OWASP Netherlands Chapter Meeting June 20th, 2013 Amsterdam NL

Actions and Detail Panel

Sales Ended

Date and time


Hogeschool van Amsterdam, Amsterdam

36 Duivendrechtsekade

1096 AH Amsterdam


View map


OWASP Netherlands Chapter Meeting

June 20th, 2013

OWASP European Tour 2013, Dutch Edition



17:45 - 18:15 Registration

18:15 - 18:30 Intro

18:30 - 19:15 Simon Benetts - The OWASP Zed Attack Proxy (ZAP)

19:15 - 19:30 Break

19:30 - 20:15 Eoin Keary - Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead.

20:15 - 21:00 Steven van der Baan - Secure Coding, some simple steps help

21:00 - 21:30 Networking


The OWASP Zed Attack Proxy (ZAP)

By Simon Benetts

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing as well as being a useful addition to an experienced pen testers toolbox.
It is also community project, being maintained by a worldwide group of volunteers and is completely free, open source and cross platform. Since its release in 2010 ZAP has gone from strength to strength and is now a flagship OWASP project.
Simon will:
Introduce ZAP to those who have not encountered it before
Detail the new features in the most recent releases
Talk about the enhancements currently being worked on
Give an overview of the 5 ZAP related Google Summer of Code 2013 projects

Needles in haystacks, we we are not solving the appsec problem & html hacking the browser, CSP is dead.

By Eoin Keary

"Insanity is doing the same thing over and over and expecting different results." - Albert Einstein
We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? Our testing methodologies are non-consistent and rely on the individual and the tools they use. Currently we treat vulnerabilities like XSS and SQLI as different issues but the root causes it the same. – it’s all code injection theory!! Why do we do this and make security bugs over complex?
Why are we still happy with “Testing security out” rather than the more superior “building security in”?

Secure Coding, some simple steps help

By Steven van der Baan

Secure coding is often perceived as difficult and complex.
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.

Speaker Bio's:

Simon Benetts

Simon Bennetts has been developing web applications since 1997, and strongly believes that you cannot build secure web applications without knowing how to attack them.
He now works for Mozilla as part of their security team, is the OWASP ZAP project lead and has contributed to many other open source security projects.

Eoin Keary

Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org), and during his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, and the OWASP Cheat Sheet Series.

Eoin is a well-known technical leader in industry in the area of software security and penetration testing, and has led global security engagements for some of the world's largest financial services and consumer products companies. He is the CTO and founder of BCC Risk Advisory Ltd an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training.

Steven van der Baan

Steven is a passionate Security Consultant and Software Architect, with a broad history in software development and architecture. Steven has a varied background in developing complex systems, mainly in Java. He has the capability to analyse problems and provide sound advise on possible solutions. He can also design a solution that fits the wishes of the client. Steven is determined, steadfast and critical, likes to work in teams, but is capable to work on his own. He is always willing to share his knowledge and help his colleagues. Steven follows the latest developments in the security field to keep his knowledge up to date.


By public transport (Train)

Metro station Spaklerweg
From station Metro 51 from and to Central Station
From station Metro 53 from and to Central Station
From station Metro 54 from and to Central Station
From Station CS or Amstelstation with metro to Gaasperplas, Gein or Amstelveen Westwijk/Poortwachter, get out at halte Spaklerweg and walk ca. 10 minutes.

By car

Duivendrechtsekade is in the officepark 'Amstel Business Park' and is easy accessible via Ringweg A10 (South exit S111), which gives access to the A2 (Amsterdam-Utrecht) and the A4 (Amsterdam-Schiphol-Den Haag).

The OWASP Netherlands Chapter is sponsored by:

OWASP Netherlands Sponsors 2013

Save This Event

Event Saved