September 2023 OWASP Chapter Netherlands Meetup

Location: Hogeschool van Utrecht
Address: Heidelberglaan 15, 3584CS Utrecht

See https://owasp.org/www-chapter-netherlands/upcomingevents for more information about the OWASP Netherlands chapter.

18:00 - 18:15 - Reception of attendees
18:15 - 19:00 - Pizza
19:00 - 19:15 - Welcome and OWASP updates
19:15 - 20:00 - SAST, DAST, IAST… xAST de-mystified by Martin Knobloch
20:00 - 20:15- Break with drinks
20:15 - 21:00 - DAST in the world of DevSecOps by Amit Sharma

SAST, DAST, IAST… xAST de-mystified
Abstract:
Dev[Sec]Ops has embraced CI/CD’s build, test and deployment approach, now pushing secure test automation into the dev’s build pipelines.
Now with SCA added to the xAST security verification in your pipeline, as more is better, right?
But, without clear expectation what to expect from your tool (usage), how to choose the right tool?
During this presentation, you will be guided to define the problem first, in order to choose the tools to solve it. Let’s grow maturity and not push on security test automation in the development pipelines but adding useful quality assurance in your production line!

Bio:
Martin Knobloch, Global AppSec Strategist with Fortify, part of OpenText, is a long-time security leader with more than 25 years of experience in the field of IT and +15 in Cyber security.
With a background in software development and architecture, his focus is on software security. Martin is actively involved in OWASP where he is a frequent contributor to various projects and initiatives. Martin is taking part in the organizing of local and global OWASP conferences and served more than 5 years as a member of the Board of Directors, two of them as Chairmen of the board.
During his career, Martin has been a recognized teacher, guest lecturer at various universities and invited speaker and trainer at local and international software development, testing and security conferences throughout the world.

DAST in the world of DevSecOps
Abstract:
During this session, we will delve into the intricate details of dynamic testing as a cutting-edge technology. We aim to uncover the finer nuances that define this approach and shed light on the experiences that illuminate the path to harnessing its full potential. Particularly, we will focus on navigating the transition from conventional software development life cycle (SDLC) methodologies towards embracing novel processes in software development. By sharing valuable insights, we aspire to guide you through the journey of effectively integrating dynamic testing into your evolving strategies, ensuring optimal outcomes and enriched decision-making as you embark on this transformative expedition.

Bio:
Amit Kumar Sharma is a Security Evangelist with more than a decade of experience in Application Security and Fuzz testing. He has worked in various roles including but not limited to Penetration Testing and Red Teaming. During his career he got a chance to work with various technologies in the domain of Telecom, Medical, ICS and Automotive Security. He works as a Security Specialist with Synopsys Inc , an organization which provides Products and Consultation on how security fits in the SDLC and evangelizing technologies like IAST, Open Source Security, Binary Analysis and Fuzz testing to uncover security issues. Currently his areas of research includes DevSecOps, Security in SDLC, Kubernetes Security and Secrets Management.