"Broken Online Strong Authentication and OWASP update"

This chaptermeeting will be about broken online strong authentication with banking web applications and OWASP updates. 

Programme:

18:30 - 19:00  Registration

19:00 - 19:45  The Truth about the e.dentifier2 - Erik Poll

19:45 - 20:00  Break

20:00 - 20:45  OWASP Update - Martin Knobloch

20:45 - 21:30  Networking

The Truth about the e.dentifier2

We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device – a smartcard reader with a display and numeric keyboard – to authorise transactions with their bank card and PIN code. Such a set-up could provide a very strong defence against online attackers, notably Man-in-the-Browser attacks, where an attacker controls the browser and host PC. However, we show that the system we studied is  flawed: an attacker who controls an infected host PC can get the smartcard to sign transactions that the user does not explicitly approve, which is precisely what the device is meant to prevent. 

Erik Poll

Erik works in the Digital Security group of the Radboud University on a range of topics in security, including smartcards, security protocols, software security, and critical infrastructures (esp. the smart grid).

OWASP Update

News and updates on OWASP BeneLux 2013, OWASP Dutch Chapter meetings, AppSec EU 2013, OWASP Connector, the OWASP Newsletter and new OWASP initiatives.

Martin Knobloch

Martin Knobloch is member of the Dutch chapter board and chair of the Global Education Committee. Next to this he contributes to several projects as the OWASP Education Project and the OWASP Academy Portal.

Martin is an independent security consultant and owner of PervaSec. His main working area is (software) security in general, from awareness to implementation. In his daily work, Martin is responsible for education in application security matters, advise and implementation of application security measures.  

Directions

Download: Route Zoetermeer in English

By car

From Utrecht/Gouda:

Take the Zoetermeer exit and turn left at the end of the slip road. At the first traffic light, turn right onto Zuidweg. Continue along this road. You will now be driving parallel to the railway tracks. After a loop in the road, Zuidweg will become Afrikaweg. Take the first left turn onto Meerzichtlaan. At the roundabout, take the second exit to Bredewater and turn left after about 400 metres (Groenewater) and you will have arrived at Bredewater 24.

From The Hague:

Take the Zoetermeer-Centrum exit and turn left at the end of the slip road. Take first left turn onto Meerzichtlaan. At the roundabout, take the second exit to Bredewater. Turn left after about 400 metres (Groenewater) and you will have arrived at Bredewater 24.

From Amsterdam:

Travel in the direction of The Hague/Rotterdam to the Prins Claus traffic junction and continue in the direction of Utrecht to the Zoetermeer-Centrum exit. Turn left at the end of the slip road. Take the first left turn onto Meerzichtlaan. At the roundabout, take the second exit to Bredewater and turn left after about 400 metres (Groenewater) and you will have arrived at Bredewater 24.

By train

Travelling from The Hague Central Station, take the local train (the ‘stoptrein’, not the Intercity) to Gouda/Utrecht and exit the train at Zoetermeer Station.

Travelling from Utrecht/Gouda, take the local train (the ‘stoptrein’, not the Intercity) to The Hague and exit the train at Zoetermeer Station. Bredewater 24 is located at about 10 minutes’ walking distance from Zoetermeer Station.

Parking

There's ample parking available at the venue.

Sponsors: