- Our neighbours to the south (Belgium) is holding a series of online events, on the third thursday of every month.
- We are working on providing events in between, the first thursday of every month. (work in progress)
- Scheduled physical meetings are postponed. Check the “Upcoming Events” tab or the mailing list for new meetings.
We schedule our meetings on the OWASP Netherlands Meetup Group
Our meetings are open to the public, and you do not need to be a member to attend. Please do consider joining OWASP if you find our community, projects, and meetings valuable, or sponsoring this chapter.
- OWASP BeNeLux Days 2020, 23-26 November 2020: details on https://www.owaspbenelux.eu
- May 14th 2020, there was a video presentation about the Mobile Security Testing Guide and the Mobile Application Security Verification Standard by Jeroen Willemsen. Watch the presentation at https://youtu.be/cuB8TNT0rMw.
- April 9th 2020, there was a video presentation about SKF news by Riccardo ten Cate. Watch the presentation https://youtu.be/EtGyhWYSjVA.
Support the chapter
We are continuously looking for speakers.
Presentations: Are you working on an interesting subject, would you like to share your experience with the OWASP community and do you have presentation skills. Please let us know! Any topic related to web application security will be appreciated!
VAC, Vulnerability, Attack, Countermeasure: The VAC is a re occuring part of the chapter meetings. The VAC is a half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it!
Links: Speaker Agreement Template Interested in presenting at a local chapter meeting, please send an email to: netherlands ‘at’ owasp.org
OWASP Corporate Member:
OWASP BeNeLux-Day 2017 sponsor:
July 8 2021
September 16 2021
October 21 2021
November 23-27 2020, BeNeLux Days
See https://www.owaspbenelux.eu for information.
May 14, 2020
This is an online meeting about the Mobile Security Testing Guide and the Mobile Application Security Verification Standard by Jeroen Willemsen.
The talk will start at 20:00.
Watch the livestream at https://youtu.be/cuB8TNT0rMw.
April 9, 2020
The first talk will start at 20:00.
- SKF news by Riccardo ten Cate and Glenn ten Cate (Video)
- OWASP Integration Standards project update by Rob van der Veer (Video)
Watch the livestream at https://youtu.be/EtGyhWYSjVA.
June 18, 2019
18:30 - 19:00 Dinner
19:00 - 19:15 Welcome
19:15 - 20:00 Recon Recon by Martijn Baalman
20:00 - 20:15 Break
20:15 - 21:00 The Good, The Bad and The Ugly of Responsible Disclosure by Chrissy Morgan
21:00 - Closing and networking
1015 BT Amsterdam
Martijn Baalman aka @x1m_martijn - “Recon Recon”:
In the daytime, Martijn is a pen tester at Qbit Cyber Security, and by night he is bug bounty hunting in the wild and sending PoCs to Detectify Crowdsource and other bug bounty platforms. Recon is key for finding vulnerabilities yet is tedious at times. Hackers, like developers, find that automation makes life easier, even recon. Martijn has developed something called ReconPi, a bug bounty reconnaissance tool that automates most of the (general) recon methods that hackers use. He’ll show you how he does all his recon, yes everything, on a Raspberry Pi 3 in his lightning talk.
Chrissy Morgan aka 5w0rdFish - “The Good, The Bad and The Ugly of Responsible Disclosure.”
So what’s has a JQuery bug that affected thousands of websites with one of the highest starred GitHub repos with 7,800 forks, a Domain Name Registrar vulnerability which allowed for full access to domain owner details (post GDPR) and data protection flaws within Microsoft’s Office365 all have in common? … Answer: Responsible Disclosure. This talk will feature disclosure on each of the bugs and others, the circumstances around these when reporting, to highlight the problems security researchers face today when trying to do the right thing and to raise awareness of the security flaws so we are better protected.
Chrissy leads the IT Security Operations for a Close Protection company and in her spare time Chrissy has carried out research in the areas of web application security, Steganography, RFID, Physical Cyber Systems Security and is actively involved within the information security community across a wealth of subjects. She also runs The Co-Lab in London, which is a hardware hacking security research workshop. As a recent Napier Masters Graduate, she has accomplished the following successes so far: Winner of Cyber Security Challenge UK (University Challenge - Team Edinburgh Napier), CTF Finalist for the Pragyan CTF (Team Edinburgh Napier) , A BlackHat Challenge Coin winner for OSINT from Social Engineer.org and Black Hat Scholarship, Steelcon Award, WISP Sponsorship, was the BSides London Rookie Track Speaker Winner for 2018 and most recently won the ISC(2) Up and coming Security Professional 2019.
January 17, 2019
18:30 - 19:00 Dinner
19:00 - 19:15 Welcome, OWASP update
19:15 - 20:00 Machine Learning vs. Cryptocoin Miners by Jonn Callahan
20:00 - 2-:15: Break
20:15 - 21:00 Running at Light Speed: Cloud Native Security Patterns by Jack Mannino
21:00 - Closing
1213 VB Hilversum
Machine Learning vs. Cryptocoin Miners:
With the advent of cryptocurrencies as a prevalent economic entity, attackers have begun turning compromised boxes and environments into cash via cryptocoin mining. This has given rise for the necessity to detect compromised environments by analyzing network traffic logs for evidence of cryptocoin miners operating within a given network. In this talk, I’ll be reviewing various ML and statistical analysis techniques leveraged against VPC Flow Logs for this very purpose. It will not be a deep dive of the math involved, but instead a general discussion of these techniques and why I chose them.
Running at Light Speed: Cloud Native Security Patterns
No matter how fast you ship software, a good design is critical to security. Cloud native systems are no exception. Containerized microservices running on distributed management and orchestration platforms, bring new challenges to address as well as classic software problems that we’ve been dealing with for years. Secure software design patterns can be used to model security controls at different trust boundaries within your architecture, providing security in a repeatable and consumable way. Using patterns such as the Service Mesh or Ambassador pattern lets us focus on proper security control placement and lifting security outside of the core services we’ve traditionally bolted security onto later.
The goal of this presentation is to arm software developers and security architects with reference architecture guidance that can be used in any cloud native environment. The topics we’ll cover include multi-tenancy considerations, authentication, authorization, encryption, and more. We will focus on newer cloud native architecture patterns as well as some classic software design patterns that are still applicable. At the end of this presentation, you’ll have a greater understanding of cloud native security design at an architectural level and you’ll be eager to begin white-boarding your ideas.
Speakers info: Jonn Callahan has worked in appsec for half a decade across a wide variety of languages, technologies, and sectors. While constantly looking for new things to play with, he rediscovered his love for the universal language of math and, consequentially, the power of statistical analysis and machine learning. He now seeks to dismantle the black magic of these techniques, showing that they don’t require an advanced mathematics degree to be leveraged, as well as to find novel ways to apply them within the security space Jack Mannino is the CEO of nVisium. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world’s largest software teams enhance security across their software portfolios. He has spoken at conferences globally on topics such as secure design, mobile application security, and cloud-native security.