OWASP Luxembourg

Welcome

Moien! Welcome to the OWASP Luxembourg chapter homepage!

Upcoming Chapter events

Meeting#2022-01 - Introduction to the OWASP Application Security Verification Standard (ASVS) v4.0.3” by Josh Grossman, OWASP ASVS project co-leader, CTO at Bounce Security Tuesday March 8th 2022 - 18:0-18:45 UTC/GMT+2 RSVP in our MeetUp event here

Subject: Introduction to the OWASP Application Security Verification Standard (ASVS) v4.0.3”

Description of the talk: OWASP’s Application Security Verification Standard (ASVS) is one of the few comprehensive guides of security requirements for applications. The 4.0 version, released in March 2019 represents a significant update with many new features as well as structural changes. In this talk, Josh, one of the project co-leaders, will go through what the ASVS is and how it is put together with a particular focus on what has changed in this new version. He will also talk through some of the more interesting new requirements and show how you can help shape the future of this important standard.

About the speaker: Josh Grossman, OWASP ASVS project co-leader, CTO at Bounce Security  Josh Grossman, OWASP ASVS project co-Leader

Josh has worked as a consultant in IT/Application Security and Risk for 15 years now as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. He is currently Chief Technology Officer for Bounce Security where he spends his time helping organisations improve and get better value from their Application Security processes and providing specialist Application Security advice. In his spare time he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board.

Who should attend? Both existing OWASP members and people unfamiliar with OWASP. Information security practitioners of all levels, IT professionals, and business leaders. Developers, development managers, product owners, QA professionals, program managers, and anyone involved in building software, etc.

News

  • OWASP BeNeLux Days 2022 Stay tuned and keep an eye on https://www.owaspbenelux.eu

Get involved

  • Volunteer to be a Speaker:
    We are continuously looking for speakers. Call For Speakers is open. If you would like to present a talk on Application Security at future OWASP Luxembourg Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail.

  • Follow us on Social Media and Mailing List: Please follow OWASP Luxembourg Chapter on our social media (coming soon) and sign up to our mailing listto be notified about the upcoming OWASP Luxembourg Chapter events.

  • Become an OWASP member: We also encourage you to be become a member or consider a donation to support our ongoing work.

Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.

Code of Conduct

We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here.


Past Events

OWASP BeNeLux Days 25 November 2021 (CANCELED on D-3 due to COVID situation on Belgium)

Join us for the OWASP BeNeLux Days 2021. Our first physical event since the start of the outbreak will take place on 25 and 26 November 2021, in Bruges (Belgium). Thursday 25 November: free 1-day trainings:

  • SKF Workshop - Offensive and Defensive crash course using SKF Labs (by Glenn ten Cate)
  • OWASP SAMM (by Sebastien Deleersnyder) Places are limited, so don’t wait to register! As the trainings run in parallel, you can only choose 1 to attend Friday 26 November: full-day conference:
  • 9h-9h15: Introduction and OWASP update (by Sebastien Deleersnyder)
  • 9h15-9h55: 100x your AppSec Program (by Grant Ongers)
  • 9h55-10h35: Optimize resilience towards antifragility, a secure cloud translation (by Edzo Botjes)
  • 10h50-11h30: The paved path methodology: a human-centered approach to software security (by Pieter De Cremer)
  • 11h30-12h10: Brace for your next Race - Race conditions in Servlets and Controllers (by Giuseppe Trovato)
  • 13h-13h40: OWASP-SKF Learning Platform - There is no right or wrong, only fun and boring (by Glenn ten Cate)
  • 13h40-14h20: (Dis)respect of users’ privacy choices with relation to online tracking (by Yana Dimova)
  • 14h20- 15h00: Using openCRE.org to master application security (by Rob van der Veer)
  • 15h15-15h55: A Tour Of OWASP ISVS (by Théo Rigas)
  • 15h55-16h35: Securing React with Trusted Types (by Philippe De Ryck)
  • 16h35-16h50: Closing (by Martin Knobloch) On Thursday evening, we plan a social gathering. More info will follow soon! Attendance to the conference is free of charge, but registration is required. If you register for a training, please consider to become an OWASP member.

Meeting#2021-02 - OWASP Top 10:2021 Overview

Wednesday October 27th 2021 - 17:30-18:30 UTC/GMT+2 RSVP in our MeetUp event here

Due to a change in the APIs used to collate this data, this functionality is temporarily offline.

Context: As part of the Luxembourg Cyber Security Week, We will be lauching our second OWASP Luxembourg Chapter meeting. Description of the talk: Learn about the new OWASP Top 10:2021 that was released in September, 2021. This talk will walk through the process we used to build the new Top 10 and provide a brief overview of each of the risk categories in this updated list. Hear how the OWASP Top 10:2021 can fit into your organization and provide a baseline for secure development. About the speaker: Brian Glas, OWASP Top Ten Leader Brian Glas, OWASP Top Ten Leader | Assistant Professor Of Computer Science, Union University Brian has over 20 years of experience in various roles in IT and over a decade and a half of that in application development and security. His day job is serving as an Assistant Professor teaching a full load of Computer Science and Cybersecurity classes at Union University. He helped build FedEx’s AppSec team, worked on the Trustworthy Computing team at Microsoft, consulted on software security for years, and served as a project lead and active contributor for SAMM v1.1-2.0+ and OWASP Top 10 2017 and 2021. Brian is a contributor to the RABET-V Pilot Program. He holds several Cybersecurity and IT certifications and is currently working on his Doctor of Computer Science in Cybersecurity and Information Assurance. Who should attend? Both existing OWASP members and people unfamiliar with OWASP. Information security practitioners of all levels, IT professionals, and business leaders. Developers, development managers, product owners, QA professionals, program managers, and anyone involved in building software, etc.

