Difference between revisions of "BeNeLux OWASP Day 2010"

Revision as of 15:45, 11 November 2010

Welcome

Confirmed Speakers:

Eoin Keary (OWASP Board, E&Y)
Sebastien Deleersnyder (OWASP Board, SAIT Zenitel)
Radu State (University of Luxembourg)
N Nikiforakis (Katholieke Universiteit Leuven)
Marco Balduzzi (Eurecom)
Walter Belgers (Madison Gurkha)
...

Download the conference flyer here.
All the presentations will be available for download in the agenda tab.

Training, December 1st

{{Template:<img _fck_mw_includeonly="true" _fckrealelement="5" _fckfakelement="true" src="" class="FCK__MWIncludeonly"><img _fck_mw_noinclude="true" _fckrealelement="4" _fckfakelement="true" src="" class="FCK__MWNoinclude"> | Course_designation = OWASP Projects and Resources you can use TODAY!

| Course_Overview_Goal =

Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.

This course aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.

If you are interested in participating in the hands on portion of the course, please bring a laptop.

| Date = December 1, 2010 | Venue = Fontys Hogescholen, Den Dolech 2, Traverse 3.43, Eindhoven, The Netherlands

How to get here:

| Price = Free | Course_Registration_url = http://www.owasp.org/index.php/BeNeLux_OWASP_Day_2010#tab=Registration | Course_Registration_name = Register Now | Modules =

}}

Conference, December 2nd

Location - December 1st, 2010

from - to

Registration

from - to

Agenda:

Welcome and OWASP Update (by Eoin Keary, OWASP Board, E&Y and Seba Deleersnyder, OWASP Board, SAIT Zenitel)
Combined Web and VoIP attacks (by Radu State, University of Luxembourg)
Privacy of file sharing service (by N Nikiforakis, Katholieke Universiteit Leuven)
Clickjacking: an empirical study with an automated testing/detection system (by Marco Balduzzi, Eurecom)

Clickjacking recently received new media attentions: Thousands of Facebook users have fallen victims of a worm that uses clickjacking techniques to propagate.

In a clickjacking attack, a malicious page is constructed (or a benign page is hijacked) to trick the user into performing unintended clicks that are advantageous for the attacker, such as propagating a web worm, stealing confidential information or abusing of the user session.

However it is currently unclear to what extent clickjacking is being used by attackers in the wild and how significant the attack is for the security of Internet users.

In this talk, we presents a solution we designed for studying the prevalence of clickjacking on the Internet and for detecting possible malicious pages in an automated fashion. We deployed our system over 10 distinct virtual machines to test more then a million unique web-pages in two months. From the analysis of our experimental results we discuss the clickjacking phenomenon and its future implications.

Attacking is easy, defending is hard (by Walter Belgers, Madison Gurkha)

An attacker has an easy job. They need only find one security hole, and they've broken the system. The system, application and network administrators :have a much harder task. They have to find not just one, but each and every one of the holes. Preferably before the bad guys do.

And, these holes can be at several different layers. In the presentation, we will look at those layers (system level, application level, but also user :level) and observe what goes wrong and how to fix it. The observations come from the daily work at Madison Gurkha.

Examples of problems are lack of patches, problems during the development phase, susceptibility to social engineering attacks and more.

..

Registration

The training day and the conference are free!

[[Image:|Buttoncreate.png]]

To support the OWASP organisation, consider to become a member, it's only US$50!
Check out the Membership page to find out more.

Venue

Eindhoven, The Netherlands (Den Dolech 2, Traverse 3.43)

Hotels nearby:

maps.google.nl/maps

Organisation

The BeNeLux Day 2010 Program Committee:

Martin Knobloch / Ferdinand Vroom(OWASP Netherlands)
Bart De Win / Sebastien Deleersnyder (OWASP Belgium)
Jocelyn Aubert / Andre Adelsbach (OWASP Luxembourg)

Sponsorship

Contact netherlands <at> owasp.org for sponsorship

<paypal>BeNeLux OWASP Day 2010</paypal>

Social Event

There will be a social conference evening at the eve of the first day, December 1st
Details to be posted soon!

