Posts

, ,

OWASP BeNeLux Days 2018

I love working with OWASP because I strongly believe in the values of knowledge sharing and community building. I personally started the OWASP Belgium chapter in Belgium in 2005. Today, I am also very active as co-leader on the OWASP SAMM project.

When I started my company Toreon (cyber security consulting), I tried to instil the same values to the business. I attracted people with the same mind set of knowledge sharing. Now many of my colleagues are active at OWASP and Toreon’s Steven Wierckx is the project leader on the OWASP Threat Modeling Project.

We believe that donating time and money to open source projects and the OWASP community can really improve the overall security of software (realising Toreon’s mission of ‘Creating trust for a safer digital society’).

At the same time we learn a lot by being active in these projects and we build a network of specialists and friends within the OWASP community.
We also put our money where our mouth is: Toreon is a proud sponsor of the OWASP Belgium chapter and the upcoming OWASP BeNeLux Days on the 29th and 30th of November in Mechelen, Belgium, which has great free trainings and line-up: check it out here.
Make sure to come to the conference and if you can, become a (personal or corporate) OWASP member! And please tell all your friends and colleagues about OWASP.

At the conference, come and say hi at our booth! You can win a book from Adam Shostack on Threat Modeling or a Google AI do-it-yourself kit with an intelligent camera and Raspberry PI.

, ,

New Whiteboard Hacking Training: Advanced and for Pentesters

One of Toreon’s key values is the gathering and sharing of knowledge. We try to encourage our own people to do this all the time and actively facilitate this. Knowledge grows exponentially when shared and combined with people of all knowledge levels, even if they come from different IT security domains.

This made us realise that we have a lot of knowledge to share. We see it as our duty to help train top notch IT security specialists. First we started to train the Toreon employees and later on also clients’ employees, which we have been doing for several years now. All this knowledge is now also available for your organisation. The better your people are trained and prepared, the more we can all focus on our main objective: creating a safer digital society.

We have expanded our knowledge base and have finetuned our workshops and trainings and are now also offering them to be booked for conferences and in-house company training.

Our Whiteboard Hacking training has been doing so well (OWASP AppSec Europe 2017 in Belfast, Northern Ireland – Black Hat USA 2017 in Las Vegas, USA – O’Reilly conference 2017, NY, USA) that we’ve developed an advanced version, which is already scheduled for Black Hat 2018 (USA and Europe) and BruCON 2018 (Ghent, Belgium):
BlackHat Las Vegas, USA (August 2018)
BlackHat London, UK ( December 2018)

We recently started with versions for pentesters and DevOps engineers: Offensive whiteboard hacking for penetration testers. Already available at:
– BruCON 2018, Ghent, Belgium (October 2018)
– DevSecCon 2018 London (October 2018)

Check out all the details of our available AppSec trainings.

Contact us for an in-house training offer, tailor made to suit your needs.

, ,

Our ‘Adding Privacy by Design in Secure Application Development’ talk at OWASP London

On 5-June Seba delivered the talk “Adding Privacy by Design in Secure Application Development” at the OWASP Europe conference in London.

Seba addressed the complex GDPR challenge for developers as part of a Secure Development Lifecycle approach.

The presentation covered:

• GDPR requirements covering design, data lifecycle, users and end of life aspects
• Privacy by Design challenge
• Including GDPR in the Secure Development Life Cycle
• Mapping OWASP SAMM to the GDPR
• Integrating privacy in application security classification, awareness training, guidelines, AppSec champions, threat modeling, 3rd parties, security testing and incident management
• Introducing GDPR risk patterns

Our talk focussed on practical implementation aspects and demonstrations of real life use cases encountered in our software security and privacy projects.

You can download the slides here.