- Amsterdam Secure Software Development: The Devops Edition
This is our 3rd meetup and the last one for 2018. In this special DevOps edition meetup, we have invited Henry Been and Wouter van Rooij to talk about DevOps and Security. We kick-start the meetup at 18:15 with Pizza and drinks followed by the talks. Schedule ------------- 18:00 Doors open ---- 18:15 Pizza and drinks ---- 18:45 Wouter van Rooij: "Devops engineers need to think in principles" ---- 19:30 - 19:45 Break ---- 19:45 Henry Been: "Managing secrets in the cloud" ---- 20:30 Closing Speakers ------------- About Wouter van Rooij -------------------------------- Business Unit leader Cyber Security at onepoint NL. Wouter is a so called native hacker. He visited his first hacker conference at the age of 13 and has been a security enthusiast ever since. At the beginning of 2013, this hobby turned into a professional career. With a strong focus on mobile application in the beginning, he developed himself into a wide-focused security specialist. Currently, Wouter is the Business Unit leader of onepoint NL in the area of cyber security. He is responsible for creating a security portfolio, building a team and developing business in the field of Cyber Security. About Henry Been ------------------------- Henry is a DevOps & Azure architect from Texel, an island in the north of the Netherlands. He works with different customers to help teams create great software and deliver value to their customers faster. His interests include Agile, Azure and DevOps.
- OWASP Zap and overlay networks
We had a very successful first meetup so very happy to present our second one. This one is on OWASP Zap and Overlay Networks. Together with Johanna Curiel and Marc Barry we will focus on the back end and Ops parts of Secure Software Development. Entrance is FREE and pizza is INCLUDED! The program: 17:45 Doors open 18:15 Johanna Curiel 101: From Secure Coding to Secure Testing Understanding How to implement security controls and test your own code One of the biggest challenges for developers is to understand how certain vulnerabilities in code leads to security vulnerabilities. In this demo presentation we will show a Java program without proper security controls and how the lack of them leads to XSS Injections, CRSF Attacks or disclosure of information that serves hackers to gain information to compromise your system. In addition, we will also demonstrate the same classes with proper controls in place and how to test your code implementation using an attack proxy such as ZAP/BURP. Food 19:15 Marc Barry Using overlay networks to improve security, hide from attackers and simplify your network connections A technical talk discussing the security and connectivity challenges of today's Internet, and the opportunity for overlay networks to help. https://westgatecyber.com/documents/enclave_stealth_networks_one_pager.pdf The speakers: Johanna Curiel, Security Engineer at Mobiquity, Inc. Johanna Curiel is a security engineer and researcher with 18 years experience in programming, testing and quality control. Her early encounters with hackers and cybercrime was a turning point in her career to work in the area of Cyber security. Johanna has been an active contributor of the Open Source community through Google Mentor Summer of Code in projects such as OWASP ZAP. In addition, has also presented in International security conference such as OWASP, Blackhat and DEFCON US. She is an active contributor and freelance writer for TechBeacon which is part of HP enterprises. Marc Barry, CTO at Westgate Cyber Security. Marc is a Master's graduate in Information Security who builds, researches and secures computer networks. He has worked extensively with internet-based technologies, encryption and digital assurance, spending several years prior to Westgate leading the security and infrastructure team of a UK based agency, delivering technical solutions to Government and enterprise.
- Learn about crypto, automated pentest mobile, hack a tv, Agile and regulations!
Our first meetup will have presentations on a range of aspects of secure software development. We will hear how we can make sure that the regulations and security aspects that need to be implemented during an agile development process. We will learn how to use OWASP-Zap for pentesting of mobile apps in an automated way. After a pizza break we will have fun with a TV and to finish of we will revisit the basics of cryptography that we should be using to secure our connections to other servers or clients. The program: 17:00 Doors open 17:15 Compliance and Agile - Break down the waterfall by Erik-Jan Davids GDPR and the EU Medical Device Regulation are just two examples of new regulations that have a significant impact on how we develop software. Will this throw us back into long lost times of waterfall projects? Let's explore how agile software development and regulatory compliance can live happily ever after. 17:45 Automating Mobile Pentesting with UIAutomator and OWASP ZAP by Johanna Curiel & Darwesh Yadav 18:15 Pizza break 18:45: Tvoodoo by Valerio Mulas, Salvatore La Fiura Valerio and Salvatore will have some fun with our smart (?) tv. 19:15 Crypto 101 by Oliver Milke fresh from Javaland 2018, Oliver will present us a translated version of his highly rated presentation on cryptography basics for developers and DevOps. The speakers: Eric-Jan Davids, Privacy Officer at Mobiquity, Inc. Johanna Curiel, Security Engineer at Mobiquity, Inc. Heavily involved with OWASP. Darwesh Yadav, Mobile Competence Lead at Mobiquity, Inc. Valerio Mulas, DevOps Engineer at Mobiquity, Inc Salvatore la Fiura, Mobile Competence Lead at Mobiquity, Inc. Oliver Milke, Software Craftsman @cloudogu working on Cloudogu EcoSystem, JavaFX enthusiast, involved in 4Kids, co-orga of JUG Ostfalen, weight lifter and free athlete, board gamer