This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Netherlands
OWASP Netherlands
Welcome to the Netherlands chapter homepage.
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Local News
Mark your Calendar for our next Chapter Meeting!
The next Chapter meeting is scheduled for November 14th in Rotterdam!
We are glad to announce David Rook twitter @securityninja as guest speaker from Ireland! More details to come!
So mark your calendar at November 14th for our upcomming Chapter meeting!
OWASP College Chapters
Interested in starting you own college chapter?
Have a look at: http://www.owasp.org/index.php/OWASP_College_Chapters_Program
OWASP BeNeLux Day 2011
Mark your calendar for the 2011 edition: 1st and 2nd of December 2011 in Luxemburg.
<paypal>Netherlands</paypal>
Chapter Meetings
Chapter Meeting July 6th 2011
Date & Time: July 6th, 2011 - 19:00
Location: VU University Amsterdam, De Boelelaan 1081, 1081 HV Amsterdam
Speakers:
Nick Nikiforakis
Nick Nikiforakis is a PhD student at the Katholieke Universiteit Leuven, in Belgium.
He belongs in the DistriNet research group and specifically in the “Security & Languages” task-force.
His current research interests include low-level security for unsafe languages and web application security
Nick holds a BSc in Computer Science and a MSc on Distributed Systems from the University of Crete in Greece.
He worked for 3 years as a research assistant in the Distributed Computing Systems group at the Foundation of Research and Technology in Crete where he did research in network data visualization, authentication schemes using mobile devices and phishing countermeasures.
In the past, Nick has presented his work in academic conferences as well as hacking conventions.
His work can be found online at www.securitee.org
Abstract: The increasing popularity of the World Wide Web has made more and more individuals and companies to identify the need of acquiring a Web presence. The most common way of acquiring such a presence is through Web hosting companies and the most popular hosting solution is shared Web hosting.
In this talk we investigate the workings of shared Web hosting and we point out the potential lack of session isolation between domains hosted on the same physical server. We present two novel server-side attacks against session storage which target the logic of a Web application instead of specific logged-in users. Due to the lack of isolation, an attacker with a domain under his control can force arbitrary sessions to co-located Web applications as well as inspect and edit the contents of their existing active sessions. Using these techniques, an attacker can circumvent authentication mechanisms, elevate his privileges, steal private information and conduct attacks that would be otherwise impossible. Finally, we test the applicability of our attacks against common open-source software and evaluate their effectiveness in the presence of generic server-side countermeasures.
Marco Balduzzi
Marco Balduzzi holds an MSc. in computer engineering and has been involved in IT-Security for more then 8 years with international experiences in both industrial and academic fields.
He worked as security consultant and engineer for different companies in Milan, Munich and Sophia-Antipolis, in south France, before joining EURECOM and the International Secure Systems Lab as Ph.D. researcher.
He attended well-known and high-profile conferences all over (Blackhat, OWASP AppSec, NDSS) and currently speak five different languages.
Being a Free Software sympathizer, in the year 2K, he cofounded the Bergamo Linux User Group and the University Laboratory of Applied Computing.
In former times, he was an active member of several open-source projects and Italian hacking groups
Abstract: The (in)security of File Hosting Services
File hosting services (FHSs) are used daily by thousands of people as
a way of storing and sharing files. These services normally rely on a
security-through-obscurity approach to enforce access control: for
each uploaded file, the user is given a secret URI that she can share
with other users of her choice.
This talk presents a study of 100 file hosting services and shows that
a significant percentage of them generate secret URIs in a predictable
fashion, allowing attackers to enumerate their services and access
their file list. An attacker can access hundreds of thousands of files
in a short period of time, and this poses a very big risk for the
privacy of FHS users. Indeed, using a novel approach, we show that
attackers are aware of these vulnerabilities and are already
exploiting them to get access to other users' files.
The talk concludes by presenting SecureFS, a client-side protection
mechanism which can protect a user's files when uploaded to insecure
FHSs, even if the files end up in the possession of attackers.
Past Events
- Events held in 2011
- Events held in 2010
- Events held in 2009
- Events held in 2008
- Events held in 2007
- Events held in 2006
- Events held in 2005
Call for Speakers
We are continuously looking for speakers.
Presentations: Are you working on an interesting subject, would you like to share your experience with the OWASP community and do you have presentation skills. Please let us know! Any topic related to web application security will be appreciated!
VAC, Vulnerability, Attack, Countermeasure: The VAC is a re occuring part of the chapter meetings. The VAC is a half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!
Links:
Interested in presenting at a local chapter meeting, please send an email to: netherlands 'at' owasp.org
Call for Location
For the OWASP Netherlands chapter meetings to come, we are continuously looking for locations!
Most preferable, the location is good accessible with public transport and by car. Free parking should be provided.
What do we expect:
- meeting room for at least 50 people
- lunch for attendees
- drinks, sandwiches...
- a small present for the speakers
- (e.g. bottle of wine, for speakers from aboard alcohol might be less practical if flying in only with hand luggage)
Interested in sponsoring a local chapter meeting, please send an email to: netherlands 'at' owasp.org
Chapter Leaders
The Netherlands Chapter is supported by the following board:
- Ferdinand Vroom, Nationale Nederlanden
- Martin Knobloch, PervaSec
- OWASP Netherlands, OWASP Netherlands board email adres
Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.
Chapter Sponsoring
OWASP Netherlands is looking for organizations to sponsor our chapter. If you are interested in sponsoring the Netherlands chapter please contact via email: netherlands 'at' owasp.org.
If you would like to donate to our chapter, please use the PayPal link below. Thank you!
<paypal>Netherlands</paypal>