This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP NL Monthly Meetup"
(extended information) |
(added download links) |
||
| Line 27: | Line 27: | ||
1) the integration of GDPR in a Secure Development Lifecycle approach | 1) the integration of GDPR in a Secure Development Lifecycle approach | ||
2) threat modeling and GDPR risk patterns | 2) threat modeling and GDPR risk patterns | ||
| + | :'''[[Media:TOREON Adding Privacy by Design in Secure Application Development v20180412.pdf | Download the presentation as PDF]]''' | ||
'''Sebastien Deleersnyder''' is Co-founder & managing partner application security at Toreon.com. Sebastien has helped various companies improve their ICT-, Web- and Mobile Security, including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, co-project leader of the OWASP SAMM project, served on the OWASP Foundation Board member (2007-2013) and performed several presentations and trainings on Web Application, Mobile and Web Services Security. | '''Sebastien Deleersnyder''' is Co-founder & managing partner application security at Toreon.com. Sebastien has helped various companies improve their ICT-, Web- and Mobile Security, including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, co-project leader of the OWASP SAMM project, served on the OWASP Foundation Board member (2007-2013) and performed several presentations and trainings on Web Application, Mobile and Web Services Security. | ||
| Line 33: | Line 34: | ||
'''Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit''' | '''Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit''' | ||
In Ethereum, state transitions are mediated by code (a.k.a “smart contracts”) running in the Ethereum Virtual Machine (EVM) which boasts a turing-complete instruction set, allowing for near-unlimited use cases including (but not limited to) crypto kitties. However, with great flexibility comes great potential for vulnerabilities. And in accordance to Murphy’s law, disaster has stricken several times, resulting in hundreds of millions worth of Ether being stolen or stuck in limbo for all eternity. | In Ethereum, state transitions are mediated by code (a.k.a “smart contracts”) running in the Ethereum Virtual Machine (EVM) which boasts a turing-complete instruction set, allowing for near-unlimited use cases including (but not limited to) crypto kitties. However, with great flexibility comes great potential for vulnerabilities. And in accordance to Murphy’s law, disaster has stricken several times, resulting in hundreds of millions worth of Ether being stolen or stuck in limbo for all eternity. | ||
| − | In this talk, I will investigate recent incidents, and shed light on the various types of flaws that occur in Ethereum smart contracts. I’ll show how to explore the blockchain and reverse engineer smart contract binary code using Mythril, the “nmap of Ethereum”. I’ll also demonstrate the use of symbolic analysis to detect different types of vulnerabilities, including those resulting from inter-contract calls. Finally, I’ll show how to autogenerate Ethereum exploits using the Z3 solver. | + | In this talk, I will investigate recent incidents, and shed light on the various types of flaws that occur in Ethereum smart contracts. I’ll show how to explore the blockchain and reverse engineer smart contract binary code using Mythril, the “nmap of Ethereum”. I’ll also demonstrate the use of symbolic analysis to detect different types of vulnerabilities, including those resulting from inter-contract calls. Finally, I’ll show how to autogenerate Ethereum exploits using the Z3 solver. |
| + | :'''[https://conference.hitb.org/hitbsecconf2018ams/materials/D1T2%20-%20Bernhard%20Mueller%20-%20Smashing%20Ethereum%20Smart%20Contracts%20for%20Fun%20and%20ACTUAL%20Profit.pdf Download the presentation as PDF]''' | ||
'''Bernhard Mueller''' is a security engineer at Consensys and a hacker with a decade-long track record. He has found dozens of zero day flaws in widely used software, published attacks on core Internet protocols, and written award-winning papers. He is also a winner of BlackHat’s “Best Research” Pwnie Award. | '''Bernhard Mueller''' is a security engineer at Consensys and a hacker with a decade-long track record. He has found dozens of zero day flaws in widely used software, published attacks on core Internet protocols, and written award-winning papers. He is also a winner of BlackHat’s “Best Research” Pwnie Award. | ||
Revision as of 11:08, 15 April 2018
The OWASP Monthly Meetup is a networking opportunity to get together with your peers.
To visit OWASP - Chapter Netherlands Meetup, go here: OWASP NL @ Meetup.com
Dates / Locations:
- 1 Upcoming Meetups
- 2 Past Meetups
- 2.1 March 8, 2018
- 2.2 February 8, 2018
- 2.3 December 7, 2017
- 2.4 November 9, 2017
- 2.5 October 5, 2017
- 2.6 June 8, 2017
- 2.7 April 6, 2017
- 2.8 December 1, 2016
- 2.9 November 3, 2016
- 2.10 October 6, 2016
- 2.11 September 1, 2016
- 2.12 August 4, 2016
- 2.13 June 2, 2016
- 2.14 May 12th, 2016
- 2.15 April 7th, 2016
- 2.16 March 3rd, 2016
- 2.17 February 4th, 2016
- 2.18 December 3rd, 2015
- 2.19 November 5th, 2015
- 2.20 October 1st, 2015
- 2.21 September 3rd, 2015
- 2.22 August 6th, 2015
Upcoming Meetups
April 12, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/248338412/
- 18:30 - 19:00 Dinner
- 19:00 - 19:15 Welcome, OWASP update & Inspire introduction
- 19:15 - 20:00: Adding Privacy by Design in Secure Application Development by Sebastien Deleersnyder
- 20:15 - 21:00: Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit by Bernhard Mueller
- 21:00 - Closing
- Inspire
- Voetiusstraat 2
- 3512 JM Utrecht
Adding Privacy by Design in Secure Application Development The General Data Protection Regulation (GDPR) is coming. One monumental change is the introduction of Privacy by Design. In this presentation we will focus on the Privacy by Design (PbD) implications for developers. Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
Sebastien Deleersnyder is Co-founder & managing partner application security at Toreon.com. Sebastien has helped various companies improve their ICT-, Web- and Mobile Security, including BNP Paribas Fortis, Atos Worldline, KBC, Nationale Nederlanden (ING), Isabel, Fluxys, OLAF, EU Council, TNT Post, Flemish Community, Agfa-Gevaert and ING Insurance International. Sebastien is the Belgian OWASP Chapter Leader, co-project leader of the OWASP SAMM project, served on the OWASP Foundation Board member (2007-2013) and performed several presentations and trainings on Web Application, Mobile and Web Services Security. Ethereum is an open software blockchain platform that enables developers to build and deploy decentralized apps. Over the past couple of years, its cryptocurrency Ether has taken the number two spot in market cap second to Bitcoin.
Smashing Ethereum Smart Contracts for Fun and ACTUAL Profit In Ethereum, state transitions are mediated by code (a.k.a “smart contracts”) running in the Ethereum Virtual Machine (EVM) which boasts a turing-complete instruction set, allowing for near-unlimited use cases including (but not limited to) crypto kitties. However, with great flexibility comes great potential for vulnerabilities. And in accordance to Murphy’s law, disaster has stricken several times, resulting in hundreds of millions worth of Ether being stolen or stuck in limbo for all eternity. In this talk, I will investigate recent incidents, and shed light on the various types of flaws that occur in Ethereum smart contracts. I’ll show how to explore the blockchain and reverse engineer smart contract binary code using Mythril, the “nmap of Ethereum”. I’ll also demonstrate the use of symbolic analysis to detect different types of vulnerabilities, including those resulting from inter-contract calls. Finally, I’ll show how to autogenerate Ethereum exploits using the Z3 solver.
Bernhard Mueller is a security engineer at Consensys and a hacker with a decade-long track record. He has found dozens of zero day flaws in widely used software, published attacks on core Internet protocols, and written award-winning papers. He is also a winner of BlackHat’s “Best Research” Pwnie Award.
Past Meetups
March 8, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/248125406/
- 18:00 - 18:45 Registration & Pizzas
- 18:45 - 19:00 Welcome & OWASP update
- 19:00 - 19:15 TNO introduction
- 19:15 - 20:00 Faalkaart by Elger Jonker
- 20:00 - 20:15 Break
- 20:15 - 21:00 Second talk by Edwin van Andel
- 21:00 - 21:30 Networking and discussion
- TNO
- Eemsgolaan 3
- Groningen
February 8, 2018
https://www.meetup.com/OWASP-Chapter-Netherlands-Meetup/events/247313273/
- 18:30 - Start
- 18:45 - Order food/dinner
- 19:30 - Presentation about Faalkaart by Elger Jonker.
- 20:30 - Meet'n' greet - Time to meet your peers!
