This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

EUTour2013 Netherlands Agenda

Revision as of 12:58, 18 June 2013 by Knoblochmartin (talk | contribs) (style issues solved (table alignment))

Jump to: navigation, search


Eu tour1.png


Tour Home Page
Tour Scheadule
Tour Organizers Resources
Mailing List


OWASP Europe Tour - The Netherlands 2013

'Thursday, June 20th (Conference)

OWASP Europe TOUR, is an event across the European region that promotes awareness about application security, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
  • Apart from OWASP's Top 10, most OWASP Projects are not widely used and understood. In most cases this is not due to lack of quality and usefulness of those Document & Tool projects, but due to a lack of understanding of where they fit in an Enterprise's security ecosystem or in the Web Application Development Life-cycle.
  • This event aims to change that by providing a selection of mature and enterprise ready projects together with practical examples of how to use them.
During the OWASP Europe Tour you could become a member and support our mission.

Become an OWASP member by clicking here

CONFERENCE (Thursday, June 20th)

Date Venue PR material
Thursday, June 20th Hogeschool van Amstedam

Venue Address: Duivendrechtsekade 36-38, 1096 AH Amsterdam
Venue Map: Google Maps

Flyer (pdf A4 format)
Poster(pdf A3 format)
Price and registration
This event is FREE
Registration Link to the Europe Tour: Click here

Conference Details
Time Title Speaker Description
05:45 PM
(30 mins)
Registration - Sandwiches and drinks provided
06:15 PM
(15 mins)
Opening Ferdinand Vroom & Martin Knobloch Welcome and OWASP News
6:30 PM
(45 mins)
The OWASP Zed Attack Proxy (ZAP) Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them.

He now works for Mozilla as part of their security team, is the OWASP ZAP project lead and has contributed to many other open source security projects.

The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox. It is also community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.

07:15 PM
(15 mins)
07:30 PM
(45 mins)
Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead Eoin Keary, CTO and founder of BCC Risk Advisory Ltd. "Insanity is doing the same thing over and over and expecting different results." - Albert Einstein

We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex?
Why are we still happy with “Testing security out” rather than the more superior “building security in”?

08:15 PM
(45 mins)
Secure Coding, some simple steps help Steven van der Baan is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions. He can also design a solution that fits the wishes of the client. Steven is determined, steadfast and critical, likes to work in teams, but is capable to work on his own. He is always willing to share his knowledge and help his colleagues. Steven follows the latest developments in the security field to keep his knowledge up to date. Secure coding is often perceived as difficult and complex.

While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.

09:00 PM to 09:30 PM Networking