March 2024 OWASP Chapter Netherlands Meetup

See https://owasp.org/www-chapter-netherlands/upcomingevents for more information about the OWASP Netherlands chapter.

18:00 - 18:15 - Reception of attendees
18:15 - 19:00 - Pizza
19:00 - 19:15 - Welcome and OWASP updates
19:15 - 20:00 - How to get Dev(Ops) teams to start adopting DevSecOps by Sebastiaan Rijnbout
20.00 - 20:15 - Break with drinks
20:15 - 21:00 - Cracking the API: Challenges in IoT and Modern Applications by Yianna Paris

How to get Dev(Ops) teams to start adopting DevSecOps
Abstract:
In many development environments, security has long been seen as an afterthought or even a right-out hindrance. And forcing security onto developers often has an adverse effect. In this talk we will share the journey we have been making at the Dutch Chamber of Commerce (KVK) to get Development teams to adopt DevSecOps in a way that works best for them. Topics that will be discussed include Secure Development training, Security Champions, Threat Modeling and using the right tooling.

Bio:
Sebastiaan Rijnbout has a background as .NET developer and has worked in that field for over 12 years, but since 2017 he has started focusing on AppSec and Dev(Sec)Ops.

When getting teams and organisations to adopt DevSecOps, Sebastiaan will look at all aspects of DevSecOps (People, Process and Technology) like setting up developer training programs and security champion programs, rolling out company-wide Security tooling and improving working processes. But always keeping a focus on making things easy and efficient for developers.

In his current role at the Dutch Chamber of Commerce (KVK) Sebastiaan acts as Product Owner for 4 Dev(Sec)Ops support teams. These teams are responsible for enabling all development teams at KVK to deliver secure and high-quality software as efficiently as possible.

Cracking the API: Challenges in IoT and Modern Applications
Abstract:
Securing API’s is about more than just an endpoint, it’s about the data shared, customer privacy, and the access we give to unauthorised parties. Now as we are connecting more devices than ever, to more third parties than ever, securing APIs needs an offensive mindset from the design phase.

In this talk I’ll go over some of the techniques I use when testing, common issues I’ve found and their impact, and the state of IoT and modern web applications.

Security issues can arise from misconceptions early in the software process, so I’ll also discuss how we might mitigate some of these with thoughtful design, architecture and development.

Bio:
From user experience to software engineering, Yianna has a diverse background with one thing in common - exploring the intersection between human interaction and technology. Currently she is an Offensive and Application Security Engineer at Xebia. Working in tech teams and researching new offensive techniques remains a daily drive for her. She’s passionate about giving back to the community, having presented at DEFCON, hosted security meetups, delivered workshops, contributed to OWASP Low Code / No Code, as well as building and contributing to open source tooling.