Open Source Security hackathon Monday 25th October 2021

We are pleased to participate in the Open Source Security hackathon - Monday 25th October 2021 and Tuesday 26th October 2021 - don’t hesitate to join us online to improve open source security tools. Link here

  • 𝗢𝗪𝗔𝗦𝗣 𝗭𝗮𝗽 𝗣𝗿𝗼𝘅𝘆
  • 𝐎𝐖𝐀𝐒𝐏 𝐌𝐨𝐝𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐨𝐫𝐞 𝐑𝐮𝐥𝐞 𝐒𝐞𝐭 (𝐂𝐑𝐒)

OWASP Luxembourg is proudly celebrating OWASP’s 20th Anniversary! September 24, 2021

OWASP will be celebrating its 20th Anniversary on September 24, 2021! More details here

OWASP 20th Anniversary Image

The OWASP Luxembourg Chapter joined the Luxembourg CYBERSECURITY ecosystem on June 2021

👉 Thank you SECURITYMADEIN.LU team and we are looking forward to fruitful collaboration.6/24/2021

Meeting#2021-01 - Getting to know OWASP

Thu, Jun 17 2021 · 17:30-18:15 GMT+2 RSVP in our MeetUp event here

Due to a change in the APIs used to collate this data, this functionality is temporarily offline.

We will be kicking off the first OWASP Luxembourg Chapter meetings. We will present OWASP, the Luxembourg Chapter and the next events and activities we are planning. Who should attend? Both existing OWASP members and people unfamiliar with OWASP. Information security practitioners of all levels, IT professionals, and business leaders. Developers, development managers, product owners, QA professionals, program managers, and anyone involved in building software, etc.

OWASP BeNeLux Day 2017

We are proud to announce the dates of the next edition of BeNeLux OWASP Day! The event will take place on 23 (trainings) and 24 (conference) November 2017, in Tilburg - The Netherlands. See OWASP_BeNeLux-Day_2017 for more details.

OWASP BeNeLux Day 2016 - II

We are proud to announce the dates of the next edition of BeNeLux OWASP Day! The event will take place on 24 (trainings) and 25 (conference) November 2016, in Leuven - Belgium. See BeNeLux OWASP Day 2016-2 for more details.

OWASP BeNeLux Day, March 17 & 18, 2016 in Esch-sur-Alzette, Luxembourg

We are proud to announce that like in 2011, the OWASP BeNeLux Day will be held in Belval Campus, Esch-sur-Alzette, Luxembourg. More information on www.owaspbenelux.eu!

OWASP AppSecEU 2015, 19-22 May 2015, Amsterdam, The Netherlands

The Luxembourg chapter is co-organizing together with Belgium and Netherlands chapters this amazing conference to be held in Amsterdam this spring! More information on the conference website. Hope to see you there!

French translation of Top Ten

The Luxembourg chapter, in collaboration with other volunteers (French and Swiss) is currently involved in the French translation of the OWASP Top Ten for 2013 (available in release candidate here: [OWASP Top 10

  • 2013 - Release Candidate](http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf)). The final version of Top Ten should be available in May, and the French version should be available a few days after the release of the original version. The document is usually translated into different languages (German, Spanish, Italian, Chinese, etc.) People potentially interested to contribute to the German translation, can contact the OWASP_German_Language_Project.

OWASP BeNeLux Day 2011, December 1st & 2nd 2011 @ University of Luxembourg

We are proud to announce that OWASP BeNeLux Day 2011 will take place on December 1st & 2nd 2011 at the University of Luxembourg.

  • December 1st 2011: Training Day OWASP Training: Secure Application Development, by Eoin Keary This intensive one-day training focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The training will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code
  • December 2nd 2011: Conference Day List of confirmed speakers (more to be announced soon):
  • Brenno De Winter (Journalist) on the Diginotar story
  • Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
  • Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
  • Lieven Desmet (Research Manager at University Leuven) on HTML5 security
  • Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
  • Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
  • Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
  • Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update For more information and updates, please check out www.owaspbenelux.eu Interested in sponsoring the event and the Luxembourg Chapter in 2012? Please contact Jocelyn Aubert (Jocelyn.Aubert[at]owasp.org)!

OWASP @ YAJUG (Java User Group, Luxembourg)

The Luxembourg Chapter will participate to the next YAJUG (Java User Group, Luxembourg) event:

YAJUG - How to Secure your Java Applications Wednesday, May 27th 2009 - 17:45 Centre de Recherche Public Henri Tudor - 29, avenue John F. Kennedy - L-1855 Luxembourg-Kirchberg Agenda:

  • 17h45 - Welcome and registration
  • 18h00 - Introduction to Cryptography with JCA and JCE, Sébastien Stormacq, Sun Microsystems (French, slides in English)
  • 19h15 - OWASP Top 10 Security Breaches for Java Web Applications, Jocelyn Aubert, OWASP-LU (French, slides in English)
  • 20h30 - Drink The whole program is available on YAJUG website. Note: This event is NOT an OWASP event! You have to register on YAJUG website (fee: 40 euros).

OWASP @ C3L (Chaos Computer Club Lëtzebuerg)

Monday, April 6th 2009 - 20:00 (…until late in the night) Brasserie Seppl (Club-Room) - Luxembourg-Limpertsberg Agenda:

  • 15 minutes intro OWASP Luxembourg Chapter
  • remaining time - Technical Chaos regarding OWASP

Past meetings


Your organization’s name here Interested? Contact us please!