GOTO Night: Security Night with Trifork

Sign Up on Meetup Page

Trifork Amsterdam

Rijnsburgstraat 9-11

Amsterdam, NL

11 June, 2019

06:00pm - 09:00pm

We are excited about getting together with Trifork for a super secure GOTO Night!
Find out how to properly lock your doors and keep your applications safe and whether AppSec Testing or Red-Teaming is more important.

Venue/Host: Trifork Amsterdam
Costs: Free of charge
Speakers: Joris Kuipers & Benoit Flippen
Food & refreshments included, courtesy of Trifork

Schedule
18:00 Welcome & Food
18:30 Short Intro
18:45 Building Layers of Defense with Spring Security
19:30 Short break
19:45 AppSec Testing vs. Red-Teaming. Epic Smackdown!
20:30 Ending with beers and networking

Talk 1 - Joris
It's not enough to secure your applications by simply locking the front door, expecting that that will keep attackers out. Modern web applications require security at many different levels: using appropriate HTTP headers, preventing CSRF and CORS attacks, matching URLs, securing method invocations, performing multi-tenancy and other ownership-based checks, etc.
In this presentation, Joris will show how to address these concerns with Spring Security, an OSS framework for securing Java-based web applications. He'll cover the built-in features, but will also demonstrate how to extend those with custom functionality to meet the security needs that many applications have.

Bio: Joris has worked as a hands-on architect and CTO of application development for Trifork over the last 7 years, in markets as diverse as education, healthcare, news media and government. Before that he was a trainer and consultant for SpringSource, and he still teaches the occasional Spring training for the GOTO Academy. To his own astonishment, he has been building enterprise applications in Java for 20 years now."

Talk 2 - AppSec Testing vs. Red-Teaming. These two branches of offensive security have very different rules, methodologies, tools and goals. Sometimes red-teamers act as if they're more important, but are they? Or are the two just different tools in achieving the same ultimate goal? And maybe more important, does it even matter for developers, product managers and others without direct security responsibility?

Bio: As head of cyber security for finleap, a fintech company builder, Benoit tries to manage risk without destroying the startup culture, and gets to play CISO in several ventures at once. In his prior role, he provided advanced adversary simulation and security incident response services to top-tier financial, entertainment and critical infrastructure enterprises worldwide. Benoit also has broad experience covering red-teaming, penetration testing, vulnerability management, cyber investigations, incident response, security program development and system administration.

Have you checked out Trifork Tech Update Amsterdam? Join https://www.meetup.com/Trifork-Tech-Update-Amsterdam/ to discuss the tech topics that matter today!