This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Netherlands"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
=== Call for Speakers ===
 
=== Call for Speakers ===
 
We are continuously looking for speakers and presentations make the chapter meetings as interesting as possible. Therefore we are looking inside and outside OWASP for known international specialists. But we know, there is a lot interesting stuf happening inside the Netherlands, too!  <br/>
 
We are continuously looking for speakers and presentations make the chapter meetings as interesting as possible. Therefore we are looking inside and outside OWASP for known international specialists. But we know, there is a lot interesting stuf happening inside the Netherlands, too!  <br/>
'''Presentations:'''<br/>
+
'''Presentations:''' Are you working on interesting subject, you would like to share your experiences with the OWASP community. Any topic related to application security will be appreciated!<br/>
Are you working on interesting subject, you would like to share your experiences with the OWASP community.
+
'''VAC, Vulnerability, Attack, Countermeasure:''' The goal is an half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!<br/>
Any topic related to application security will be appreciated!<br/>
 
'''VAC, Vulnerability, Attack, Countermeasure:'''<br/>
 
The goal is an half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!<br/>
 
  
 
=== Sponsorship of a local chapter meeting ===
 
=== Sponsorship of a local chapter meeting ===
 
We are continuously looking for locations to hold local chapter meetings. Therefore, we need companies willing to sponsor of host events.<br>
 
We are continuously looking for locations to hold local chapter meetings. Therefore, we need companies willing to sponsor of host events.<br>
'''Hosting a local chapter meeting:'''<br>
+
'''Hosting a local chapter meeting:''' To host a local chapter meeting, you facilitate the meeting location and beverage for the attendees<br>
To host a local chapter meeting, you facilitate the meeting location and beverage for the attendees<br>
+
'''Sponsorship of a local chapter meeting:''' You cover the cost of renting the location for the meeting and the payment of the beverages for the attendees<br>
'''Sponsorship of a local chapter meeting:'''<br>
+
'''Please let us know via the OWASP chapter meeting questionnaire of via email to [email protected]<br>'''
You cover the cost of renting the location for the meeting and the payment of the beverages for the attendees<br>
+
 
 +
== <font color="red">'''NEW'''</font> '''OWASP NL Cafe''' <font color="red">'''NEW'''</font>==
 +
Monthly informal platform to speak about (Web) application security matters! No registration required, just drop by!
 +
* no programm
 +
* no agenda
 +
* whatever comes up!
 +
 
 +
Next (1st) OWASP Cafe, Thursday June 4th, from 7 pm, drop in whenever you can!
 +
As this is the first try, beverages, BBQ and some meat etc are on me (as long as stocks last)! Voluntary contributions  welcome (food/beverages, no money)!
 +
<pre>
 +
Where:
 +
  Prof. Dr. Ornsteinlaan 14
 +
  3431 EP Nieuwegein
 +
Public transport from Utrecht Centraal:
 +
    Bus 74, bus stop "Zorgcentrum Zuilenstein"  Nieuwegein (2 min walk)
 +
    Streetcar / Tram stop: "Batau Noord" Nieuwegein (8 min walk)
 +
</pre>
 +
Google map:
 +
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=prof.+dr.+ornsteinlaan+14,+3431+EP+Nieuwegein&sll=37.0625,-95.677068&sspn=42.901912,58.095703&ie=UTF8&z=16
  
'''Please let us know via the OWASP chapter meeting questionnaire of via email to martin.[email protected]<br>'''
+
== <font color="red">'''NEW'''</font> '''OWASP NL Mini-Meetings''' <font color="red">'''NEW'''</font>==
 +
Platform to discus on specific issues related to (Web) Application Security. The topic's are brought in by the OWASP NL community!<br>
 +
Something on your mind to discus, put your idea online at: Mini Meetings [[Netherlands_Mini_Meeting_2009|Netherlands_Mini_Meeting_2009]]
  
== Meeting schedule 2009 ==
+
== '''Meeting schedule 2009''' ==
 
This is an overview of the 2009 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.
 
This is an overview of the 2009 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.
 
<pre>
 
<pre>

Revision as of 09:54, 29 May 2009

OWASP Netherlands

Welcome to the Netherlands chapter homepage. The chapter leader is Bert Koelewijn <paypal>Netherlands</paypal>


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Call for Speakers

We are continuously looking for speakers and presentations make the chapter meetings as interesting as possible. Therefore we are looking inside and outside OWASP for known international specialists. But we know, there is a lot interesting stuf happening inside the Netherlands, too!
Presentations: Are you working on interesting subject, you would like to share your experiences with the OWASP community. Any topic related to application security will be appreciated!
VAC, Vulnerability, Attack, Countermeasure: The goal is an half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!

Sponsorship of a local chapter meeting

We are continuously looking for locations to hold local chapter meetings. Therefore, we need companies willing to sponsor of host events.
Hosting a local chapter meeting: To host a local chapter meeting, you facilitate the meeting location and beverage for the attendees
Sponsorship of a local chapter meeting: You cover the cost of renting the location for the meeting and the payment of the beverages for the attendees
Please let us know via the OWASP chapter meeting questionnaire of via email to [email protected]

NEW OWASP NL Cafe NEW

Monthly informal platform to speak about (Web) application security matters! No registration required, just drop by!

  • no programm
  • no agenda
  • whatever comes up!

Next (1st) OWASP Cafe, Thursday June 4th, from 7 pm, drop in whenever you can! As this is the first try, beverages, BBQ and some meat etc are on me (as long as stocks last)! Voluntary contributions welcome (food/beverages, no money)!

Where:
   Prof. Dr. Ornsteinlaan 14
   3431 EP Nieuwegein
Public transport from Utrecht Centraal:
    Bus 74, bus stop "Zorgcentrum Zuilenstein"  Nieuwegein (2 min walk)
    Streetcar / Tram stop: "Batau Noord" Nieuwegein (8 min walk)

Google map: http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=prof.+dr.+ornsteinlaan+14,+3431+EP+Nieuwegein&sll=37.0625,-95.677068&sspn=42.901912,58.095703&ie=UTF8&z=16

NEW OWASP NL Mini-Meetings NEW

Platform to discus on specific issues related to (Web) Application Security. The topic's are brought in by the OWASP NL community!
Something on your mind to discus, put your idea online at: Mini Meetings Netherlands_Mini_Meeting_2009

Meeting schedule 2009

This is an overview of the 2009 local chapter meeting schedule. Details of the meetings can be found in the announcements that will be posted below this schedule.

April 9th
----------
Time         : 18.00 - 21.30
Main Topic   : Knowing Your Enemy
Presentations: Modern information gathering; how to abuse search engines         Dave van Stein
               VAC Cross-site scripting                                          Martin Visser 
               Beveiligingsaspecten van webapplicatie-ontwikkeling               Wouter van Kuipers 
Location     : Lange Dreef 17
               4131 NJ Vianen
Sponsor      : Sogeti Nederland B.V.

May 28th
----------
Time         : 18.00 - 21.30
Main Topic   : AppSec Europe 2009
Presentations: AppSec-EU 2009                                                    Sebastien Deleersnyder, Telindus 
               VAC Cross-Site Request Forgery                                    Niels Teusink
               Open session / discussion about subjects brought forward by 
               the attendees                                                     Martin Knobloch/Ferdinand Vroom/Peter Gouwentak
Location     : ASR Nederland
               MD0.60 - Auditorium
               Smallepad 30
               3811MG Amersfoort
Sponsor      : ASR Nederland

September 24th
----------
Time         : 17.30 - 21.30
Main Topic   : 
Presentations: 
Location     : 
Sponsor      : 

December 10th
----------
Time         : 17.30 - 21.30
Main Topic   : 
Presentations: 
Location     : 
Sponsor      : 


Registration
If you want to attend, please send an email to: [email protected]

All OWASP chapter meetings are free of charge and you don't have to be an OWASP member to attend. There are never any vendor pitches or sales presentations at OWASP meetings.

NOTE TO CISSP's: OWASP Meetings count towards CPE Credits.


Meeting Schedule May 28th 2009: AppSec Europe 2009

Summary The main goal of the upcoming OWASP-NL meeting is to provide an abstract of the recently held AppSec Europe 2009, a VAC about CSRF and, new, an open discussion on application security subjects brought forward by the attendees.

ASR Nederland

MD0.60 - Auditorium
Smallepad 30
3811MG Amersfoort

ASR Nederland logo.jpg



18.30 - 18.45 Introduction (OWASP organization, projects, sponsor)

18.45 - 19.45 AppSec-EU 2009 (Sebastien Deleersnyder, Telindus)
Update on the AppSec-EU 2009:
OWASP State of the union, an update on OWASP and OWASP projects and of course the highlights of the AppSec-EU 2009 presentations.

19.45 - 20.00 Break

20.00 - 20.30 VAC Cross-Site Request Forgery (Niels Teusink, Fox-IT)
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application.

Niels Teusink holds a bachelor degree in Computer Science and has been experimenting with IT security for over a decade. He has worked for Fox-IT since 2005; first as a software engineer and since 2007 as a penetration tester. He has since performed dozens of penetration tests for all sorts of companies, including governments, banks and nuclear installations.

20.30 - 21.15 Open session / discussion (Martin Knobloch/Ferdinand Vroom/Peter Gouwentak)
Open session / discussion about subjects brought forward by the attendees.

