From 9af29e5f0feca247b232341cf3820d9b128bc90f Mon Sep 17 00:00:00 2001 From: Patrick Reijnen Date: Sat, 17 Jun 2023 16:47:00 +0200 Subject: [PATCH] Fout hersteld in programma VJ22 Talks toegevoegd in programma NJ22 --- .../nluug/najaarsconferentie-2022/index.md | 4 +- .../talks/lucinda-sterk-talk-nerdy-to-me.md | 24 +++++++++ ...-cate-explotation-automation-mitigation.md | 50 +++++++++++++++++++ .../nluug/voorjaarsconferentie-2022/_index.md | 2 +- 4 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 content/evenementen/nluug/najaarsconferentie-2022/talks/lucinda-sterk-talk-nerdy-to-me.md create mode 100644 content/evenementen/nluug/najaarsconferentie-2022/talks/riccardo-ten-cate-en-glenn-ten-cate-explotation-automation-mitigation.md diff --git a/content/evenementen/nluug/najaarsconferentie-2022/index.md b/content/evenementen/nluug/najaarsconferentie-2022/index.md index fce433a..861f644 100644 --- a/content/evenementen/nluug/najaarsconferentie-2022/index.md +++ b/content/evenementen/nluug/najaarsconferentie-2022/index.md @@ -67,7 +67,7 @@ event_schedule: speaker: Lucinda Sterk title: Talk nerdy to me keynote: true - link: + link: talks/lucinda-sterk-talk-nerdy-to-me/ center: true size: 3 - row: @@ -87,7 +87,7 @@ event_schedule: talk: speaker: Riccardo ten Cate en Glenn ten Cate title: Exploitation, automation, mitigation - link: + link: talks/riccardo-ten-cate-en-glenn-ten-cate-explotation-automation-mitigation/ - column: talk: speaker: Mike Ciavarella diff --git a/content/evenementen/nluug/najaarsconferentie-2022/talks/lucinda-sterk-talk-nerdy-to-me.md b/content/evenementen/nluug/najaarsconferentie-2022/talks/lucinda-sterk-talk-nerdy-to-me.md new file mode 100644 index 0000000..16b14c8 --- /dev/null +++ b/content/evenementen/nluug/najaarsconferentie-2022/talks/lucinda-sterk-talk-nerdy-to-me.md @@ -0,0 +1,24 @@ +--- +categories: +date: 2022-11-29T20:31:43+02:00 +description: +layout: event-talk +slug: +tags: +title: "Lucinda Sterk - Talk nerdy to me" +speakers: +- lucinda-sterk +presentation: + filename: 2022-11-29-lucinda-sterk-talk-nerdy-to-me.pdf +recording: + platform: youtube + url: https://www.youtube.com/watch?v=xaEP29OZR3U +--- + +## Abstract + +Ik sta als communicatieadviseur en contentmaker nooit op gelijke hoogte als de technisch experts qua kennis. Hoe komen we dan toch tot een mooi product? Een blogpost of een whitepaper. "Talk nerdy to me", roep ik altijd tegen mijn nerds, en dan begint het proces waarbij zij en ik vooral veel geduld met elkaar moeten opbrengen. In deze talk vertel ik met een beetje humor en een vleugje vooroordeel hoe dat proces in zijn werk gaat. + +## Biografie + +Lucinda heeft na haar studie journalistiek bij diverse landelijke dagbladen gewerkt. In 2008 maakte zij de overstap naar communicatie en begon ze als crisiscommunicatiespecialist bij de Nationaal Coordinator Terrorismebestrijding en Veiligheid. In 2015 ging zij zich steeds meer richten op communicatie over cybersecurity. Na enkele jaren bij het NCSC, begon ze bij Fox-IT. In 2020 heeft ze de communicatie bij Z-CERT opgezet en sinds 2022 werkt ze voor DIVD en KPN Security diff --git a/content/evenementen/nluug/najaarsconferentie-2022/talks/riccardo-ten-cate-en-glenn-ten-cate-explotation-automation-mitigation.md b/content/evenementen/nluug/najaarsconferentie-2022/talks/riccardo-ten-cate-en-glenn-ten-cate-explotation-automation-mitigation.md new file mode 100644 index 0000000..3abd00d --- /dev/null +++ b/content/evenementen/nluug/najaarsconferentie-2022/talks/riccardo-ten-cate-en-glenn-ten-cate-explotation-automation-mitigation.md @@ -0,0 +1,50 @@ +--- +categories: +date: 2022-11-29T20:31:43+02:00 +description: +layout: event-talk +slug: +tags: +title: "Riccardo ten Cate & Glenn ten Cate - Exploitation, automation, mitigation" +speakers: +- riccardo-ten-cate +- glenn-ten-cate +presentation: + filename: 2022-11-29-riccardo-en-glenn-ten-cate-exploitation-automation-mitigation.pdf +recording: + platform: youtube + url: https://www.youtube.com/watch?v=CH2ntnZxZks +--- + +## Abstract + +We can see the trends in integrating security tooling into CI/CD pipelines. However, security tooling alone will not cover your entire attack surface. This is because the tooling can never understand the full context of the applications functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive. + +Where do we find the right balance between security test automation and manual verification? + +Even more importantly, how do we train the developers to understand the metrics and make security part of their process and culture? + +OWASP security knowledge framework introduced a new interactive learning platform to teach you everything you need to know about secure software development! SKF helps you deploy sandboxed learning environments on the fly where you find all the tools you need to get yourself going. + +Use the OWASP SKF to train yourself or your entire team to exploit and mitigate web application vulnerabilities. + +In our session: + +* We will show you how the SKF is set-up, so you can get started. +* We will show the labs and demo live exploitation of the labs. +* How do we fix the vulnerabilities? We will use SKF to generate security requirement that guide how to mitigate the vulnerabilities demonstrated in the labs +* We will implement mitigations (requirements) and use the Owasp ZAP (Automation framework) and ZEST to validate the mitigations. + + +## Biography Glenn + +As a coder, hacker, speaker, trainer and security chapter leader employed at ING Belgium Glenn has over 15 years experience in the field of security. One of the founders of defensive development security trainings dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. + +Not only does Glenn train developers, he and his brother Riccardo also donated an entire knowledge framework solely dedicated to help developers make their code secure by design. + +See: SKF (Security knowledge framework) https://www.securityknowledgeframework.org + + +## Biography Riccardo + +As a penetration tester from the Netherlands Riccardo ten Cate specialises in application security and has extensive knowledge in securing applications in multiple coding languages. Riccardo has many years of experience in training and guiding development teams becoming more mature and making their applications secure by design. \ No newline at end of file diff --git a/content/evenementen/nluug/voorjaarsconferentie-2022/_index.md b/content/evenementen/nluug/voorjaarsconferentie-2022/_index.md index 47121af..e99f32c 100644 --- a/content/evenementen/nluug/voorjaarsconferentie-2022/_index.md +++ b/content/evenementen/nluug/voorjaarsconferentie-2022/_index.md @@ -200,7 +200,7 @@ event_schedule: time: 15:30 - column: talk: - speaker: Michiel Leenaars + speaker: "-" title: "-" link: - column: