP organisation, consider to become a member, it's only US$50!
Check out the Membership page to find out more.

Venue

University of Luxembourg
Campus Kirchberg
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
http://wwwen.uni.lu/contact/campus_kirchberg
Room: Paul Feidert

Hotels nearby:

The first hotel is at 5 minutes on walk distance from the campus Kirchberg: Hotel d’Coque

• single room with breakfast 77.50 €
• double room with breakfast 93.00 €.
• Booking email address with Ref. OWASP_SNT 2011 to : [email protected]
• Reservation deadline: 20 October 2011

Second hotel (direct center of Luxembourg) 5/10 minutes with taxi or bus: Hotel Parc Bellevue

• single room with breakfast 95.00 € (normal price 160 €)
• double room with breakfast 115.00 € (normal price 180€)
• wifi and parking included
• Booking email address: [email protected]
• Reservation deadline : 30 November
• Reservation form: download form

Third hotel (near the Parc Bellevue): Hotel Plaza

• single room with breakfast 130.00 € (normal price 225 €)
• double room with breakfast 150.00 € (normal price 245€)
• wifi and parking included
• Booking email address: [email protected].
• Reservation deadline: 30 November
• Reservation form: download form

Fourth hotel: Hotel Mélia

• single room with breakfast 140.00 €
• Booking email address: [email protected]
• Reservation deadline: 28 October 2011
• Reservation form: download form

Organisation

The BeNeLux Day 2011 Program Committee:

• Martin Knobloch / Ferdinand Vroom (OWASP Netherlands)
• Bart De Win / Sebastien Deleersnyder (OWASP Belgium)
• Jocelyn Aubert / Andre Adelsbach (OWASP Luxembourg)
• Steven van der Baan (Capture The Flag)

Local organization:

• Thomas Engel
• Radu State
• Magali Martin
• Aurel Machalek

Sponsorship

Contact seba <at> owasp.org for sponsorship

<paypal>BeNeLux OWASP Day 2011</paypal>

Social Event

The social event is scheduled for Thursday, 1st of December @ TBD

Promotion

Feel free to use the text below to promote our event!

We invite you to our next OWASP event: the BeNeLux OWASP Days 2011!

Free your agenda on the 1st and 2nd of December, 2011.

The good news: free! No fee!

The bad news: there are only 160 seats available (first register, first serve)!

PROGRAM Day 1

• 10:00 AM - 18:00 PM: OWASP Training Day
• 19:00 PM - ?: Social event

OWASP Training: Secure Application Development, by Eoin Keary
This intensive one-day training focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The training will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code.

PROGRAM Day 2

• 10:00 AM - 18:00 PM: OWASP Conference

List of confirmed speakers (more to be announced soon):

• Brenno De Winter (Journalist) on the Diginotar story
• Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
• Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
• Lieven Desmet (Research Manager at University Leuven) on HTML5 security
• Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
• Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
• Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
• Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update

ORGANIZATION
OWASP's all-volunteer participants produce free, professional quality, open-source documentation, tools, and standards on application security. An example of this is the famous OWASP top ten of most critical web application security flaws. The OWASP community facilitates conferences, local chapters, articles, and message forums. Participation in OWASP is free and open to all, as are all the materials we produce.

WHO should attend?
Anyone interested in Web Application Security (management, security professionals, developers, students, etc). OWASP Belgium, Netherlands and Luxembourg chapters membership is free. All meetings are free. There are never vendor pitches or sales presentations at OWASP meetings.
Check our chapter page http://www.owasp.org/index.php/Belgium on meeting details, sign up to the chapter mailing list and introduce yourself.
Check our chapter page http://www.owasp.org/index.php/Netherlands on meeting details, sign up to the chapter mailing list and introduce yourself.
Check our chapter page http://www.owasp.org/index.php/Luxembourg on meeting details, sign up to the chapter mailing list and introduce yourself.

WHEN
Thursday and Friday, 1st and 2nd of December, 2011 (10 AM - 7 PM)

WHERE
University of Luxembourg
Campus Kirchberg
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
http://wwwen.uni.lu/contact/campus_kirchberg
Room: Paul Feidert

Attention: make sure to book your hotel in time, it will be difficult to find rooms in Luxembourg around Dec 1-2!
Hotel details https://www.owasp.org/index.php?title=BeNeLux_OWASP_Day_2011#tab=Venue

REGISTRATION
Only 160 places, please Register upfront: http://owaspbenelux2011.eventbrite.com !
All latest details are available on http://www.owaspbenelux.eu
Hope to see you all!

The BeNeLux Program Committee,

• Martin Knobloch / Ferdinand Vroom, OWASP Netherlands
• Bart De Win / Sebastien Deleersnyder, OWASP Belgium
• Jocelyn Aubert / Andre Adelsbach, OWASP Luxembourg
• Steven van der Baan, OWASP CTF Project

Made possible by our sponsors:

      

TBD

Supported by: