OWASP Netherlands

Local News


:;OWASP Netherlands Monthly meetup:

:: Next meetup OWASP NL Chapter Meeting, June 18th

::Slides and recordings are available OWASP Nl Chapter Meeting, January 17th

:;OWASP BeNeLux-Day 2018:


    [OWASP BeNeLux-Day 2018 - Mechelen,
    Belgium](OWASP_BeNeLux-Day_2018 "wikilink")
    [Click here for the OWASP BeNeLux-Day
    2017](OWASP_BeNeLux-Day_2017#tab=Conferenceday "wikilink")

Provisional 2017 Chapter Event Calendar

  • Slide Decks from past Chapter meetings can be downloaded from the Past Events page.

Other OWASP Events

::;OWASP International, Upcoming Events

Call for Presentations

::;OWASP NL Chapter Call For Presentation

Stay in contact:

| | | | | | | -------------------------------------------------------------- | ------------------------------------------------------------- | -------------------------------------------------------------------------------- | ----------------------------------------------------------------- | -------------------------------------------------------------------- | | ![Meetup-logo-2x.png](Meetup-logo-2x.png "Meetup-logo-2x.png") | ![Join_the_list.png](Join_the_list.png "Join_the_list.png") | ![Follow-us-on-twitter.png](Follow-us-on-twitter.png "Follow-us-on-twitter.png") | ![Linkedin-button.gif](Linkedin-button.gif "Linkedin-button.gif") | ![slack-horizontal.png](slack-horizontal.png "slack-horizontal.png") |


::;Our structural Chapter and OWASP OWASP BeNeLux-Day 2017 sponsor supporters:


    Interested in Sponsoring the Netherlands OWASP Chapter, email
    netherlands '@' owasp.org

OWASP Corporate Member:

| | | ---------------------------------------------------------------------------------------- | | ![200x60_netsparker_logo.png](200x60_netsparker_logo.png "200x60_netsparker_logo.png") |

OWASP BeNeLux-Day 2017 sponsor:

| | | ----------------------------------------------------------------------------------- | | ![Achmea_L1_RGB_colour.jpg](Achmea_L1_RGB_colour.jpg "Achmea_L1_RGB_colour.jpg") |
| | | | | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | [<https://www.owasp.org/images/6/67/Vest.jpg>](http://www.vest.nl) | [<https://www.owasp.org/images/f/ff/Secwatch_logo_small.png>](https://secwatch.nl) | ![Avi_Logo_Transparent_Background_300pix.png](Avi_Logo_Transparent_Background_300pix.png "Avi_Logo_Transparent_Background_300pix.png") |
| | | | | | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | | [<https://www.owasp.org/images/9/99/SIG_LOGO.png>](http://www.sig.eu/security) | [<https://www.owasp.org/images/7/78/Secura_logo_small.png>](https://www.secura.com/) | ![Xebia_logo-large-transparent.png](Xebia_logo-large-transparent.png "Xebia_logo-large-transparent.png") | [<https://www.owasp.org/images/9/9a/Logo_Informatiebeveiliging-200.png>](https://informatiebeveiliging.nl/) |


Provisional Chapter Event Calendar 2019

Date Type Location
February 8th, 2019 OWASP NL Wiki Amsterdam
June 18th, 2019 OWASP NL Wiki Amsterdam

Past Events

  • Events held in 2019
  • Events held in 2018
  • Events held in 2017
  • Events held in 2016
  • Events held in 2015
  • Events held in 2014
  • Events held in 2013
  • Events held in 2012
  • Events held in 2011
  • Events held in 2010
  • Events held in 2009
  • Events held in 2008
  • Events held in 2007
  • Events held in 2006
  • Events held in 2005

Chapter Leaders

The Netherlands Chapter is supported by the following board:

*OWASP Netherlands, OWASP Netherlands board email adres Our goal is to professionalize the local OWASP functioning, provide in a bigger footprint to detect OWASP opportunities such as speakers/topics/sponsors/… and set a 5 year target on: Target audiences, Different events and Interactions of OWASP global – local projects.

Chapter Support

Chapter Sponsoring

OWASP Netherlands is looking for organizations to sponsor our chapter. If you are interested in sponsoring the Netherlands chapter please contact us via email: netherlands ‘at’ owasp.org.


If you would like to donate to our chapter, please use the PayPal link at the top of this page.

  • Thank you!

Call for Speakers

We are continuously looking for speakers. Presentations: Are you working on an interesting subject, would you like to share your experience with the OWASP community and do you have presentation skills. Please let us know! Any topic related to web application security will be appreciated! VAC, Vulnerability, Attack, Countermeasure: The VAC is a re occuring part of the chapter meetings. The VAC is a half hour in-depth technical presentation about a vulnerability, how it can be exploited and how to prevent it! Links: Speaker Agreement Template Interested in presenting at a local chapter meeting, please send an email to: netherlands ‘at’ owasp.org




Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.

April 2, 2020

18:30 - 19:00
19:00 - 19:15
19:15 - 20:00
20:00 - 20:15
20:15 - 21:00
21:00 - Closing

May , 2020

18:30 - 19:00
19:00 - 19:15
19:15 - 20:00
20:00 - 20:15
20:15 - 21:00
21:00 - Closing

September 17, 2020

18:30 - 19:00
19:00 - 19:15
19:15 - 20:00
20:00 - 20:15
20:15 - 21:00
21:00 - Closing

November 26th and 27th 2020, BeNeLux Days


June 18, 2019 | January 17, 2019

June 18, 2019


18:30 - 19:00 Dinner
19:00 - 19:15 Welcome
19:15 - 20:00 Recon Recon by Martijn Baalman
20:00 - 20:15 Break
20:15 - 21:00 The Good, The Bad and The Ugly of Responsible Disclosure by Chrissy Morgan
21:00 - Closing and networking

Spaces Herengracht
Herengracht 124-128,
1015 BT Amsterdam

Martijn Baalman aka @x1m_martijn - “Recon Recon”:
In the daytime, Martijn is a pen tester at Qbit Cyber Security, and by night he is bug bounty hunting in the wild and sending PoCs to Detectify Crowdsource and other bug bounty platforms. Recon is key for finding vulnerabilities yet is tedious at times. Hackers, like developers, find that automation makes life easier, even recon. Martijn has developed something called ReconPi, a bug bounty reconnaissance tool that automates most of the (general) recon methods that hackers use. He’ll show you how he does all his recon, yes everything, on a Raspberry Pi 3 in his lightning talk.

Chrissy Morgan aka 5w0rdFish - “The Good, The Bad and The Ugly of Responsible Disclosure.”
So what’s has a JQuery bug that affected thousands of websites with one of the highest starred GitHub repos with 7,800 forks, a Domain Name Registrar vulnerability which allowed for full access to domain owner details (post GDPR) and data protection flaws within Microsoft’s Office365 all have in common? … Answer: Responsible Disclosure. This talk will feature disclosure on each of the bugs and others, the circumstances around these when reporting, to highlight the problems security researchers face today when trying to do the right thing and to raise awareness of the security flaws so we are better protected.

About Chrissy:
Chrissy leads the IT Security Operations for a Close Protection company and in her spare time Chrissy has carried out research in the areas of web application security, Steganography, RFID, Physical Cyber Systems Security and is actively involved within the information security community across a wealth of subjects. She also runs The Co-Lab in London, which is a hardware hacking security research workshop. As a recent Napier Masters Graduate, she has accomplished the following successes so far: Winner of Cyber Security Challenge UK (University Challenge - Team Edinburgh Napier), CTF Finalist for the Pragyan CTF (Team Edinburgh Napier) , A BlackHat Challenge Coin winner for OSINT from Social Engineer.org and Black Hat Scholarship, Steelcon Award, WISP Sponsorship, was the BSides London Rookie Track Speaker Winner for 2018 and most recently won the ISC(2) Up and coming Security Professional 2019.

January 17, 2019


18:30 - 19:00 Dinner
19:00 - 19:15 Welcome, OWASP update
19:15 - 20:00 Machine Learning vs. Cryptocoin Miners by Jonn Callahan
20:00 - 2-:15: Break
20:15 - 21:00 Running at Light Speed: Cloud Native Security Patterns by Jack Mannino
21:00 - Closing

Laapersveld 27
1213 VB Hilversum

Machine Learning vs. Cryptocoin Miners:
With the advent of cryptocurrencies as a prevalent economic entity, attackers have begun turning compromised boxes and environments into cash via cryptocoin mining. This has given rise for the necessity to detect compromised environments by analyzing network traffic logs for evidence of cryptocoin miners operating within a given network. In this talk, I’ll be reviewing various ML and statistical analysis techniques leveraged against VPC Flow Logs for this very purpose. It will not be a deep dive of the math involved, but instead a general discussion of these techniques and why I chose them.

Download the presentation as PDF
Link to the recording

Running at Light Speed: Cloud Native Security Patterns
No matter how fast you ship software, a good design is critical to security. Cloud native systems are no exception. Containerized microservices running on distributed management and orchestration platforms, bring new challenges to address as well as classic software problems that we’ve been dealing with for years. Secure software design patterns can be used to model security controls at different trust boundaries within your architecture, providing security in a repeatable and consumable way. Using patterns such as the Service Mesh or Ambassador pattern lets us focus on proper security control placement and lifting security outside of the core services we’ve traditionally bolted security onto later.

The goal of this presentation is to arm software developers and security architects with reference architecture guidance that can be used in any cloud native environment. The topics we’ll cover include multi-tenancy considerations, authentication, authorization, encryption, and more. We will focus on newer cloud native architecture patterns as well as some classic software design patterns that are still applicable. At the end of this presentation, you’ll have a greater understanding of cloud native security design at an architectural level and you’ll be eager to begin white-boarding your ideas.

Download the presentation as PDF
Link to the recording

Speakers info: Jonn Callahan has worked in appsec for half a decade across a wide variety of languages, technologies, and sectors. While constantly looking for new things to play with, he rediscovered his love for the universal language of math and, consequentially, the power of statistical analysis and machine learning. He now seeks to dismantle the black magic of these techniques, showing that they don’t require an advanced mathematics degree to be leveraged, as well as to find novel ways to apply them within the security space Jack Mannino is the CEO of nVisium. Passionate about security and impossible to keep away from a keyboard, his expertise spans over 15 years of building, breaking, and securing software. Jack founded nVisium in 2009, and since then has helped the world’s largest software teams enhance security across their software portfolios. He has spoken at conferences globally on topics such as secure design, mobile application security, and cloud-native security.