Made possible by our sponsors:

[[Image:|50px-F5_50px.jpg]] [[Image:|Zionsecurity.jpg]] [[Image:|Rad_logo.gif]] [[Image:|SAIT_Zenitel.jpg]]

Supported by:

@@ Line 1: / Line 1: @@
 __NOTOC__
-<center>[[File:OWASP BeNeLux 2010.png]]<br></center>
+<center>[[Image:OWASP BeNeLux 2010.png]]<br></center>
 <br> <!-- Header -->
@@ Line 7: / Line 7: @@
 <br>
 <center>
-===Confirmed Speakers:===
+=== Confirmed Speakers: ===
 Eoin Keary (OWASP Board, E&amp;Y)<br> Sebastien Deleersnyder (OWASP Board, SAIT Zenitel)<br> Radu State (University of Luxembourg)<br> N Nikiforakis (Katholieke Universiteit Leuven)<br> Marco Balduzzi (Eurecom)<br> Walter Belgers (Madison Gurkha) <br> ...
@@ Line 18: / Line 19: @@
 ==== Training, December 1st  ====
-{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Training</noinclude>
+{{Template:<img _fck_mw_includeonly="true" _fckrealelement="5" _fckfakelement="true" src="http://www.owasp.org/extensions/FCKeditor/fckeditor/editor/images/spacer.gif" class="FCK__MWIncludeonly"><img _fck_mw_noinclude="true" _fckrealelement="4" _fckfakelement="true" src="http://www.owasp.org/extensions/FCKeditor/fckeditor/editor/images/spacer.gif" class="FCK__MWNoinclude">
 | Course_designation = OWASP Projects and Resources you can use TODAY!
@@ Line 106: / Line 107: @@
 }}
+<br>
 ==== Conference, December 2nd  ====
@@ Line 116: / Line 118: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | from - to
-| align="left" style="background: none repeat scroll 0% 0% rgb(194, 194, 194); width: 75%; -moz-background-inline-policy: continuous;" colspan="2" | Registration
+| align="left" colspan="2" style="background: none repeat scroll 0% 0% rgb(194, 194, 194); width: 75%; -moz-background-inline-policy: continuous;" | Registration
 |-
 | style="background: none repeat scroll 0% 0% rgb(123, 138, 189); width: 15%; -moz-background-inline-policy: continuous;" | from - to
-| align="left" style="background: none repeat scroll 0% 0% rgb(242, 242, 242); width: 75%; -moz-background-inline-policy: continuous;" colspan="2" |
+| align="left" colspan="2" style="background: none repeat scroll 0% 0% rgb(242, 242, 242); width: 75%; -moz-background-inline-policy: continuous;" |
+Agenda:
-Agenda:
 *'''Welcome and OWASP Update''' (by Eoin Keary, OWASP Board, E&amp;Y and Seba Deleersnyder, OWASP Board, SAIT Zenitel)
 *'''Combined Web and VoIP attacks''' (by Radu State, University of Luxembourg)
 *'''Privacy of file sharing service''' (by N Nikiforakis, Katholieke Universiteit Leuven)
 *'''Clickjacking: an empirical study with an automated testing/detection system''' (by Marco Balduzzi, Eurecom)
-:Clickjacking recently received new media attentions: Thousands of Facebook users have fallen victims of a worm that uses clickjacking techniques to propagate.
-:In a clickjacking attack, a malicious page is constructed (or a benign page is hijacked) to trick the user into performing unintended clicks that are advantageous for the attacker, such as propagating a web worm, stealing confidential information or abusing of the user session.
+:Clickjacking recently received new media attentions: Thousands of Facebook users have fallen victims of a worm that uses clickjacking techniques to propagate.
-:However it is currently unclear to what extent clickjacking is being used by attackers in the wild and how significant the attack is for the security of Internet users.
