Invalid quantity. Please enter a quantity of 1 or more.
The quantity you chose exceeds the quantity available.
Please enter your name.
Please enter an email address.
Please enter a valid email address.
Please enter your message or comments.
Please enter the code as shown on the image.
Please select the date you would like to attend.
Please enter an email address.
Please enter a valid email address in the To: field.
Please enter a subject for your message.
Please enter a message.
You can only send this invitations to 10 email addresses at a time.
$$$$ is not a properly formatted color. Please use the format #RRGGBB for all colors.
Please limit your message to $$$$ characters. There are currently ££££.
$$$$ is not a valid email address.
Please enter a promotional code.
N/A
Sold Out
Unavailable
Please enter a password with at least 8 characters.
You have exceeded the time limit and your reservation has been released.
The purpose of this time limit is to ensure that registration is available to as many people as possible. We apologize for the inconvenience.
This option is not available anymore. Please choose a different option.
Please read and accept the waiver.
All fields marked with * are required.
Please double check your email address. The email address format does not appear valid.
Please double check your email address. Your emails do not match.
$$$$ requires a number between ££££ and §§§§
US Zipcodes need to be 5 digits.
Postal code may contain no more than 9 letter or number characters.
Please double check your website URL.
All fields marked with * are required.
Your card expiration date is in the past.
Your card CSC needs to be 4 digits.
Please confirm your order: $$$$ You have selected to Pay by Check.
Click OK to confirm your order.
Please confirm your order: $$$$ You have selected to Pay at the Door.
Click OK to confirm your order.
Please confirm your order: $$$$ You have selected to Pay upon Receiving an Invoice.
Click OK to confirm your order.
Your card CSC needs to be 3 digits.
Sofort is only available in Germany and Austria.
Boleto Bancario is only available in Brazil.
PagoFacil is only available in Argentina.
Rapipago is only available in Argentina.
Please enter a valid IBAN number.
You need to accept to charge your bank account.
Your billing zip code needs to be 5 digits.
Please double check your CEP info. The CEP format should be something like 12345-678.
Please double check your tax identifier.
There was a problem saving your address.
There was a problem saving your card info.
There was a problem saving your personal information.
Please select the date you would like to attend.
McAfee Secure sites help keep you safe from identity theft, card fraud, spyware, spam, viruses and online scams.
Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.
Unknown card type.
No card number provided.
card number is in invalid format.
Wrong card type or card number is invalid.
card number has an inappropriate number of digits.
Please enter numbers here.
Please enter an integer value.
Numbers must be less or equal to $$$$
All the required fields have not been filled out. Click OK to proceed without all the required information, or click Cancel to finish entering the missing data.
Job titles must be less than 50 characters.
Please enter a donation amount.
Please select an attendee for donation.
There is currently an issue with card submission on Safari with iOS7. Please try again with a different browser or device.
Sorry, invalid event registration form.
Sorry, invalid event or database error.
Sorry, quantity must be a positive integer.
Sorry, you did not select a valid ticket.
Sorry, invalid event organizer email address.
Your order was canceled.
Thank You. Your order has been successfully completed. Your name and email address have been added to the list of event attendees.
Sorry, that option is sold out.
Sorry, that option is no longer available.
Sorry, you entered an invalid quantity. Please enter a quantity of 1 or more next to the type or types of tickets you would like to purchase.
Sorry, you did not select any tickets to purchase. Please enter a quantity of 1 or more next to the type or types of tickets you would like to purchase.
Sorry, there are no tickets left for this event.
The tickets, ticket quantity or date and time you've requested are no longer available, due to previous sales. Please choose a different date, time or number of tickets and place your order again.
Sorry, one or more of the tickets you requested are no longer available for purchase.
Sorry, you need to select the date you want to attend.
Sorry, the promotional code you entered is not valid yet.
Sorry, the promotional code you entered has expired.
Sorry, the promotional code you entered is not valid.
Your session has expired. Try ordering again.
Sorry, your requested ticket quantity exceeds the number provided by your promotional code.
"In this Chapter meeting we will not REST until we have designed an access control mechanism to protect your web services..."
Programme:
18:30 - 19:15 Registration & Pizza
19:15 - 20:00 “Access Control Design Best Practices” – Jim Manico
20:00 - 20:15 Break
20:15 - 21:00 “RESTful services, the web security blind spot” – Ofer Shezaf
21:00 - 21:30 Networking
Access Control Design Best Practices
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
RESTful web services, the web security blind spot
As a light weight alternative to web services, RESTful services are fast becoming a leading technology for developing mobile applications and web 2.0 sites. Upon first glance, RESTful services seem very different than web services and suspiciously similar to regular web technology. The similarity of RESTful services to regular web leads to the misconception that RESTful services are secured in the same way. However, RESTful services share many of the security risks of web services without the compensating Web Services security controls. The presentation will describe RESTful services and their use, the complexities in protecting them and common attack vectors that specific to REST services such as ULR embedded attacks. The presentation concludes with a discussion of the challenges of security testing for RESTful services and present novel approaches for automated testing of RESTful services using grey-box testing, a method combining a client attack tool and a server based monitor.
Jim Manico
Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. He authors and delivers developer security awareness training for WhiteHat Security and has a background as a software developer and architect. Jim is also a global board member for the OWASP foundation. He manages and participates in several OWASP projects, including the OWASP cheat sheet series and the OWASP podcast series.
Ofer Shezaf
Ofer Shezaf is an internationally recognized application security expert. Ofer manages security solutions at HP ArcSight and prior to that managed web security research at HP Fortify and at Breach Security. Ofer is an OWASP (Open Web Application Security Project) leader, the founder of the OWASP Israeli chapter and a WASC (Web Application Security Consortium) officer. Ofer is leading the Web Application Firewall Evaluation criteria project and founded the ModSecurity core rule set project and the WASC web hacking incident database project. Ofer is blogging about the role and value of information security at www.xiom.com trying to separate myth and reality in the information security world.
Directions:
By public transport
From Amsterdam Central Station
Metro tram 51, direction Amstelveen Westwijk (16 minutes), stop at: De Boelelaan/VU
Tram 5, direction Amstelveen Binnenhof (25 minutes), stop at: De Boelelaan/VU
Tram 16 or 24, direction VUmc, final stop
From Station Amsterdam Zuid
Express tram 51 (1 minute), direction Amstelveen Westwijk
Tram 5 (1 minute), direction Amstelveen Binnenhof
It's a 10 minute walk to the VU from Station Amsterdam Zuid
By car
The A-10 Amsterdam ring road can be reached from all directions. Follow the A-10 to the Zuid/Amstelveen exit S 108. Turn left at the end of the slip road onto Amstelveenseweg: after about three hundred yards (at the VU University hospital building) turn left again onto De Boelelaan. VU University Amsterdam can be reached via city routes S 108 and S 109.
Parking
There is a limited amount of parking space around VU University Amsterdam itself in De Boelelaan, which has parking bays, and also in Karel Lotsylaan. There is paid parking on VU Amsterdam parking lot to the right of the Hospital Outpatient Clinic. There is even more parking space on the east side of Buitenveldertselaan at the junction with Willem van Weldammelaan, within 5 minutes walking distance of VU University Amsterdam. A number of parking places for the handicapped are reserved in front of the VU University Amsterdam Main Building and within its grounds.
OWASP Foundation is a professional association of global members and is open to anyone interested in learning more about application security. Local chapters are run independently and governed by the Chapter Leader Handbook. As a 501(c)(3) non-profit professional association.
Share OWASP Netherlands Chapter Meeting April 10th, 2013 Amsterdam NL
Share Tweet