- 21:00 - Closing
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
December 7, 2017
OWASP Netherlands Meetup! registration
November 9, 2017
OWASP Netherlands Meetup! registration
- 18:30 - Doors open / buffet (sponsored by Xebia)
- 19:15 - Talk:
- In de Ict-industrie zit naarstig te wachten op het eigen incident dat een groot verschil gaat maken in het denken over beveiliging. De OWASP TOP-10 is het triest bewijs dat veel organisaties, maar bitter weinig leren van beveiliging. Hoe anders is dat in transport geweest toen het denken radicaal omsloeg na de ondergang van de Titanic. Gaat nu opnieuw logistiek opnieuw voor de omslag in denken zorgen of wachten we op een andere ramp? Want dat technologie juist in die industrie een alles veranderende rol staat spelen, kan tot weinig discussie leiden. En als de verandering komt hoe ziet dan de wereld eruit? Is OWASP klaar voor zo’n nieuwe situatie?
- Brenno de Winter (1971) schreef zijn eerste computerprogramma op vijfjarige leeftijd en is sindsdien altijd met technologie bezig geweest. Hij is al jaren bezig met beveiliging. Tijdens zijn jaren als journalist schreef hij menig verhaal dat een fundamentele discussie startte of het nu ging over het kraken van de OV-chipkaart, Diginotar, de duizenden lekken die rond lektoner naar voren kwamen of falend beleid. Als boekenschrijver schreef hij diverse titels en werkt hij aan eend methodiek om meer ‘zeewaardig te worden’ op beveiligingsgebied.
- 20:15 - Meet'n' greet
- Time to meet your peers!
- 21:30 Closing
Where:
Xebia Wibautstraat 200, 1091 GS Amsterdam
October 5, 2017
OWASP Netherlands Meetup! registration
- 18:30 - Doors open / buffet (sponsored by Xebia)
- 19:15 - Talk: OWASP Global and Netherlands update
- Looking back on the past AppSec-US
- Looking forward to the BeNeLux-Day 2017
- 20:15 - Meet'n' greet
- Time to meet your peers!
- 21:30 Closing
Where:
- Xebia
- Wibautstraat 200, 1091 GS Amsterdam== September 7, 2017 ==
OWASP Netherlands Meetup! registration
- 18:30 - Doors open / buffet (sponsored by Xebia)
- 19:15 - Talk: OWASP Security Knowledge Framework, 2.0
- Glenn and Riccardo ten Cate will talk about the OWASP Security Knowledge Framework (SKF) and the new features of the 2.0 release
- 20:15 - Meet'n' greet
- Time to meet your peers!
- 21:30 Closing
Where:
- Xebia
- Wibautstraat 200, 1091 GS Amsterdam
June 8, 2017
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/240446300/
- 18:30 - Start
- 19:00 - Order food
- 20:00 - Discussions/networking/updates
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
April 6, 2017
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/238715293/
- 18:30 - Start
- 19:00 - Order food
- 20:00 - Discussions/networking/updates
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
December 1, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632198/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
November 3, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632193/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
October 6, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632186/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
September 1, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632177/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
August 4, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/kkcwnlyvlbgb/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
June 2, 2016
https://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632164/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
May 12th, 2016
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228094227/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
April 7th, 2016
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228632149/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
March 3rd, 2016
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/228104950/
- 18:30 - ? chat, brainstorming etc.
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
February 4th, 2016
Kick-Off BBQ, location to be announced to whom has registered:
December 3rd, 2015
- 18:30 - ? chat, brainstorming etc. / bijkletsen
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
November 5th, 2015
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/226036523/
- 18:30 - ? chat, brainstorming etc. / bijkletsen
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
October 1st, 2015
- 18:30 - 19:00 walk-in / in-loop
- 19:00 - 19:30 announcements / aankondigingen
- 19:30 - ? chat, brainstorming etc. / bijkletsen
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
September 3rd, 2015
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/224672626/
- 18:30 - 19:00 walk-in / in-loop
- 19:00 - 19:30 announcements / aankondigingen
- 19:30 - ? chat, brainstorming etc. / bijkletsen
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
August 6th, 2015
http://www.meetup.com/OWASP-Chapter-Netherlands-Utrecht-Meetup/events/224046536/
- 6:30 - 7:00 walk-in / inloop
- 7:00 - 7:30 kennismaking / introductions
- 7:30 - 8:00 aankondigingen / announcements
- 8:00 - 8:30 Vragen / Q & A, einde
- Restaurant De Branding
- Croeselaan 303
- 3521 BT Utrecht
- 030-2900299
- http://www.restaurantdebrandingutrecht.nl/
