This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "EUTour2013 Netherlands Agenda"

From OWASP
Jump to: navigation, search
m (added eoin's abstract)
(Updated with link to presentations)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<noinclude>{{:EUTour2013 header}}</noinclude>
+
\<noinclude>{{:EUTour2013 header}}</noinclude>
  
 
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
 
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
Line 26: Line 26:
 
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
 
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5"
 
|-
 
|-
| align="center" style="background:#4B0082;" colspan="2" | <span style="color:#ffffff">  
+
| align="center" style="background:#4B0082;" colspan="3" | <span style="color:#ffffff">  
 
'''CONFERENCE (Thursday, June 20th)''' </span>
 
'''CONFERENCE (Thursday, June 20th)''' </span>
 
|-
 
|-
 
|-
 
|-
 
| style="width:20%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Date'''  
 
| style="width:20%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Date'''  
| style="width:80%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Venue'''
+
| style="width:50%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''Venue'''
 +
| style="width:30%" valign="middle"  bgcolor="#CCCCEE" align="center" colspan="0" | '''PR material'''
 
|-
 
|-
 
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday, June 20th '''
 
| valign="middle" bgcolor="#EEEEEE" align="center" | ''' Thursday, June 20th '''
| valign="middle" bgcolor="#EEEEEE" align="left" | '''Hogeschool van Amstedam<br>
+
| valign="middle" bgcolor="#EEEEEE" align="center" | '''Hogeschool van Amstedam<br>
 
Venue Address: Duivendrechtsekade 36-38, 1096 AH Amsterdam
 
Venue Address: Duivendrechtsekade 36-38, 1096 AH Amsterdam
 
'''<br>
 
'''<br>
 
Venue Map: [http://goo.gl/78sfU Google Maps]  
 
Venue Map: [http://goo.gl/78sfU Google Maps]  
 +
| valign="middle" bgcolor="#EEEEEE" align="center" | [[Media:OWASP Netherlands Chapter Meeting 2013-06-20.pdf | Flyer (pdf A4 format)]]<br> [[Media:OWASP Netherlands Chapter Meeting 2013-06-20_poster.pdf | Poster(pdf A3 format)]]
 
|-
 
|-
| align="center" style="background:#CCCCEE;" colspan="2" | '''Price and registration'''
+
| align="center" style="background:#CCCCEE;" colspan="3" | '''Price and registration'''
 
|-
 
|-
| align="center" style="background:#EEEEEE;" colspan="2" | This event is '''FREE''' <br>
+
| align="center" style="background:#EEEEEE;" colspan="3" | This event is '''FREE''' <br>
 
  '''Registration Link to the Europe Tour''': '''[http://owaspdutchchaptermeeting20062013.eventbrite.nl/# Click here]'''<br>
 
  '''Registration Link to the Europe Tour''': '''[http://owaspdutchchaptermeeting20062013.eventbrite.nl/# Click here]'''<br>
 
<br>
 
<br>
Line 51: Line 53:
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" |  '''Time'''  
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" |  '''Time'''  
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''
+
| style="width:20%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Title'''
| style="width:25%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''
+
| style="width:35%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Speaker'''
| style="width:40%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
+
| style="width:35%" valign="middle" height="30" bgcolor="#CCCCEE" align="center" colspan="0" | '''Description'''
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 05:45 PM<br>(30 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 05:45 PM<br>(30 mins)
| style="width:90%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Registration - Sandwiches and drinks provided
+
| style="width:90%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Registration - Sandwiches and drinks provided
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 06:15 PM<br>(15 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 06:15 PM<br>(15 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Opening
+
| style="width:20%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Opening
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:Ferdinand_Vroom |Ferdinand Vroom]] & [[User:Knoblochmartin |Martin Knobloch]]
+
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:Ferdinand_Vroom |Ferdinand Vroom]] & [[User:Knoblochmartin |Martin Knobloch]]
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Welcome and OWASP News
+
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Welcome and OWASP News
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 6:30 PM<br>(45 mins)  
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 6:30 PM<br>(45 mins)  
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |  The OWASP Zed Attack Proxy (ZAP)   
+
| style="width:20%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" |  The OWASP Zed Attack Proxy (ZAP)   
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:Simon_Bennetts |Simon Bennetts]] has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them.
+
:[[Media:OWASP_2013_EU_TOUR.pdf | Download the presentation as PDF]]
 +
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:Simon_Bennetts |Simon Bennetts]] has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them.
 
He now works for Mozilla as part of their security team, is the OWASP ZAP project lead and has contributed to many other open source security projects.
 
He now works for Mozilla as part of their security team, is the OWASP ZAP project lead and has contributed to many other open source security projects.
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
+
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
 
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
 
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
 
It is also community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.
 
It is also community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 07:15 PM<br>(15 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 07:15 PM<br>(15 mins)
| style="width:90%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Break
+
| style="width:90%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Break
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 07:30 PM <br>(45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 07:30 PM <br>(45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead  
+
| style="width:20%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead  
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:EoinKeary |Eoin Keary]], CTO and founder of BCC Risk Advisory Ltd.
+
:[[Media:OWASP_EU_-_Tour_2103-abridged-Ned.pdf | Download the presentation as PDF]]
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein<br>
+
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:EoinKeary |Eoin Keary]], CTO and founder of BCC Risk Advisory Ltd.
 +
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein<br>
 
We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex?<br>
 
We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex?<br>
 
Why are we still happy with “Testing security out” rather than the more superior “building security in”?
 
Why are we still happy with “Testing security out” rather than the more superior “building security in”?
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 08:15 PM <br> (45 mins)
 
| style="width:10%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | 08:15 PM <br> (45 mins)
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure Coding, some simple steps help
+
| style="width:20%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure Coding, some simple steps help
| style="width:25%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:Steven_van_der_Baan |Steven van der Baan]] is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions. He can also design a solution that fits the wishes of the client. Steven is determined, steadfast and critical, likes to work in teams, but is capable to work on his own. He is always willing to share his knowledge and help his colleagues. Steven follows the latest developments in the security field to keep his knowledge up to date.  
+
:[[Media:OWASP_EU_Tour_2013_-_Secure_Coding.pdf | Download the presentation as PDF]]
| style="width:40%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure coding is often perceived as difficult and complex.
+
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | [[User:Steven_van_der_Baan |Steven van der Baan]] is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions. He can also design a solution that fits the wishes of the client. Steven is determined, steadfast and critical, likes to work in teams, but is capable to work on his own. He is always willing to share his knowledge and help his colleagues. Steven follows the latest developments in the security field to keep his knowledge up to date.  
 +
| style="width:35%" valign="middle" height="30" bgcolor="#EEEEEE" align="center" colspan="0" | Secure coding is often perceived as difficult and complex.
 
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.  
 
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.  
 
|-
 
|-
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 PM to 09:30 PM
 
| style="width:10%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | 09:00 PM to 09:30 PM
| style="width:90%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="0" | Netwroking
+
| style="width:90%" valign="middle" height="30" bgcolor="#CCEEEE" align="center" colspan="3" | Networking
 
|}
 
|}

Latest revision as of 11:03, 21 June 2013

\

Eu tour1.png

OWASP EUROPE TOUR 2013

Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List

CONFERENCE

OWASP Europe Tour - The Netherlands 2013

'Thursday, June 20th (Conference)

DESCRIPTION
OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
OWASP MEMBERSHIP
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here


CONFERENCE (Thursday, June 20th)

Date Venue PR material
Thursday, June 20th Hogeschool van Amstedam

Venue Address: Duivendrechtsekade 36-38, 1096 AH Amsterdam
Venue Map: Google Maps

Flyer (pdf A4 format)
Poster(pdf A3 format)
Price and registration
This event is FREE
Registration Link to the Europe Tour: Click here



Conference Details
Time Title Speaker Description
05:45 PM
(30 mins)
Registration - Sandwiches and drinks provided
06:15 PM
(15 mins)
Opening Ferdinand Vroom & Martin Knobloch Welcome and OWASP News
6:30 PM
(45 mins)
The OWASP Zed Attack Proxy (ZAP)
Download the presentation as PDF
Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them.

He now works for Mozilla as part of their security team, is the OWASP ZAP project lead and has contributed to many other open source security projects.

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. It is also community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.

07:15 PM
(15 mins)
Break
07:30 PM
(45 mins)
Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead
Download the presentation as PDF
Eoin Keary, CTO and founder of BCC Risk Advisory Ltd. "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein

We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex?
Why are we still happy with “Testing security out” rather than the more superior “building security in”?

08:15 PM
(45 mins)
Secure Coding, some simple steps help
Download the presentation as PDF
Steven van der Baan is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions. He can also design a solution that fits the wishes of the client. Steven is determined, steadfast and critical, likes to work in teams, but is capable to work on his own. He is always willing to share his knowledge and help his colleagues. Steven follows the latest developments in the security field to keep his knowledge up to date. Secure coding is often perceived as difficult and complex.

While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.

09:00 PM to 09:30 PM Networking