The Announcement of this meeting: Media:Announcement OWASP-NL May 28th 2009.pdf
The flyer of this meeting: Media:owasp_NL_may2009.pdf

Meeting Schedule 9th April Knowing Your Enemy

Summary The main goal of the upcoming OWASP-NL meeting is to provide information to managers, architects, designers, developers and security and risk professionals. The speakers will give specific examples and there will be time to ask questions.

Lange Dreef 17
4131 NJ Vianen

http:\\www.sogeti.nl

About Sogeti Nederland B.V. Sogeti Nederland B.V. is one of top-5 IT companies of the Netherlands. Our workforce of over 3,500 employees provides top quality IT consultancy and services to leading companies in several industry sectors in the Netherlands. Our focus is local, but we are part of Sogeti Worldwide, offering IT services in the American, German, French, Belgian, UK, Swedish, Swiss and Spanish markets.

Our core business is the design, construction, deployment, testing and maintenance of IT solutions. We stand for quality and IT skills; this is visible in our service and in the methods developed by us such as DYA®, Regatta®, TMap®, TPI® , Inframe®, and TEmb.

Vision Sogeti delivers value by aligning the results of her services to the strategic goals of the client, thereby committing herself to the success of the client. We prove our commitment by assuming responsibility in various forms and to various degrees.

New trends Our own research institute ViNT (Institute for Research into New Technology) keeps us and our clients ahead of the newest technology trends and their potential influence, benefits and risks.
More information about Sogeti can be found on our website www.sogeti.nl.

18.30 - 18.45 Introduction (OWASP organization, projects, sponsor)
18.45 - 19.30 Modern information gathering; how to abuse search engines Dave van Stein (Media:20090409_passsive_reconnaissance-Dave_van_Stein.pdf)
Great generals already know the key to success is "knowing your enemy". In hacking terms this is called information gathering, fingerprinting or reconnaissance. Traditionally this phase consisted of using public records like WHOIS and DNS combined with active scans on servers. With the rise of advanced search engines like Yahoo, Live Search and Google a whole new type of reconnaissance has come to life; passive reconnaissance. Often servers are not properly configured which causes lots of valuable information to become available without accessing the server at all. Recently several hacker-tools appeared which use the full capabilities of these search engines giving hackers a head-start at mapping the network they plan to attack. The goal of this session is to give insight in the methods and tools hackers have at their disposal to gather information about systems they plan to attack without accessing the system itself. Dave van Stein has close to 8 years of experience in software testing. Since the beginning of 2008 he's working for ps_testware as a web application security testing specialist.

19.30 - 20.00 VAC Cross-site scripting Martin Visser (Media:20090409_VAC_Cross-site-scripting_Martin_Visser.pdf)
Martin Visser is a software designer with Sogeti Nederland B.V. specialized in secure application development with Microsoft technologies. He has experience with Microsoft server technologies like ASP.NET, SharePoint and Biztalk. Martin also developed and teaches a 2-day "Application Security - Microsoft development" course both within and outside Sogeti.

20.00 - 20.15 Break
20.15 - 21.00 Beveiligingsaspecten van webapplicatie-ontwikkeling Wouter van Kuipers (Media:20090409_presentatie_Wouter_van_Kuipers.pdf)
Het ontwikkelen van webapplicaties verschilt op verschillende aspecten met het ontwikkelen van desktop applicaties, met name op het gebied van security. Voor grote bedrijven zijn er oplossingen beschikbaar als bijvoorbeeld SDL, maar voor het midden- en kleinbedrijf zijn dit soort oplossingen beperkt, omdat zij vaak niet de middelen hebben om dergelijke strategieën uit te kunnen voeren. Voor zijn scriptie heeft Wouter van Kuipers middels een literatuuronderzoek, interviews met ontwikkelaars en een onderzoek naar Fortify 360 gekeken hoe het midden- en kleinbedrijf omgaat met deze verschillen en hoe zij het ontwikkelproces kunnen optimaliseren op het gebied van security.

Na een MBO opleiding in de IT is Wouter van Kuipers via de HBO opleiding 'Communicatie Systemen' begin 2007 begonnen met een master Informatiekunde aan de Radboud Universiteit Nijmegen, welke hij in maart dit jaar hoopt af te ronden. Tijdens zijn MBO studie is zijn interesse in het ontwikkelen van webapplicaties gewekt, wat in 2003 resulteerde in het opzetten van een eigen web-development bedrijf. Dit bedrijf is met name gespecialiseerd in het ontwikkelen van webapplicaties op maat, en het ondersteunen van bedrijven op het gebied van web-developement op freelance basis.

The flyer of this meeting: Media:owasp_NL_april2009.pdf

Past Events

  • Events held in 2008
  • Events held in 2007
  • Events held in 2006
  • Events held in 2005