On Thursday the 12th of October, the meetup of Software Engineering about security will be hosted by bol.com together with Zerocopter and Flock.
18:00 – Doors open. Food & drinks provided by bol.com
19:00 – Talk #1: How bol.com rolled out Content Security Policy by Casper Aleva
19:45 – Break
20:00 – Talk #2: Hackers! Do we shoot or do we hug? by Edwin van Andel
20:45 – Networking and beer
How bol.com rolled out Content Security Policy by Casper Aleva
During this talk I will explain how bol.com rolled out Content Security Policy on their 15 million product online shop without breaking stuff and without losing sales. You’ll hear all about how we built a defense against Cross Site Scripting and many malicious browser extensions. I’ll tell you what we are doing to improve it and how a popular browser’s implementation almost killed the project.
Bio: In the late 1990s I, