OWASP Netherlands Chapter Meeting
January 31st, 2013
"Broken Online Strong Authentication and OWASP update"
This chaptermeeting will be about broken online strong authentication with banking web applications and OWASP updates.
18:30 - 19:00 Registration
19:00 - 19:45 The Truth about the e.dentifier2 - Erik Poll
19:45 - 20:00 Break
20:00 - 20:45 OWASP Update - Martin Knobloch
20:45 - 21:30 Networking
The Truth about the e.dentifier2
We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device – a smartcard reader with a display and numeric keyboard – to authorise transactions with their bank card and PIN code. Such a set-up could provide a very strong defence against online attackers, notably Man-in-the-Browser attacks, where an attacker controls the browser and host PC. However, we show that the system we studied is flawed: an attacker who controls an infected host PC can get the smartcard to sign transactions that the user does not explicitly approve, which is precisely what the device is meant to prevent.
Erik works in the Digital Security group of the Radboud University on a range of topics in security, including smartcards, security protocols, software security, and critical infrastructures (esp. the smart grid).
News and updates on OWASP BeneLux 2013, OWASP Dutch Chapter meetings, AppSec EU 2013, OWASP Connector, the OWASP Newsletter and new OWASP initiatives.
Martin Knobloch is member of the Dutch chapter board and chair of the Global Education Committee. Next to this he contributes to several projects as the OWASP Education Project and the OWASP Academy Portal.
Martin is an independent security consultant and owner of PervaSec. His main working area is (software) security in general, from awareness to implementation. In his daily work, Martin is responsible for education in application security matters, advise and implementation of application security measures.
Download: Route Zoetermeer in English
Take the Zoetermeer exit and turn left at the end of the slip road. At the first traffic light, turn right onto Zuidweg. Continue along this road. You will now be driving parallel to the railway tracks. After a loop in the road, Zuidweg will become Afrikaweg. Take the first left turn onto Meerzichtlaan. At the roundabout, take the second exit to Bredewater and turn left after about 400 metres (Groenewater) and you will have arrived at Bredewater 24.
Take the Zoetermeer-Centrum exit and turn left at the end of the slip road. Take first left turn onto Meerzichtlaan. At the roundabout, take the second exit to Bredewater. Turn left after about 400 metres (Groenewater) and you will have arrived at Bredewater 24.
Travel in the direction of The Hague/Rotterdam to the Prins Claus traffic junction and continue in the direction of Utrecht to the Zoetermeer-Centrum exit. Turn left at the end of the slip road. Take the first left turn onto Meerzichtlaan. At the roundabout, take the second exit to Bredewater and turn left after about 400 metres (Groenewater) and you will have arrived at Bredewater 24.
Travelling from The Hague Central Station, take the local train (the ‘stoptrein’, not the Intercity) to Gouda/Utrecht and exit the train at Zoetermeer Station.
Travelling from Utrecht/Gouda, take the local train (the ‘stoptrein’, not the Intercity) to The Hague and exit the train at Zoetermeer Station. Bredewater 24 is located at about 10 minutes’ walking distance from Zoetermeer Station.
There's ample parking available at the venue.
When & Where
OWASP Netherlands Chapter
OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about application security. Local chapters are run independently and governed by the Chapter Leader Handbook. As a 501(c)(3) non-profit professional association.