OWASP Netherlands
Main Supporters Upcoming Events Past Events Resources
April 18 2024
This is an online meeting and will be streamed on YouTube. The meeting will start at 19:00.
Please register via: https://www.meetup.com/owasp-chapter-netherlands-meetup/events/299755205/
19:00 - 19:10 - Welcome and OWASP updates
19:10 - 19:55 - API Security: OWASP API Top 10 Unlocked by Erez Yalon and Paulo Silva
19:55 - 20:00 - Questions and Break
20:00 - 20:15 - OWASP Security Champions Guide - Updates
20:15 - 21:00 - How (not) to use secrets with OWASP WrongSecrets by Ben de Haan
API Security: OWASP API Top 10 Unlocked
Abstract:
APIs play a central role in today’s economy, powering the exchange of data and services between applications and businesses. However, with great power comes great responsibility, and API security is more critical than ever.
In this session, we will discuss the OWASP API Security Top 10, a comprehensive guide to the most critical API security risks which was first released in 2019 and updated in 2023. We will then dive into real-world examples of API security issues found on well-known solutions powered by APIs, providing a detailed analysis of the vulnerabilities and the impact they could have had on the affected organizations.
By the end of this session, you will have a better understanding of the importance of API security and the steps you can take to protect your organization’s APIs from attacks.
Bio:
Erez Yalon:
Erez Yalon is the VP of Security Research at Checkmarx. Yalon oversees Checkmarx’s research team comprising analysts, pen testers, security engineers, and bug bounty hunters. He brings vast experience to his position and his efforts to empower today’s developers and organizations to deliver more secure applications. Yalon is the Founder of the DEF CON AppSec Village and co-leads the OWASP API Security Project. Over the years, Yalon has been invited to speak at prominent events, including RSAC, Black Hat, DEF CON, and OWASP’s global conferences, and featured in news outlets such as Fortune, Forbes, Wired, TechCrunch, and Dark Reading.
Paulo Silva:
Paulo Silva is a security practitioner with a solid background in software development, who has spent the last decade focused on identifying critical vulnerabilities and breaking software. Paulo is a long-time OWASP volunteer and co-leader of the OWASP API Security Project, where he advocates for secure API practices and contributes significantly to mitigating security risks in the API landscape.
OWASP Security Champions Guide - Updates
Abstract:
OWASP Security Champions Guide project team will provide updates on the release of the next OWASP Security Champions Guide!
How (not) to use secrets with OWASP WrongSecrets
Abstract:
If you want to bring an app to production, you need to know where to put your secrets and how to access them safely. In this session, we’ll go into how to not use secrets with a purposefully vulnerable application. We hope you’ll take this knowledge and not make the same mistakes in your own app. Of course, you’ll also learn a thing or two on how to do secrets management properly. Alternatively, you can use this app to teach others!
Bio:
Ben de Haan:
I am a Freelance Security Consultant and engineer, and co-project lead of OWASP WrongSecrets. My specialties are security in application development/SRE and cloud. Outside of regular work, I like to spend time creating cool (and secure) apps.