+:In a clickjacking attack, a malicious page is constructed (or a benign page is hijacked) to trick the user into performing unintended clicks that are advantageous for the attacker, such as propagating a web worm, stealing confidential information or abusing of the user session.
+:However it is currently unclear to what extent clickjacking is being used by attackers in the wild and how significant the attack is for the security of Internet users.
 :In this talk, we presents a solution we designed for studying the prevalence of clickjacking on the Internet and for detecting possible malicious pages in an automated fashion. We deployed our system over 10 distinct virtual machines to test more then a million unique web-pages in two months. From the analysis of our experimental results we discuss the clickjacking phenomenon and its future implications.
-*'''tbd''' (by Walter Belgers, Madison Gurkha)
-..
+*'''Attacking is easy, defending is hard''' (by Walter Belgers, Madison Gurkha)
+:An attacker has an easy job. They need only find one security hole, and they've broken the system. The system, application and network administrators :have a much harder task. They have to find not just one, but each and every one of the holes. Preferably before the bad guys do.
+:And, these holes can be at several different layers. In the presentation, we will look at those layers (system level, application level, but also user :level) and observe what goes wrong and how to fix it. The observations come from the daily work at Madison Gurkha.
+:Examples of problems are lack of patches, problems during the development phase, susceptibility to social engineering attacks and more.
+..
 |}
+<br>
 ==== Registration  ====
 <center>
 '''The training day and the conference are free!'''&nbsp;
 <br>
-[http://owaspbenelux.eventbrite.com?ref=ebtn http://www.owasp.org/images/7/77/Buttoncreate.png]
+[http://owaspbenelux.eventbrite.com?ref=ebtn [[Image:|Buttoncreate.png]]]
 <br> To support the OWASP organisation, consider to become a member, it's only US$50!<br> Check out the [[Membership]] page to find out more.<br>
@@ Line 174: / Line 182: @@
 There will be a social conference evening at the eve of the first day, December 1st<br> Details to be posted soon! <br> <headertabs />
 <center>Made possible by our [http://www.owasp.org/index.php/BeNeLux_OWASP_Day_2010#tab=Sponsorship sponsors]:<br>
-{{MemberLinks|link=http://www.ascure.com|logo=Ascure_Logo.jpg}}
+{{MemberLinks|link=http://www.ascure.com|logo=Ascure_Logo.jpg}} [http://www.f5.com [[Image:|50px-F5_50px.jpg]]] [http://www.zionsecurity.com [[Image:|Zionsecurity.jpg]]] [http://www.radware.com [[Image:|Rad_logo.gif]]] [http://www.zenitelbelgium.com [[Image:|SAIT_Zenitel.jpg]]] [[Image:Logo Sogeti.jpg|200px]] <br><br> Supported by:<br> [[Image:Bnl10 Fontys.jpg|200px]]
-[http://www.f5.com http://www.owasp.org/images/7/7e/50px-F5_50px.jpg]
-[http://www.zionsecurity.com http://www.owasp.org/images/e/e6/Zionsecurity.jpg]
-[http://www.radware.com http://www.owasp.org/images/8/82/Rad_logo.gif]
-[http://www.zenitelbelgium.com http://www.owasp.org/images/d/df/SAIT_Zenitel.jpg]
-[[Image:Logo Sogeti.jpg|200px]]
-<br><br> Supported by:<br>
-[[File:Bnl10 Fontys.jpg|200px]]
 <br>
 </center>
 [[Category:OWASP_AppSec_Conference]] [[Category:OWASP_BeNeLux_Archives]]

Difference between revisions of "BeNeLux OWASP Day 2010"

Revision as of 15:45, 11 November 2010

Welcome

Confirmed Speakers:

Training, December 1st

Conference, December 2nd

Registration

Venue

Organisation

Sponsorship

Social Event

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools