This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP BeNeLux-Days 2018
Confirmed Conference Speakers
- David Scrobonia
- Niels Tanis
- Jeroen Willemsen
- Bjorn Kimlich
- Ralph Moonen
Confirmed Trainers
- Andrew Martin
- David Scrobonia
OWASP BeNeLux conference is free, but registration is required!
The OWASP BeNeLux Program Committee
- Bart De Win / Sebastien Deleersnyder/ Lieven Desmet/ David Mathy, OWASP Belgium
- Martin Knobloch / Joren Poll, OWASP Netherlands
- Jocelyn Aubert, OWASP Luxembourg
Tweet!
Event tag is #owaspbnl18
Donate to OWASP BeNeLux
OWASP BeNeLux conference is free, but registration is required!
OWASP BeNeLux training is reserved for OWASP members, and registration is required!
To support the OWASP organisation, we ask training attendees to consider becoming an OWASP member, it's only US$50! Check out the Membership page to find out more.
To support the OWASP organisation, consider to become a member, it's only US$50! Check out the Membership page to find out more.
Address
Venue:
Congres- en Erfgoedcentrum Lamot Van Beethovenstraat 8-10 2800 Mechelen Belgium
Parking:
Find your parking on Google Maps
How to reach the venue?
Public transport
You can reach the Mechelen's train station from Antwerpen or Brussels. The Lamot conference center is 10 min away by bus (line 1).
Or you can choose to walk for 15 min (1.2 km).
By car
From Brussels:
Follow the E19 Brussels / Antwerpen and take the exit 10.
Follow the N1 until the R12 (take a left) and turn to the right at the "Brusselpoort" into the Hoogstraat to reach one of the parkings.
From Antwerpen:
Follow the E19 Brussels / Antwerpen and take the exit 9.
Follow the N16 until the R12 (take a right) and turn to the left at the "Brusselpoort" into the Hoogstraat to reach one of the parkings.
Hotels Nearby
Training Day is November 29th
Trainings
Kubernetes security by Andrew Martin
Abstract
Course Description
The course guides attendees through Linux container security in general, and progresses to advanced Kubernetes cluster security. It emphasises pragmatic threat modelling and risk assessment based on an understanding of the tools and primitives available, rather than dogmatic dos and don’ts.
Course Outline
- How to attack containerised workloads
- Enhanced container security
- How to attack Kubernetes
- Interactive production cluster hacking
- Hardening Kubernetes
- Locking down applications
- Security tooling and vendor landscape
Who Should Attend
This course is suitable for intermediate to advanced Kubernetes users who want to strengthen their security understanding. It is particularly beneficial for those operating Kubernetes in a high-compliance domain, or for established security professionals looking to update their skills for the cloud native world.
Bio
Andrew has a strong test-first engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and maintenance, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened experience delivering containerised solutions to enterprise clients. He is a co-founder at https://control-plane.io
Conference Day is November 30th
Talks
OWASP Zap by David Scrobonia
Abstract
Intoducing security testing tools to a QA or developers workflow can be difficult when the tools aren't easy or intuitive to use. Even for security professionals, the friction of cumbersome security tooling can prevent them from getting the most from a tool or being effective with their time.
The OWASP ZAP team is working to help enable developers, QA, and hackers alike with the ZAP Heads Up Display, a more user friendly way to engage with the security testing tool. The Heads Up Displays integrates ZAP directly in the browser providing all of the funcitonality of the tool via a heads up display. The goal is to make ZAP more accessible and enabling users, especially developers, to integrate security in their daily workflows.
This talk will discuss the importance of usable tools, design tradeoffs made to improve usability, the various browser technologies powering the HUD, and how you can start hacking with a heads up display.
Bio
David Scrobonia is a part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and is a core team member of the OWASP ZAP project.
When Serverless Met Security… Serverless Security & Functions-as-a-Service (FaaS) by Niels Tanis
Abstract
Serverless is a design pattern for writing scalable applications in which Functions as a Service (FaaS) is one of the key building blocks. Every mayor Cloud Provider has got his own FaaS available. On Microsoft Azure there is Azure Functions, AWS has got Lambda and Cloud Functions can be used on the Google Cloud. All of these have a lot of similarities in the way they allow developers to create small event driven services.
From security perspective there are a lot of benefits when moving to a serverless architecture. There is no need to manage any of the machines and the underlying infrastructure. Dealing with updates, patches and infrastructure is the responsibility of the platform provider. FaaS are short lived processes which will be instantiated and destroyed in a matter of milliseconds making it more resilient to denial-of-services (DoS) and also makes it harder to attack and compromise.
But will all of this be sufficient to be ’secure’ or should we be worried about more? With serverless there is still a piece of software that will be developed, build, deployed and executed. It will also introduce a more complex architecture with corresponding attack surface which also makes it hard to monitor. What about the software supply chain and delivery pipeline? There still will be a need to patch your software for vulnerabilities in code and used 3rd party libraries. In this talk we will identify the security area’s we do need to focus on when developing serverless and define possible solutions for dealing with those problems.
Bio
Niels Tanis has got a background in .NET development, pentesting and security consultancy. He also holds the CSSLP certification and has been involved in breaking, defending and building secure applications. He joined Veracode in 2015 and right now he works as a security researcher on a variant of languages and technologies related to Veracode’s Binary Static Analysis service. He is married, father of 2 and lives in a small village just outside Amersfoort, The Netherlands.
The Social Event is on Thursday, November 29th
If you want to join the social event, don't forget to register for it via the registration:
The social event details will be published very soon! Stay tuned.
Become a sponsor of OWASP BeNeLux!
There are 3 combined sponsorship packages (Gold, Silver or Bronze) that cover the BeNeLux chapter meetings 2019 and the BeNeLux OWASP Days 2018.
Download our sponsor brochure and contact us for questions or sponsorship confirmation!
Your sponsorship will be invested directly in the chapter meetings, supporting speaker and catering expenses.
The sponsorship will also be dedicated to cover the costs of the OWASP 2018 BeNeLux event.
Made possible by our Sponsors
Gold
Silver