This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Netherlands
OWASP Netherlands
Welcome to the Netherlands chapter homepage. The chapter leader is Bert Koelewijn
<paypal>Netherlands</paypal>
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? 
OWASP NL Chapter Meetings Schedule 2010
This is an overview of the 2010 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.
March 11th ---------- Time : 18.00 - 21.30 Main Topic : Database Security Presentations: Details will be posted shortly Location : Sponsor : May 20th ---------- Time : 18.00 - 21.30 Main Topic : Web Application Firewalls Presentations: Location : Sponsor : September 23rd ---------- Time : 18.00 - 21.30 Main Topic : TBD Presentations: TBD Location : TBD Sponsor : TBD November 18th ---------- Time : 18.00 - 21.30 Main Topic : TBD Presentations: TBD Location : TBD Sponsor : TBD
Call for Speakers
We are continuously looking for speakers and presentations make the chapter meetings as interesting as possible. Therefore we are looking inside and outside OWASP for known international specialists. But we know, there is a lot interesting stuf happening inside the Netherlands, too!
Presentations: Are you working on interesting subject, you would like to share your experiences with the OWASP community. Any topic related to application security will be appreciated!
VAC, Vulnerability, Attack, Countermeasure: The goal is an half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!
Links:
Sponsorship of a local chapter meeting
We are continuously looking for locations to hold local chapter meetings. Therefore, we need companies willing to sponsor of host events.
Hosting a local chapter meeting: To host a local chapter meeting, you facilitate the meeting location and beverage for the attendees
Sponsorship of a local chapter meeting: You cover the cost of renting the location for the meeting and the payment of the beverages for the attendees
Please let us know via the OWASP chapter meeting questionnaire of via email to [email protected]
OWASP NL Cafe
NEW: Monthly informal platform to speak about (Web) application security matters! No registration required, just drop by!
- no programm
- no agenda
- whatever comes up!
Next OWASP Cafe:
Open and free event, just drop in and discuse what's on your mind about application security!
When: TBD Where: TBD
The flyer: 
Registration
If you want to attend, please send an email to: [email protected]
All OWASP chapter meetings are free of charge and you don't have to be an OWASP member to attend. There are never any vendor pitches or sales presentations at OWASP meetings.
NOTE TO CISSP's: OWASP Meetings count towards CPE Credits.
OWASP NL Mini-Meetings
NEW: Platform to discus on specific issues related to (Web) Application Security. The topic's are brought in by the OWASP NL community!
Something on your mind to discus, put your idea online at: Mini Meetings Netherlands_Mini_Meeting_2009 To attend the meeting, send an email to the contact's email address!
Next Mini-Meeting:
Topic : SAMM, ASVS and other methodologies Contact : Martin Knobloch, [email protected] ---------- Date : November 19th 2009 Time : 18:00 (dinner provided) to 21:30 Location : Sogeti Nederland B.V. Plotterweg 31-33 3821 BB Amersfoort Details : About ideas and experiences of using, implementing and verifying the different methodologies Attendees : Max 12 persons, currently 3, 9available
Meeting Minutes
Meeting minutes September 24th 2009
At September 24th 2009, the Dutch OWASP chapter met in Eindhoven. The sponsor of the evening was Madison Gurkha. The subject of the evening was Unautorized Access. There were 4 speakers and 21 attendees.
After a short welcome talk by Ferdinand Vroom from OWASP, Madison Gurkha gave a small introduction to the company. Madison Gurkha is a small firm that focuses on the prevention, identification, and prevention of technical IT security problems throughout organizations. As such their scope reaches beyond that of web application testing up to the level of physical security. In practice they often see the OWASP top 10 vulnerabilities and use OWASP tools in their assessments, hence their interest in the OWASP.
First presentation: Unauthorized Access by Wil Allsopp.
Wil Allsopp performs Physical Penetration Tests at Madison Gurkha and recently wrote a book about the subject: Unauthorised Access: Physical Penetration Testing For IT Security Teams [1].
Physical Security is all hacking your way into physical locations, like buildings, by using a combination of reconnaissance, social engineering, and technical skills. Like all forms of testing these assessments can only be successful when performed in a structured manner. The first phase is the preparation phase in which the target is studied and a team with a balance of several expertises is selected. Obviously the legal consequences and risks for bodily harm can be more severe in conducting a physical security test. Therefore a careful preparation also includes covering these risks and defining solid boundary conditions.
In the second phase the actual test is done meaning that the team will try to enter a facility according to a well prepared plan. Since physical security deals with real people and other unpredictable circumstances, this phase heavily relies on social engineering skills and being creative. Test can be conducted in three modes of operation: overt (use the system as much as possible), covert (minimize contact), and unseen (apply stealth). The last phase is off course the reporting phase.
Wil clearly showed in his presentation that testing for physical security introduces whole new dimensions of interaction to take into account, but is in fact no different in approach than other forms of testing.
Second presentation: Mini Meetings Results by Barry van Kampen en Dave van Stein.
As mentioned in the meeting minutes of May 28th 2009 [2] the Dutch OWASP chapter decided to schedule mini-meetings. These meetings will facilitate an open discussion about a single topic of interest. Although only 1 of the 3 planned meetings actually took place, the results of this meeting were above expectations. The topic of this mini-meeting was "Quick-scans and other time-boxed test approaches". The conclusions were that these time-boxed test approaches are capable of quickly uncovering fundamental problems even while the scope is limited. Plans are to have a second meeting and maybe even start an OWASP project on the topic.
Since mini-meets are planned for and by the community, everybody is invited to check the mini-meet Wiki [3] and propose topics, dates or locations.
Third presentation: OWASP Education Project by Martin Knobloch.
The awareness that application security is essential in the development and deployment of every web application is increasing, but it is often still applied as an end-of-pipe solution. The OWASP Education Project [4] tries to remediate this problem by delivering education material about OWASP tooling, methodologies, and principles. The project continuously creates educational & documentation papers, screen scrape video courses and learning environments and courses. By providing these materials to the community the OWASP body of knowledge can be spread in a controlled manner and deliver high quality training, both inside and outside of the OWASP community.
To improve the quality and progress of this project, contributors are needed on all areas. Therefore everybody is encouraged to take a look at the project Wiki and invited to help make the (virtual) world a better and safer place!
Scheduled OWASP NL Chapter Meetings:
Meeting Schedule December 2nd 2009: BeNeLux OWASP Day 2009
Follow this link for more information: BeNeLux OWASP Day 2009
Meeting Schedule March 11th 2010: Database Security
Summary: Details will be online shortly
