Difference between revisions of "OWASP BeNeLux-Days 2018"

OWASP BeNeLux conference is free, but registration is required!

OWASP BeNeLux training is reserved for OWASP members, and registration is required!

To support the OWASP organisation, we ask training attendees to consider becoming an OWASP member, it's only US$50! Check out the Membership page to find out more.

To support the OWASP organisation, consider to become a member, it's only US$50! Check out the Membership page to find out more.

Address

Venue:

Congres- en Erfgoedcentrum Lamot
Van Beethovenstraat 8-10
2800 Mechelen
Belgium

Google map

Parking:

Find your parking on Google Maps

How to reach the venue?

Public transport

You can reach the Mechelen's train station from Antwerpen or Brussels. The Lamot conference center is 10 min away by bus (line 1).

Or you can choose to walk for 15 min (1.2 km).

By car

From Brussels:

Follow the E19 Brussels / Antwerpen and take the exit 10.
Follow the N1 until the R12 (take a left) and turn to the right at the "Brusselpoort" into the Hoogstraat to reach one of the parkings.

From Antwerpen:

Follow the E19 Brussels / Antwerpen and take the exit 9.
Follow the N16 until the R12 (take a right) and turn to the left at the "Brusselpoort" into the Hoogstraat to reach one of the parkings.

Hotels Nearby

Hotels around the Lamot conference center

Training Day is November 29th

Trainings

Kubernetes security by Andrew Martin

Abstract

Course Description

The course guides attendees through Linux container security in general, and progresses to advanced Kubernetes cluster security. It emphasises pragmatic threat modelling and risk assessment based on an understanding of the tools and primitives available, rather than dogmatic dos and don’ts.

Course Outline

• How to attack containerised workloads
• Enhanced container security
• How to attack Kubernetes
• Interactive production cluster hacking
• Hardening Kubernetes
• Locking down applications
• Security tooling and vendor landscape

Who Should Attend

This course is suitable for intermediate to advanced Kubernetes users who want to strengthen their security understanding. It is particularly beneficial for those operating Kubernetes in a high-compliance domain, or for established security professionals looking to update their skills for the cloud native world.

Bio

Andrew has a strong test-first engineering ethos gained architecting and deploying high-traffic web applications. Proficient in systems development, testing, and maintenance, he is comfortable profiling and securing every tier of a bare metal or cloud native application, and has battle-hardened experience delivering containerised solutions to enterprise clients. He is a co-founder at https://control-plane.io

Conference Day is November 30th

Talks

OWASP Zap by David Scrobonia

Abstract

Intoducing security testing tools to a QA or developers workflow can be difficult when the tools aren't easy or intuitive to use. Even for security professionals, the friction of cumbersome security tooling can prevent them from getting the most from a tool or being effective with their time.
The OWASP ZAP team is working to help enable developers, QA, and hackers alike with the ZAP Heads Up Display, a more user friendly way to engage with the security testing tool. The Heads Up Displays integrates ZAP directly in the browser providing all of the funcitonality of the tool via a heads up display. The goal is to make ZAP more accessible and enabling users, especially developers, to integrate security in their daily workflows.
This talk will discuss the importance of usable tools, design tradeoffs made to improve usability, the various browser technologies powering the HUD, and how you can start hacking with a heads up display.

Bio

David Scrobonia is a part of the Security Engineering team at Segment working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and is a core team member of the OWASP ZAP project.

When Serverless Met Security… Serverless Security & Functions-as-a-Service (FaaS) by Niels Tanis

Abstract

Serverless is a design pattern for writing scalable applications in which Functions as a Service (FaaS) is one of the key building blocks. Every mayor Cloud Provider has got his own FaaS available. On Microsoft Azure there is Azure Functions, AWS has got Lambda and Cloud Functions can be used on the Google Cloud. All of these have a lot of similarities in the way they allow developers to create small event driven services.
From security perspective there are a lot of benefits when moving to a serverless architecture. There is no need to manage any of the machines and the underlying infrastructure. Dealing with updates, patches and infrastructure is the responsibility of the platform provider. FaaS are short lived processes which will be instantiated and destroyed in a matter of milliseconds making it more resilient to denial-of-services (DoS) and also makes it harder to attack and compromise.
But will all of this be sufficient to be ’secure’ or should we be worried about more? With serverless there is still a piece of software that will be developed, build, deployed and executed. It will also introduce a more complex architecture with corresponding attack surface which also makes it hard to monitor. What about the software supply chain and delivery pipeline? There still will be a need to patch your software for vulnerabilities in code and used 3rd party libraries. In this talk we will identify the security area’s we do need to focus on when developing serverless and define possible solutions for dealing with those problems.

Bio

Niels Tanis has got a background in .NET development, pentesting and security consultancy. He also holds the CSSLP certification and has been involved in breaking, defending and building secure applications. He joined Veracode in 2015 and right now he works as a security researcher on a variant of languages and technologies related to Veracode’s Binary Static Analysis service. He is married, father of 2 and lives in a small village just outside Amersfoort, The Netherlands.

The Social Event is on Thursday, November 29th

If you want to join the social event, don't forget to register for it via the registration:

The social event details will be published very soon! Stay tuned.

Become a sponsor of OWASP BeNeLux!

There are 3 combined sponsorship packages (Gold, Silver or Bronze) that cover the BeNeLux chapter meetings 2019 and the BeNeLux OWASP Days 2018.

Download our sponsor brochure and contact us for questions or sponsorship confirmation!

Your sponsorship will be invested directly in the chapter meetings, supporting speaker and catering expenses.

The sponsorship will also be dedicated to cover the costs of the OWASP 2018 BeNeLux event.