OWASP Belgium

Welcome to the Belgium chapter homepage. The chapter leaders are Sebastien Deleersnyder, Lieven Desmet and Bart De Win.

With the Belgium chapter, we aim to organize 4 local chapter meetings per year and co-organize the yearly BeNeLux Day. Any suggestions for speakers or venue? Feel free to reach out to us!

Upcoming events

To kickstart 2021, we plan a series of virtual chapter meetings with renowned, international speakers!

Join us every 3rd Thursday of the month, from 17:00 until 18:00 CET.

For now, the calendar looks as follows:

  • February 18th: Jim Manicode and Philippe De Ryck with JWT’s - sign em like it’s hot
  • March 18th: Steven Springett with Component Analysis vs SCA - How SBOMs are the driving force for change
  • April 15th: Marc Curphey wuth Upcoming open-source AWS Discovery tool
  • May 20th: Jeremiah Grossman with Why Attack Surface Management is Hard
  • June 17th: Simon Bennets with ZAP Intro and Latest Features
  • September 16th: Andrew van der Stock with The OWASP Top 10 2021
  • October 21st: Christian Folini with The adventurous tale of online voting in Switzerland

Registration: https://owasp-belgium-virtual-chapter-meetings-2021.eventbrite.com/

More info: on the ‘Chapter Meetings’ tab.

Chapter sponsors

OWASP Belgium thanks its structural chapter supporters for 2019 and the OWASP BeNeLux Days 2018

Vest Davisnsi Labs Toreon NVISO ingenico group

Example

Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

OWASP Belgium Virtual Chapter Meeting Series 20201

To kickstart 2021, we plan a series of virtual chapter meetings. Every 3rd Thursday of the month, we invite a renowned, international speaker to join us in a focused evening session.

For now, the calendar looks as follows:

  • February 18th: Jim Manicode and Philippe De Ryck with JWT’s - sign em like it’s hot [Video] [Slides]
  • March 18th: Steven Springett with Component Analysis vs SCA - How SBOMs are the driving force for change
  • April 15th: Marc Curphey wuth Upcoming open-source AWS Discovery tool
  • May 20th: Jeremiah Grossman with Why Attack Surface Management is Hard
  • June 17th: Simon Bennets with ZAP Intro and Latest Features
  • September 16th: Andrew van der Stock with The OWASP Top 10 2021
  • October 21st: Christian Folini with The adventurous tale of online voting in Switzerland

Our chapter meetings are open for everyone, and attendance is free of charge. We ask you to register on Eventbrite in order to provide you with last-minute updates, if needed.

Practicalities:

18 February 2021: JWT’s “sign em like it’s hot” (by Jim Manico and Philippe De Ryck)

This virtual chapter meeting will host Jim Manico and Philippe De Ryck!

JWT’s “sign em like it’s hot”

When needing to overtake an existing form of government (ie: cookie based traditional session management) one must carefully plan how to raid that traditional institution and bring about a new regime (ie: JWT based session management). Often, radical shifts in governance require new leadership institutions (key management, more challenging logout functionality, managing the increase in complexity, access control considerations, etc). Ahem.

Presentation

Jim Manico (Founder, Mancode Security)

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the co-founder of the LocoMoco Security Conference and is an investor/advisor for BitDiscovery and Signal Sciences. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of Iron-Clad Java: Building Secure Web Applications from McGraw-Hill. For more information, visit http://www.linkedin.com/in/jmanico.

Dr. Philippe De Ryck (Web Security Expert, Founder of Pragmatic Web Security)

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador/Expert for his community contributions on the security of web applications and APIs. For more information, check Twitter, LinkedIn or Github.

Meeting archive

2020 chapter meetings

23-27 November 2020: OWASP BeNeLux Days

Block your agenda for 4 online evening sessions - more info will follow soon (see https://www.owaspbenelux.eu/)!!

28 October 2020: OWASP BE Local virtual security day

This virtual security day / conference is free to join for everybody and we have an amazing line up of interesting speakers and topics. Also we have multiple workshops you can attend for free.

Agenda Talks

  • 9h - 9h15: OWASP Kickoff (by Sebastien Deleersnyder & Glenn ten Cate)
  • 9h15 - 10h: OWASP SAMM (by Sebastien Deleersnyder)
  • 10h - 11h: Making the web secure by design (by Riccado ten Cate)
  • 11h - 11h45: Zerologon - taking over an AD domain in three seconds (by Tom Tervoort)
  • 11h45 - 12h45 break
  • 12h45 - 13h30: Phoenix - Proactively detect and fight phishing attacks (by Davide Cioccia and Stefan Petrushevski)
  • 13h30 - 14h15: Using oldschool techniques to turn software to malware (by Hidde Westerhof)
  • 14h15 - 15h State of the internet (by Peter Massini)
  • 15h - 15h05: OWASP Closing word

Agenda Workshops

  • Workshop Malware general (by Zsombor Kovacs)
  • Workshop OWASP-SKF (by Riccardo ten Cate)
  • Workshop OWASP-SAMM (by Sebastien Deleersnyder)
  • Workshop Malware / Red Teaming (by Tom Kallo)

6-7 June 2020: OWASP Chapters All Day (24 conference)

Leaders from OWASP Chapters throughout the world invite you to join us for 24 hours of non-stop AppSec!

This OWASP Chapters All Day conference is scheduled for June 6-7, and features among others 2 local speakers: chapter lead Seba Deleersnyder (on OPEN SAMM v2) and PhD researcher Victor Le Pochat (on the Avalanche botnet takedown).

The festivities will kick off with Welcoming Remarks and a Keynote presentation at 2pm local time (12:00 noon UTC) on Saturday, 6 June. Then, each hour, the (virtual) floor will be handed over to a leader from another OWASP Chapter, who will introduce speakers from their chapter/region. At 2pm local time (12:00 noon UTC) on Sunday, 7 June, a brief recap and closing remarks will wrap up the Chapters All Day conference.

The OWASP Belgium time slot (with Sebastian and Victor) is scheduled at 3pm local time on Saturday!!

The full schedule and details are available at https://owasp.org/www-community/social/chapters_all_day/ .

29 April 2020: OWASP - ING Open security conference (Brussels)

POSTPONED Due to the COVID-19 related restrictions, the chapter meeting will be postponed.

ING Belgium is proud to organize an open security conference in collaboration with OWASP.

Venue

The event will take place @ at ING Brussels on 29th of April 2020

  • A couple of workshops will be hosted during the day
  • The event will be for 300 people max
  • No marketing pitches

11 March 2020 meeting (Leuven)

CANCELLED Due to the COVID-19 related cancellation of the Secure Application Development course, the chapter meeting will be cancelled as well.

Venue

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development, a unique AppSec course held in Leuven from 2020-03-09 to 2020-03-13.

Agenda

  • 18h00 - 18h50: Welcome & sandwiches
  • 18h50 - 19h00: OWASP Update
  • 19h00 - 20h00: The hitchhikers guide to secrets for cloud environments by Abhay Bhargav (CEO we45)
  • 20h00 - 20h10: Break
  • 20h10 - 21h10: Blueprint for secure JavaScript development by Marcin Hoppe (Senior Manager, Product Security, Auth0)

2019 chapter meetings

25 November 2019 meeting (Leuven)

Venue

Hosted by DistriNet Research Group (KU Leuven)

The event is co-located with a briefing and industry opportunity meeting of the Flanders Cyber Security impuls program. Feel free to register for this co-located event if interested.

Agenda

23-27 September 2019: Global AppSec Amsterdam

Together with the OWASP staff and the OWASP Netherlands chapter, the OWASP Belgium chapter supports and contributes to the organisation of the Global AppSec Amsterdam 2019. We kindly invite all our chapter members to join us in Amsterdam in September!

Due to focusing our efforts on the Global AppSec Amsterdam conference, we decided to skip this year’s edition of the OWASP BeNeLux Days. Mark your agenda for next year: 26 and 27 November 2020 in the Netherlands.

Summit working session on OWASP SAMM

OWASP Belgium presents a summit working session on OWASP SAMM in Antwerp on 30 April.

Registration is free but mandatory (via EventBrite): https://www.eventbrite.com/e/open-security-summit-working-session-tickets-60456102831

20 February 2019 Meeting

Venue

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 2019-02-18 to 2019-02-22.

Agenda

2018 chapter meetings

OWASP BeNeLux Days 2018

This conference has its own page: OWASP_BeNeLux-Days_2018.

23 October 2018 Meeting (Bruges)

Hosted by Secure Code Warrior

Agenda

7 September 2018 Meeting (Brussels)

Hosted by the European Commission

Agenda

  • 18h00 - 18h50: Welcome & sandwiches
  • 18h50 - 19h00: OWASP Update by Sebastien Deleersnyder (OWASP BE)
  • 19h00 - 19h10: Intro by the EC by Miguel Soria Machado (Head of Sector CSIRC, DIGIT IT Security Directorate, European Commission)
  • 19h10 - 20h00: Docker Threat Modeling and Top 10 by Dirk Wetter
  • 20h00 - 20h10: Break
  • 20h10 - 21h00: Securing Containers on the High Seas by Jack Mannino (nVisium)
  • 21h00 - 21h30: Networking drink

19 March 2018 Meeting (Brussels)

Hosted by ING Belgium

Agenda

  • 18h15 - 19h00: Welcome & sandwiches
  • 19h00 - 19h10: OWASP Update by Sebastien Deleersnyder (OWASP BE)
  • 19h10 - 20h00: KRACKing WPA2 in Practice Using Key Reinstallation Attacks by Mathy Vanhoef (DistriNet, KU Leuven)
  • 20h00 - 20h10: Break
  • 20h10 - 21h00: Making the web secure by design by Glenn Ten Cate (ING Belgium) and Riccardo Ten Cate (Xebia)
  • 21h00 - 21h30: Networking drink

20 February 2018 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 2018-02-19 to 2018-02-23.)

Agenda

2017 chapter meetings

19 June 2017 Meeting (Brussels)

Hosted by NVISO

Agenda

29 May 2017 Meeting (Machelen)

Hosted by Ernst & Young

Agenda

  • 18h00 - 18h50: Welcome & sandwiches
  • 18h50 - 19h00: OWASP Update by Lieven Desmet (OWASP BE)
  • 19h00 - 19h45: HTTP for the Good or the Bad by Xavier Mertens (freelance security consultant)
  • 19h45 - 20h30: Reverse engineering with Panopticon: a Libre Cross-Platform Disassembler by Kai Michaelis
  • 20h30 - … : Reception

28 February 2017 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 2017-02-27 to 2017-03-03.

Address

2016 chapter meetings

18 October 2016 Meeting (Ghent)

Hosted by UGent

Agenda

8 September 2016 Meeting (Zaventem)

Hosted by PwC

Agenda

23 May 2016 Meeting (Mechelen)

Hosted by is4u at Moonbeat (Mechelen)

Agenda

  • 18h00 - 19h00: Welcome & sandwiches
  • 19h00 - 19h10: OWASP Update
  • 19h10 - 20h00: All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS by Mathy Vanhoef (DistriNet, KU Leuven)
  • 20h00 - 20h10: Break
  • 20h10 - 21h00: Docker Security by Nils De Moor (CTO at WooRank)
  • 21h00 - … : Networking drink

8 March 2016 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 7-11 March 2016.

Agenda

2015 chapter meetings

24 February 2015 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 23 to 27 February 2015.

Agenda

2014 chapter meetings

17 December 2014 Meeting (Mechelen)

Hosted by is4u at Moonbeat (Mechelen)

Agenda

  • 18h00 - 18h45: Welcome & sandwiches
  • 18h45 - 19h00: OWASP Update by Sebastien Deleersnyder (OWASP Belgium Board)
  • 19h00 - 20h00: OWASP Top 10 Mobile Risks / demos by Erwin Geirnaert
  • 20h00 - 20h15: Break
  • 20h15 - 20h30: Investigating software security practices by Koen Yskout and Laurens Sion (DistriNet, KU Leuven)
  • 20h30 - 21h30: OpenSAMM Best Practices: Lessons from the Trenches by Sebastien Deleersnyder and Bart De Win

20 May 2014 Meeting (Brussels)

Hosted by NVISO

Agenda

12 February 2014 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 10 to 14 February 2014.

Agenda

2013 chapter meetings

17 December 2013 Meeting (Leuven)

Jointly organized with (ISC)2

Hosted by DistriNet Research Group (KU Leuven)

Agenda

8 October 2013 Meeting (Diegem)

Hosted by Ernst & Young

Agenda

6 June 2013 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Agenda

Previous Meeting (5th of March 2013) in Leuven

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 4 March 2013 until 8 March 2013.

Agenda

2012 chapter meetings

26 September 2012 Meeting (Ghent)

Hosted by PWC

Co-organized with the ISSA (Information Systems Security Association)

Address

12 September 2012 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Co-organized with the IWT-project SPION (security and privacy in online social networks)

Agenda

6 March 2012 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Both speakers are faculty of the Secure Application Development course held in Leuven from 5 March 2012 until 9 March 2012.

Agenda

25 January 2012 Meeting (Brussels)

Hosted by Cisco Belgium

Agenda

2011 chapter meetings

16 June 2011 Meeting (Brussels)

Hosted by Deloitte

Agenda

  • 18h00 - 18h30: Welcome & Sandwiches
  • 18h30 - 18h45: OWASP Update (by Sebastien Deleersnyder, SAIT Zenitel, OWASP Board)
  • 18h45 - 19h45: The OWASP AppSensor Project (by Colin Watson, Watson Hall Ltd)
  • 19h45 - 20h00: Break
  • 20h00 - 21h00: How to become Twitter’s admin: An introduction to Modern Web Service Attacks (by Andreas Falkenberg, RUB)

23 May 2011 Meeting (Brussels)

Location: LCM, Brussels

Co-organized with the ISSA (Information Systems Security Association)

Agenda

2010 chapter meetings

21 September 2010 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven). Pizza’s sponsored by F5 Networks.

Agenda

16 June 2010 Meeting (Brussels)

Hoste by Zenitel Belgium.

Agenda

  • 18h00 - 18h30: Welcome & Refreshments
  • 18h30 - 18h45: OWASP Update (by Sebastien Deleersnyder, Zenitel, OWASP Board)
  • 18h45 - 20h00: Advanced SQL Injection (by Joe McCray, Learn Security Online)

1 June 2010 Meeting (Brussels)

Hosted by Cisco Belgium

Agenda

  • 18h00 - 18h30: Welcome & Refreshments
  • 18h30 - 18h45: OWASP Update (by Sebastien Deleersnyder, Zenitel, OWASP Board)
  • 19h00 - 20h00: The Belgian e-ID: hacker vs developer (by Erwin Geirnaert and Frank Cornelis)
  • 20h00 - 20h15: Break
  • 20h15 - 21h15: Analyzing the Accuracy Of Web Application Scanners (by Larry Suto)

1 February 2010 Meeting (Brussels)

Hosted by Ernst & Young

Co-organized with the ISSA (Information Systems Security Association)

Agenda

2009 chapter meetings

15 September 2009 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven). Pizza’s sponsored by F5 Networks.

Agenda

  • 18h30 - 19h00: Welcome & Refreshments
  • 19h00 - 19h15: OWASP Update (by Sebastien Deleersnyder, Telindus, OWASP Board)
  • 19h15 - 20h00: CSRF: the nightmare becomes reality (by Lieven Desmet, DistriNet Research Group (K.U. Leuven))
  • 20h00 - 21h15: Hacking Web 2.0 Streams – Cross Domain Injection and Exploits (by Shreeraj Shah, founder of Blueinfy)

4 March 2009 Meeting (Brussels)

Hosted by Telindus, Belgacom-ICT

Agenda

  • 18h00 - 18h30: Welcome & Refreshments
  • 18h30 - 18h45: OWASP Update (by Sebastien Deleersnyder, Telindus, OWASP Board)
  • 18h45 - 20h45: A Software Security Maturity Model (by Gary McGraw, CTO of Cigital)

4 February 2009 Meeting (Brussels)

Hosted by Ernst & Young

Agenda

  • 18h00 - 18h30: Welcome & Refreshments
  • 18h30 - 18h40: OWASP Update (by Sebastien Deleersnyder, Telindus, OWASP Board)
  • 18h40 - 19h30: Best Practices Guide Web Application Firewalls (by Alexander Meisel, CTO and founder of Art of Defence)
  • 19h30 - 20h00: I thought you were my friend - Evil Markup, browser issues and other obscurities (by Mario Heiderich)
  • 20h00 - 20h10: Break
  • 20h10 - 21h00: Research on Belgian bank trojan attacks (by Richard Bennett, software consultant)

2008 chapter meetings

17 November 2008 Meeting (Brussels)

Hosted by Isabel, the catering was sponsored by ISSA

Co-organized with the ISSA (Information Systems Security Association)

Agenda

  • 18h00 - 18h30: Welcome & Refreshments
  • 18h30 - 19h00: OWASP / ISSA introduction (by Philippe Bogaerts, OWASP Belgium and Bart Moerman, ISSA Brussels-European Chapter)
  • 19h00 - 20h00: Risky PDF [ZIP] (by Didier Stevens, Contraste Europe)
  • 20h00 - 21h00: .NET Rootkits - Backdoors Inside Your Framework (by Erez Metula, 2BSecure)

23 October 2008 Meeting (Huizingen)

Hosted by RealDolmen

Agenda

  • 18h00 - 18h30: Welcome & Refreshments
  • 18h30 - 19h00: OWASP Update (by Sebastien Deleersnyder, OWASP Belgium)
  • 19h00 - 20h00: Building a tool for Security consultants: A story of a customized source code scanner (by Dinis Cruz, OWASP)
  • 20h00 - 21h00: Logging: not just a good idea (by Eddy Vanlerberghe)

21 April 2008 Meeting (Luxembourg, LU)

Location: Centre de Recherche Public Henri Tudor

Agenda

  • 16h00 - 16h30: Welcome & Sandwiches
  • 16h30 - 17h00: OWASP Introduction (by Sebastien Deleersnyder, OWASP BeLux)
  • 17h00 - 18h00: How to break Web Applications (by Philippe Bogaerts, NetAppSec)
  • 18h00 - 18h15: break
  • 18h15 - 19h15: How to secure Web Applications (the OWASP Way) (by Sebastien Deleersnyder, Telindus)

9 April 2008 Meeting (Brussels)

Hosted by Deloitte

Agenda

OWASP at infosecurity.be: 20 March 2008 (Brussels)

OWASP will be present on Infosecurity.be 2008

Agenda:

4 March 2008 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven)

Agenda

  • 18h00 - 18h30: Welcome, Refreshments and drinks
  • 18h30 - 18h45: OWASP Update by Sebastien Deleersnyder (OWASP BeLux)
  • 18h45 - 19h00: CAcert.org and Thawte by Kenneth Van Wyck (KRvW Associates)
  • 19h00 - 20h00: Development life cycle issues by Kenneth Van Wyck (KRvW Associates)
  • 20h00 - 20h15: break
  • 20h15 - 21h15: Structural improvements for SDLs by Bart De Win (DistriNet, KU Leuven)

2007 chapter meetings

20 November 2007 Meeting (Leuven)

Hosted by DistriNet Research Group (KU Leuven). Pizza’s and drinks sponsored by NetAppSec.

Co-organized with the ISSA (Information Systems Security Association)

Agenda

  • 18h00 - 18h30: Welcome, Pizza and drinks
  • 18h30 - 18h45: OWASP Update by Sebastien Deleersnyder (OWASP BeLux)
  • 18h45 - 19h00: ISSA Intro by Tomas Vanhoof (ISSA)
  • 19h00 - 20h00: Operational security impact on developing secure applications by Patrick Debois
  • 20h00 - 20h15: break
  • 20h15 - 21h15: Security awareness programs for development by Herman Stevens & Swa Frantzen (NET2S)

OWASP Day 2007: 6 September 2007 (Brussels)

On September 6th, OWASP organized OWASP Day conferences worldwide triggered by the Global Security Week idea. In Belgium we organized the mini-conference in Brussels.

Hosted by Telindus, Belgacom-ICT at the SURF House

Agenda

22 June 2007 Meeting (Diegem)

Hosted by Deloitte

F5 Networks sponsored Ivan Ristic and Dinis Cruz to come to Brussels.

Agenda

10 May 2007 Meeting (Leuven)

Hosted by ps_testware

Agenda

OWASP at infosecurity.be: 21-22 March 2007 (Brussels)

OWASP will be present on Infosecurity.be 2008

Agenda

23 January 2007 (Brussels)

Hosted by Ernst & Young

Agenda

2006 chapter meetings

JavaPolis 2006: 15/12/2006 (Antwerp)

Stephen de Vries (project leader of the OWASP Java Project) did a talk at JavaPolis in Belgium.

Agenda

  • Security Sins and their Solutions by Spehen de Vries (project lead of the OWASP Java Project)

14 September 2006 Meeting (Antwerp)

Hosted by ING Belgium

Co-organized with the ISSA (Information Systems Security Association)

Agenda

8 May 2006 Meeting (Brussels)

Hosted by Deloitte

Agenda

  • 18h00 - 18h30: Welcome, get drink & snack
  • 18h20 - 18h40: OWASP Update by Sebastien Deleersnyder (Ascure)
  • 18h45 - 19h15: Internet Attack Statistics for Belgium in 2005 by Hillar Leoste (Zone-H)
  • 19h15 - 20h30: Can “Agile” Development Produce Secure Applications? by Johan Peeters (Program Director secappdev.org)

22 February 2006 (Leuven)

Hosted by DistriNet Research Group (KU Leuven). Pizza’s and drinks sponsored by BeeWare.

Agenda

New years drink: 19 January 2006 (Leuven)

On January 19th we had a New Years Drink. It was sponsored by Zion Security

Agenda

2005 chapter meetings

28 September 2005 Meeting (Leuven)

Hosted by Ubizen

Agenda

26 May 2005 Meeting (Ghent)

On 26th of May 2005 we held the first OWASP Belgium Chapter meeting!

It was a big success: we had nearly 40 people attending, despite the Belgium-unlike hot weather.

Agenda

Local sponsors

OWASP Belgium thanks its structural chapter supporters for 2019 and the OWASP BeNeLux Days 2018

Vest Davisnsi Labs Toreon NVISO ingenico group

If you want to support our chapter, please contact Seba Deleersnyder.

Watch Star