OWASP Netherlands

Main    Supporters    Upcoming Events    Past Events    Resources

September 21 2023

Location: Hogeschool van Utrecht
Address: Heidelberglaan 15, 3584CS Utrecht

Please register via: https://www.meetup.com/owasp-chapter-netherlands-meetup/events/295296523/

18:00 - 18:15 - Reception of attendees

18:15 - 19:00 - Pizza

19:00 - 19:15 - Welcome and OWASP updates

19:15 - 20:00 - SAST, DAST, IAST… xAST de-mystified by Martin Knobloch

20.00 - 20:15 - Break with drinks

20:15 - 21:00 - DAST in the world of DevSecOps by Amit Sharma

SAST, DAST, IAST… xAST de-mystified

Abstract:

Dev[Sec]Ops has embraced CI/CD’s build, test and deployment approach, now pushing secure test automation into the dev’s build pipelines.
Now with SCA added to the xAST security verification in your pipeline, as more is better, right?
But, without clear expectation what to expect from your tool (usage), how to choose the right tool?
During this presentation, you will be guided to define the problem first, in order to choose the tools to solve it. Let’s grow maturity and not push on security test automation in the development pipelines but adding useful quality assurance in your production line!

Bio:

Martin Knobloch:

Martin Knobloch, Global AppSec Strategist with Fortify, part of OpenText, is a long-time security leader with more than 25 years of experience in the field of IT and +15 in Cyber security.
With a background in software development and architecture, his focus is on software security. Martin is actively involved in OWASP where he is a frequent contributor to various projects and initiatives. Martin is taking part in the organizing of local and global OWASP conferences and served more than 5 years as a member of the Board of Directors, two of them as Chairmen of the board.
During his career, Martin has been a recognized teacher, guest lecturer at various universities and invited speaker and trainer at local and international software development, testing and security conferences throughout the world.

DAST in the world of DevSecOps

Abstract:

-

Bio:

Amit Sharma:

Amit Kumar Sharma is a Security Evangelist with more than a decade of experience in Application Security and Fuzz testing. He has worked in various roles including but not limited to Penetration Testing and Red Teaming. During his career he got a chance to work with various technologies in the domain of Telecom, Medical, ICS and Automotive Security. He works as a Security Specialist with Synopsys Inc , an organization which provides Products and Consultation on how security fits in the SDLC and evangelizing technologies like IAST, Open Source Security, Binary Analysis and Fuzz testing to uncover security issues. Currently his areas of research includes DevSecOps, Security in SDLC, Kubernetes Security and Secrets Management.

November 23-24 2023

See https://www.owaspbenelux.eu for information.

October 19 2023

Location: Radboud University, Huygens building
Address: Heyendaalseweg 135, Nijmegen
Link: https://www.ru.nl/fnwi/faculteit/profiel/huygensgebouw

Please register via: https://www.meetup.com/owasp-chapter-netherlands-meetup/events/296179697/

18:00 - 18:15 - Reception of attendees

18:15 - 19:00 - Pizza

19:00 - 19:15 - Welcome and OWASP updates

19:15 - 20:00 - TBA by Marinus Kuivenhoven

20.00 - 20:15 - Break with drinks

20:15 - 21:00 - Unveiling the secrets in your code: Detecting and Triaging exposed credentials at scale by Ingmar Vis

Unveiling the secrets in your code: Detecting and Triaging exposed credentials at scale

Abstract:

Security misconfigurations are often easy to exploit but also easy to avoid. How can we raise security awareness and at the same time prevent security misconfigurations (such as leaked credentials) from reaching production? Is there an easy way to scan, triage and follow-up on exposed secrets at enterprise scale? ABN Amro open sourced Repository Scanner and runs Repository Scanner internally at scale, exposing secrets in source code repositories and thereby raising security awareness while at the same time improving the security posture by remediating security misconfigurations.

Bio:

Ingmar Vis:

Ingmar Vis has been working in CICD for 7 years. In his current role, Ingmar acts as a Product Owner for 2 teams at ABN Amro. 1 team is responsible for delivering the Secure Coding capability for all developers, the 2nd team is responsible for the infrastructure and automation of CICD tooling. Ingmar works on aspects such as Static Analysis, Software Composition Analysis, Container Security, and Secret Detection.