The OWASP Foundationhttp://www.owasp.org

OWASP BelgiumChapter

OWASPUpdate 6-Jun-2013

Seba DeleersnyderBE Board

seba@owasp.org

2

Agenda

Introduction

OWASP Near You

Introduction

OWASP WorldOWASP is a worldwide free and open community focused on improving the security of application software.

Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks.

OWASP is a worldwide free and open community focused on improving the security of application software.

Our mission is to make application security visible so that people and organizations can make informed decisions about application security risks.

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.

Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work.

5

Location / co hosting OWASP supporter

Sponsors Belgium 2012/2013

OWASP cannot recommend the use of products, services, or recommend specific companies

Thank you

OWASP Europe Tour

• Cambrige - 13th May (Monday) • Midlands - 15th May (Wednesday) • London - 3rd June (Monday) • Czech - 4th June (Tuesday) • Bucharest - 5th June (Wednesday)• Belgium - 6th June (Thursday) • Denmark - 10th of June (Monday) • Barcelona - 13th, 14th June (Thursday, Friday) • Finland - 17th June (Monday) • Netherlands - June 20th (Thursday) • Lisbon - 21st June (Friday) • France - 24th June (Monday) • Geneva - 25th June (Tuesday) • Dublin - 25th, 26th June (Tuesday, Wednesday) • Rome - 27,28th June (Thursday, Friday)

6

The OWASP Europe Tour objective is to raise awareness about application security in the European region, so that people and organizations can make informed decisions about true application security risks. Everyone is free to

participate in OWASP and all of our materials are available under a free and open software license.

Honeyn3t Ireland opened the CTF competition that will run until the end of the OWASP EU Tour:

http://eu.honeyn3t.ie/login.jsp

7

8

Latest news

OWASP Organisation:

• 2013 Board election: Call for candidates (deadline 16-Aug)

• 2013 WASPY (Web Application Security People of the Year) Awards(nominate best chapter leader, project leader, community supporter, mission outreach & Innovator)

Highlighted OWASP projects:

• Xenotix XSS Exploit Framework• WS Amplification DoS Project • Mutillidae 2 Project

9

Program18h15 OWASP update

Seba Deleersnyder, OWASP Belgium Board

18h30 – 19h15 Needles in haystacks, we are not solving the appsec

problem & html hacking the browser, CSP is dead

Eoin Keary, BCC Risk Advisory

Break

19h30 – 20h15 Teaching an Old Dog New Tricks: Securing Development with PMD

Justin Clarke, Gotham Digital Science

Break

20h30 – 21h15 Vulnerability Prediction in Android Applications Aram Hovsepyan, Ph. D.

OWASP near you

11

Next Belgium chapter meetings

•Mid October

•Mid December

•Suggestions for speakers / venues are most welcome!

Global AppSec EMEA 2013Aug. 20, 2013 - Aug. 23, 2013

Hamburg, Germany

Global AppSec North America November 18th - 21th

New York City, New York

BeNeLux 2013

•28-29 november 2013

•One day of trainings

•One day conference

•The Netherlands - Amsterdam

14

15

Subscribe mailing list

www.owasp.be

@owasp_be

Keep up to date!

16

Want to support OWASP?

Become member, annual donation of:

• $50 Individual

• $5000 Corporate

Enables the support of OWASP projects, mailing lists, conferences, podcasts, grants and global steering activities…http://batchgeo.com/map/

4f35033fd964eb692a5268d81d15e18c

17

Become a paid member during the first 10 days of June 2013 and receive all the regular benefits of OWASP membership in addition to being entered into a drawing for one of the following donated prizes: • 2 OWASP Lifetime Memberships • 2 Full Conference Passes for OWASP AppSec Research, August 22-23, 2013 in Hamburg

Germany • 2 Full Conference Passes for OWASP AppSec USA, November 20-21, 2013 in New York City • 4 Full Conference (Briefing Passes) to Black Hat USA 2013 • EC Council - Rocket City Takedown Con, July 15-16, 2013, Huntsville Alabama

• 1 training class of the attendee choice + 1 full conference pass • 2 full conference passes

• EC Council - Hacker Halted 2013 Angels vs. Demons, September 19-21, 2013 in Atlanta Georgia • 1 training class of the attendee choice + 1 full conference pass • 2 full conference passes

• 2 Full Conference Passes for (ISC)2 Secure Asia, Philippines - August 8-9, 2013 • 2 Full Conference Passes for (ISC)2 Security Congress, Sept 24-27, 2013 in Chicago Illinois • 2 Full Conference Passes for (ISC)2 Secure Brazil

Starting June 1, 2013 new or renewing OWASP Individual Members will be able to sign up for a 2-year membership for $95 USD or a Lifetime Membership for $500 USD.

18

Volunteer for Outreach/Social Media Volunteer For A Membership Initiative Volunteer For A Project Initiative Volunteer For An Industry Initiative Volunteer For A Chapter Initiative Volunteer For A Conference Initiative Volunteer For an OWASP Governance Initiative Are You a Developer? Volunteer To Provide Technical Assistance Sign up To Volunteer for AppSec USA 2013

START YOUR OWN INITIATIVE

https://www.owasp.org/index.php/OWASP_Initiatives_Global_Strategic_Focus

Enjoy!

19