Moien! Welcome to the OWASP Luxembourg chapter homepage!
Upcoming Chapter events
The OWASP BeNeLux Days 2022 (Fall edition) - November 25th-26th 2022, Tilburg (NL)
The OWASP BeNeLux Days 2022 (Fall edition) consist of 2 days:
On Thursday November 24th, we have a full day conference program with a list of renowned speakers:
- Grant Ongers with 100x your AppSec Program
- Wouter Hindriks with Incident Response without compromise
- Daniel Kapellmann Zafra & Ken Proska with Incontroller - ICS malware
- Bram Patelski with Security by Meme
- Ben Brucker with Social engineering
- Koen Yskout with a presentation of findings on threat modeling in Dutch companies
- More to be announced soon …
Free trainings day On Friday November 25th, you can join 1 of the free trainings:
- Training OWASP MASTG (by Jeroen Beckers)
- Training OWASP SAMM (by Seba Deleersnyder)
- Training OpenKAT (by Brenno de Winter)
- Training Securing DevOps pipelines (by TBD)
- These trainings are full day trainings run in parallel, so you can only join at most one! Registering for multiple trainings will result in a cancellation of all!
Attending the training and/or conference is completely free of charge, but registration is required. To support the OWASP organisation, consider to become a member, it’s only US$50! Check out the Membership page to find out more.
Have a look at https://www.owaspbenelux.eu/ for the latest updates.
- OWASP Luxembourg Chapter Meetup Stay tuned for the upcoming meetup
Volunteer to be a Speaker:
We are continuously looking for speakers. Call For Speakers is open. If you would like to present a talk on Application Security at future OWASP Luxembourg Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail.
Follow us on Social Media and Mailing List: Please follow OWASP Luxembourg Chapter on our social media (coming soon) and sign up to our mailing listto be notified about the upcoming OWASP Luxembourg Chapter events.
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert.
Code of Conduct
We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here.
OWASP Luxembourg - Board Members Post-Covid in-person meet-up (12 September 2022, Kirchberg, Luxembourg)
This first in-person meeting was held between the OWASP old+new board members in Luxembourg. The purpose was to get acquainted and discuss the strategy for the Chapter and how to grow the activies and the team.
𝗢𝗪𝗔𝗦𝗣 𝗕𝗲𝗡𝗲𝗟𝘂𝘅 𝗗𝗮𝘆𝘀 𝟮𝟬𝟮𝟮 - 𝗦𝗽𝗿𝗶𝗻𝗴 𝗘𝗱𝗶𝘁𝗶𝗼𝗻 - 𝗠𝗮𝗿𝗰𝗵 𝟯𝟭𝘀𝘁 𝗮𝗻𝗱 𝗔𝗽𝗿𝗶𝗹 𝟭𝘀𝘁, 𝟮𝟬𝟮𝟮 **!
The IN PERSON and ON-SITE event will take place on 𝗠𝗮𝗿𝗰𝗵 𝟯𝟭𝘀𝘁 𝗮𝗻𝗱 𝗔𝗽𝗿𝗶𝗹 𝟭𝘀𝘁, 𝟮𝟬𝟮𝟮 (not an April fools joke!), in 𝗞𝗼𝗿𝘁𝗿𝗶𝗷𝗸 (𝗕𝗲𝗹𝗴𝗶𝘂𝗺).
If you want to take part, don’t forget to secure your training and/or conference ticket: https://www.eventbrite.com/e/owasp-benelux-days-spring-2022-tickets-277402597637
The program: On March 31st, you can join (only) one of the three OWASP trainings:
- ModSecurity and the OWASP Core Rule Set (CRS) (by Christian Folini)
- OWASP SAMM by Sebastien Deleersnyder
- SKF Workshop - Offensive and Defensive crash course using SKF Labs (by Glenn ten Cate)
On April 1st we have a full day conference program with 7 renowned speakers:
- The paved path methodology: a human-centered approach to software security (by Pieter De Cremer)
- Optimize resilience towards antifragility, a secure cloud translation (by Edzo Botjes)
- Brace for your next Race - Race conditions in Servlets and Controllers (by Giuseppe Trovato)
- OWASP-SKF Learning Platform - There is no right or wrong, only fun and boring (by Glenn ten Cate)
- Using openCRE.org to master application security (by Rob van der Veer)
- A Tour Of OWASP ISVS (by Théo Rigas)
- Securing React with Trusted Types (by Philippe De Ryck)
On Thursday evening we planned a social gathering at the HoWest Penta Campus in Kortrijk!
Attendance to the conference is free of charge, but registration is mandatory so make sure to register on time! If you register for a training, please consider supporting the #OWASP by becoming a member.
Meeting#2022-01 - Introduction to the OWASP Application Security Verification Standard (ASVS) v4.0.3” by Josh Grossman, OWASP ASVS project co-leader, CTO at Bounce Security
Tuesday March 8th 2022 - 18:0-18:45 UTC/GMT+2 RSVP in our MeetUp event here Subject: Introduction to the OWASP Application Security Verification Standard (ASVS) v4.0.3”
Description of the talk: OWASP’s Application Security Verification Standard (ASVS) is one of the few comprehensive guides of security requirements for applications. The 4.0 version, released in March 2019 represents a significant update with many new features as well as structural changes. In this talk, Josh, one of the project co-leaders, will go through what the ASVS is and how it is put together with a particular focus on what has changed in this new version. He will also talk through some of the more interesting new requirements and show how you can help shape the future of this important standard.
About the speaker: Josh Grossman, OWASP ASVS project co-leader, CTO at Bounce Security
Josh has worked as a consultant in IT/Application Security and Risk for 15 years now as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. He is currently Chief Technology Officer for Bounce Security where he spends his time helping organisations improve and get better value from their Application Security processes and providing specialist Application Security advice. In his spare time he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board.
OWASP BeNeLux Days 25 November 2021 (CANCELED on D-3 due to COVID situation on Belgium)
Join us for the OWASP BeNeLux Days 2021. Our first physical event since the start of the outbreak will take place on 25 and 26 November 2021, in Bruges (Belgium). Thursday 25 November: free 1-day trainings:
- SKF Workshop - Offensive and Defensive crash course using SKF Labs (by Glenn ten Cate)
- OWASP SAMM (by Sebastien Deleersnyder) Places are limited, so don’t wait to register! As the trainings run in parallel, you can only choose 1 to attend Friday 26 November: full-day conference:
- 9h-9h15: Introduction and OWASP update (by Sebastien Deleersnyder)
- 9h15-9h55: 100x your AppSec Program (by Grant Ongers)
- 9h55-10h35: Optimize resilience towards antifragility, a secure cloud translation (by Edzo Botjes)
- 10h50-11h30: The paved path methodology: a human-centered approach to software security (by Pieter De Cremer)
- 11h30-12h10: Brace for your next Race - Race conditions in Servlets and Controllers (by Giuseppe Trovato)
- 13h-13h40: OWASP-SKF Learning Platform - There is no right or wrong, only fun and boring (by Glenn ten Cate)
- 13h40-14h20: (Dis)respect of users’ privacy choices with relation to online tracking (by Yana Dimova)
- 14h20- 15h00: Using openCRE.org to master application security (by Rob van der Veer)
- 15h15-15h55: A Tour Of OWASP ISVS (by Théo Rigas)
- 15h55-16h35: Securing React with Trusted Types (by Philippe De Ryck)
- 16h35-16h50: Closing (by Martin Knobloch) On Thursday evening, we plan a social gathering. More info will follow soon! Attendance to the conference is free of charge, but registration is required. If you register for a training, please consider to become an OWASP member.
Meeting#2021-02 - OWASP Top 10:2021 Overview
Wednesday October 27th 2021 - 17:30-18:30 UTC/GMT+2 RSVP in our MeetUp event here
Context: As part of the Luxembourg Cyber Security Week, We will be lauching our second OWASP Luxembourg Chapter meeting. Description of the talk: Learn about the new OWASP Top 10:2021 that was released in September, 2021. This talk will walk through the process we used to build the new Top 10 and provide a brief overview of each of the risk categories in this updated list. Hear how the OWASP Top 10:2021 can fit into your organization and provide a baseline for secure development. About the speaker: Brian Glas, OWASP Top Ten Leader | Assistant Professor Of Computer Science, Union University Brian has over 20 years of experience in various roles in IT and over a decade and a half of that in application development and security. His day job is serving as an Assistant Professor teaching a full load of Computer Science and Cybersecurity classes at Union University. He helped build FedEx’s AppSec team, worked on the Trustworthy Computing team at Microsoft, consulted on software security for years, and served as a project lead and active contributor for SAMM v1.1-2.0+ and OWASP Top 10 2017 and 2021. Brian is a contributor to the RABET-V Pilot Program. He holds several Cybersecurity and IT certifications and is currently working on his Doctor of Computer Science in Cybersecurity and Information Assurance. Who should attend? Both existing OWASP members and people unfamiliar with OWASP. Information security practitioners of all levels, IT professionals, and business leaders. Developers, development managers, product owners, QA professionals, program managers, and anyone involved in building software, etc.
Open Source Security hackathon Monday 25th October 2021
We are pleased to participate in the Open Source Security hackathon - Monday 25th October 2021 and Tuesday 26th October 2021 - don’t hesitate to join us online to improve open source security tools. Link here
- 𝗢𝗪𝗔𝗦𝗣 𝗭𝗮𝗽 𝗣𝗿𝗼𝘅𝘆
- 𝐎𝐖𝐀𝐒𝐏 𝐌𝐨𝐝𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐨𝐫𝐞 𝐑𝐮𝐥𝐞 𝐒𝐞𝐭 (𝐂𝐑𝐒)
OWASP Luxembourg is proudly celebrating OWASP’s 20th Anniversary! September 24, 2021
OWASP will be celebrating its 20th Anniversary on September 24, 2021! More details here
The OWASP Luxembourg Chapter joined the Luxembourg CYBERSECURITY ecosystem on June 2021
👉 Thank you SECURITYMADEIN.LU team and we are looking forward to fruitful collaboration.6/24/2021
Meeting#2021-01 - Getting to know OWASP
Thu, Jun 17 2021 · 17:30-18:15 GMT+2 RSVP in our MeetUp event here
We will be kicking off the first OWASP Luxembourg Chapter meetings. We will present OWASP, the Luxembourg Chapter and the next events and activities we are planning. Who should attend? Both existing OWASP members and people unfamiliar with OWASP. Information security practitioners of all levels, IT professionals, and business leaders. Developers, development managers, product owners, QA professionals, program managers, and anyone involved in building software, etc.
OWASP BeNeLux Day 2017
We are proud to announce the dates of the next edition of BeNeLux OWASP Day! The event will take place on 23 (trainings) and 24 (conference) November 2017, in Tilburg - The Netherlands. See OWASP_BeNeLux-Day_2017 for more details.
OWASP BeNeLux Day 2016 - II
We are proud to announce the dates of the next edition of BeNeLux OWASP Day! The event will take place on 24 (trainings) and 25 (conference) November 2016, in Leuven - Belgium. See BeNeLux OWASP Day 2016-2 for more details.
OWASP BeNeLux Day, March 17 & 18, 2016 in Esch-sur-Alzette, Luxembourg
We are proud to announce that like in 2011, the OWASP BeNeLux Day will be held in Belval Campus, Esch-sur-Alzette, Luxembourg. More information on www.owaspbenelux.eu!
OWASP AppSecEU 2015, 19-22 May 2015, Amsterdam, The Netherlands
The Luxembourg chapter is co-organizing together with Belgium and Netherlands chapters this amazing conference to be held in Amsterdam this spring! More information on the conference website. Hope to see you there!
French translation of Top Ten
The Luxembourg chapter, in collaboration with other volunteers (French and Swiss) is currently involved in the French translation of the OWASP Top Ten for 2013 (available in release candidate here: [OWASP Top 10
- 2013 - Release Candidate](http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf)). The final version of Top Ten should be available in May, and the French version should be available a few days after the release of the original version. The document is usually translated into different languages (German, Spanish, Italian, Chinese, etc.) People potentially interested to contribute to the German translation, can contact the OWASP_German_Language_Project.
OWASP BeNeLux Day 2011, December 1st & 2nd 2011 @ University of Luxembourg
We are proud to announce that OWASP BeNeLux Day 2011 will take place on December 1st & 2nd 2011 at the University of Luxembourg.
- December 1st 2011: Training Day OWASP Training: Secure Application Development, by Eoin Keary This intensive one-day training focuses on the most common web application security problems, including aspects of both the OWASP Top Ten (2010) and the MITRE Top 25. The training will introduce and demonstrate application assessment techniques, illustrating how application vulnerabilities can be exploited so students really understand how to avoid introducing such vulnerabilities in their code
- December 2nd 2011: Conference Day List of confirmed speakers (more to be announced soon):
- Brenno De Winter (Journalist) on the Diginotar story
- Koen Vanderloock (Lead Security Competence Group at Cegeka) on the new OWASP Simba project
- Justin Clarke (Director and Co-Founder of Gotham Digital Science Ltd) on practical crypto attacks against web applications
- Lieven Desmet (Research Manager at University Leuven) on HTML5 security
- Andrey Belenko (Chief Security Researcher at ElcomSoft Co. Ltd) on iOS data protection internals
- Alexandre Dulaunoy (Incident Management - Security Research at CIRCL) on dynamic malware analysis
- Ludovic Petit (Group Fraud & Information Security Adviser at SFR, Vodafone Group) on WebApp Security and legal and regulatory aspects
- Seba Deleersnyder & Eoin Keary (OWASP Board) on OWASP Update For more information and updates, please check out www.owaspbenelux.eu Interested in sponsoring the event and the Luxembourg Chapter in 2012? Please contact Jocelyn Aubert (Jocelyn.Aubert[at]owasp.org)!
OWASP @ YAJUG (Java User Group, Luxembourg)
The Luxembourg Chapter will participate to the next YAJUG (Java User Group, Luxembourg) event:
YAJUG - How to Secure your Java Applications Wednesday, May 27th 2009 - 17:45 Centre de Recherche Public Henri Tudor - 29, avenue John F. Kennedy - L-1855 Luxembourg-Kirchberg Agenda:
- 17h45 - Welcome and registration
- 18h00 - Introduction to Cryptography with JCA and JCE, Sébastien Stormacq, Sun Microsystems (French, slides in English)
- 19h15 - OWASP Top 10 Security Breaches for Java Web Applications, Jocelyn Aubert, OWASP-LU (French, slides in English)
- 20h30 - Drink The whole program is available on YAJUG website. Note: This event is NOT an OWASP event! You have to register on YAJUG website (fee: 40 euros).
OWASP @ C3L (Chaos Computer Club Lëtzebuerg)
Monday, April 6th 2009 - 20:00 (…until late in the night) Brasserie Seppl (Club-Room) - Luxembourg-Limpertsberg Agenda:
- 15 minutes intro OWASP Luxembourg Chapter
- remaining time - Technical Chaos regarding OWASP
Your organization’s name here Interested? Contact us please!