This event has ended

OWASP Netherlands Chapter Meeting, November 14th, 2011

OWASP Netherlands Chapter

Monday, November 14, 2011 from 7:00 PM to 9:30 PM (CET)

OWASP Netherlands Chapter Meeting, November 14th, 2011

Ticket Information

Type Remaining End Quantity
OWASP Netherlands Chapter Meeting, November 14th, 2011   more info 23 Tickets Ended Free  

Share OWASP Netherlands Chapter Meeting, November 14th, 2011

Event Details

OWASP Netherlands Chapter Meeting

November 14th, 2011

Delftse Poort, Rotterdam

 

Confirmed speakers:

David Rook

 

David Rook

David Rook is the Application Security Lead at Realex Payments in Dublin. He is a contributor to several OWASP projects including the code review guide and the Cryptographic Storage Cheat Sheet. He has presented at leading information security conferences including DEF CON, BlackHat USA and RSA Europe. In addition to his work with OWASP David created a security resource website and blog called Security Ninja (http://www.securityninja.co.uk).

In 2010 the Security Ninja blog was nominated for five awards including the best technology blog at the Irish Blog Awards, the Computer Weekly IT Security blog award and was a finalist for the Irish Web Awards Best Technology Site. In 2011 David received a Developer Security MVP award from Microsoft. David has recently become one of the first mentors in the Information Security Mentors project helping young people progress their information security careers.

Abstract

Agnitio: the security code review Swiss army knife

Teaching developers to write secure code, helping security professionals find security flaws in source code, producing application security metrics and reports with integrity checks and audit trails. If you want to implement an SDLC that produces secure software with the audit trails and reports frequently demanded by auditors and management you need to acknowledge that these are key constituents and implement them in a form that is both easy to understand and use.

This is far easier to talk about than it is to implement in the real world where well structured SDLC’s are rare and application security programmes are usually under funded. Working with developers, security professionals and management to cultivate an environment where secure code is written and flaws found consistently requires both time and money. The same can be said for producing informative reports and metrics when all of your security code review data resides in notepad, Word and Excel files. With these problems in mind I developed Agnitio to be my security code review Swiss army knife and released it as a free tool in late 2010.

In this demonstration filled talk I will show how Agnitio can be used to addresses repeatability, integrity and audit trail concerns by requiring the creation of application profiles, the use of a security code review checklist consisting of over 80 application security questions and mandatory integrity checks for reviews and reports created using the tool. I will demonstrate how the inbuilt secure coding and security code review guidance modules allow developers and security professionals to access the information they need precisely when they need it. I will also show how Agnitio automatically creates metrics and reports bringing much needed visibility to the security code review process with no extra effort required from the reviewer, developers or management.

Agnitio v2.1 will be demonstrated during this talk which will show how Agnitio’s already powerful feature set has been expanded to guidance and questions linked to the OWASP top 10 mobile risks as well as the ability to decompile and analyse Android applications.

 

 

Alex Thissen

 

Alex Thissen

Alex Thissen is a principal architect at Achmea and concentrates on integration-architecture and security. You can meet hem at various conferences and seminars where he will share his experiences from the field. He likes just about everything related to Microsoft products and technologies, but tries to focus on building secure web-applications in distributed enterprise environments.

Abstract

Implementing SDLC and lessons learned Paying attention to security during application development is a must. Yet, often we find that security didn’t get the attention it should have had. One of the ways to force yourself to “think and act security” is to embed security in your development process. The Microsoft Security Development Lifecycle (SDL) is a platform-agnostic approach for applying security during the various stages of your development process. In this session you will get an overview of the Microsoft SDL and how it fits in “traditional” and agile projects. But, with just an approach you are not done. This session will also show the hurdles that Achmea encountered during the implementation of an SDL, and what should be done to make an SDL successful. You will get to see the lesson learned from the Microsoft Competence Centre at Achmea IT.

 

 

Programme:

18:00 - 19:00  Registration & Snack
19:00 - 19:15  OWASP update
19:15 - 20:00  Alex Thissen - Implementing SDLC
20:00 - 20:15  Break
20:15 - 21:00  David Rook - Agnitio

 

Route Description:

 

From The Hague / Amsterdam

Approaching the Kleinpolderplein interchange from the direction of The Hague / Amsterdam (A13), keep to the right

and take the fly-over leading tot Rotterdam-Centrum. Along the Stadhoudersweg (at Stadhoudersplein junction keep

to the right again) and the Schiekade you will come straight tot the Hofplein roundabout. When you get to the

Hofplein roundabout from the Schiekade, turn right. The Delftse Poort office is on the Weena, beyond the second

street on the right. When you reach the building, turn right (this street is also called Delftse Poort). At the end, at

the Delftse Plein, turn left. You are then at the rear of the building, where the entrance to its parking facility is. The

second entrance on the left is for visitors. Using the intercom you can check in with Security. Through the garage

you have access to the building. The signs will guide you to the Central Hall.

 

From Breda

Coming from the direction of Breda (A16), go straight on after crossing the Van Brienenoord Bridge. At the

Terbregtseplein interchange, follow The Hague (A20). From the A20, take exit no. 14 to Rotterdam-Centrum at the

Schieplein interchange. Along the Schieweg and the Schiekade you will come straight to Hofplein roundabout. When

you get to the Hofplein roundabout from the Schiekade, turn right. The Delftse Poort office is on the Weena, beyond

the second street on the right. When you reach the building, turn right (this street is also called Delftse Poort). At

the end, at the Delftse Plein, turn left. You are then at the rear of the building, where the entrance to its parking

facility is. The second entrance on the left is for visitors. Using the intercom you can check in with Security. Through

the garage you have access to the building. The signs will guide you to the Central Hall.

 
Have questions about OWASP Netherlands Chapter Meeting, November 14th, 2011? Contact OWASP Netherlands Chapter

When

Monday, November 14, 2011 from 7:00 PM to 9:30 PM (CET)


  Add to my calendar

Organizer

OWASP Netherlands Chapter

OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about application security. Local chapters are run independently and governed by the Chapter Leader Handbook. As a 501(c)(3) non-profit professional association.

  Contact the Organizer

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.