This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Belgium Events 2018

Revision as of 15:11, 22 January 2018 by LievenDesmet (talk | contribs) (Created page with "<noinclude> These are the 2018 events of the OWASP Belgium Chapter. Previous year: 2017. </noinclude> == 20 February 2018 Meeting == ===...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

These are the 2018 events of the OWASP Belgium Chapter.

Previous year: 2017.

20 February 2018 Meeting


Tuesday 20 February 2018


DistriNet Research Group (KU Leuven) (Both speakers are faculty of the Secure Application Development course held in Leuven from 2018-02-19 to 2018-02-23.)
Department of Computer Science (foyer at ground floor)
Celestijnenlaan 200 A
3001 Heverlee
(map, directions)


The agenda:

  • 18h15 - 19h00: Welcome & sandwiches
  • 19h00 - 19h10: OWASP Update
  • 19h10 - 20h00: Developers are not the enemy -- Usable Security for Experts (by Prof. Matthew Smith, University of Bonn)
Abstract: Usability problems are a major cause of many of today's IT-security incidents. Security systems are often too complicated, time-consuming, and error prone. For more than a decade researchers in the domain of usable security (USEC) have attempted to combat these problems by conducting interdisciplinary research focusing on the root causes of the problems and on the creation of usable security mechanisms. While major improvements have been made, to date USEC research has focused almost entirely on the non-expert end-user. However, many of the most catastrophic security incidents were not caused by end-users, but by developers or administrators. Heartbleed and Shellshock were both caused by single developers yet had global consequences. The Sony hack in 2014 compromised an entire multi-national IT-infrastructure and misappropriated over 100 TB of data, unnoticed. Fundamentally, every software vulnerability and misconfigured system is caused by developers or administrators making mistakes, but very little research has been done into the underlying causalities and possible mitigation strategies. In this talk we will explore the transition from end-user to expert usable security research and look at several application areas, including TLS, passwords, malware analysis and vulnerability analysis.
Bio: Matthew Smith is a Professor for Usable Security and Privacy at the University of Bonn. His research is focused on human factors of security and privacy mechanisms with a wide range of application areas, including TLS and network security, authentication, mobile and app security and, most recently, usable security for developers and administrators. His work has been published at amongst others IEEE S&P, ACM CCS, USENIX Security, NDSS, ACM SIGCHI and SOUPS the Symposium on Usable Security and Privacy. In 2015 his ERC Starting Grant "Frontiers of Usable Security" was selected for funding.
  • 20h00 - 20h10: Break
  • 20h10 - 21h00: The Code Behind The Vulnerability (by Barry Dorrans)
Abstract: Everyone makes security mistakes, and that includes Microsoft (seriously!). Many developers can spot and prevent vulnerabilities listed in the OWASP top 10. But that narrative changes when we look beyond the scope of the OWASP top 10. Compared to some more recent attacks, fixing XSS or SQL injection almost seems easy. In this session, we dive into a couple of .NET core cases that have been reported to the Microsoft Security Response Center (MSRC). Mind you; these vulnerabilities are not just framework vulnerabilities. Instead, they are coding patterns that you may have introduced in your applications. Examples are issues with hash tables, compression, encryption, regular expressions and more. In this session, you will learn how to spot these vulnerabilities in your code. On top of that, you will walk away with the skills to fix them.
Bio: Barry Dorrans is the .NET Security Czar, which means he tries to tell everyone else how to code securely and taking the credit when it goes right, as well as running the .NET Core Bug Bounty. He also ends up triaging publicly and privately reported vulnerabilities when it goes wrong before getting someone else to fix the mistakes. This he gets all the fun and none of the real work, aside from the endless stress wondering when the next vulnerability will be discovered.


Please register via EventBrite: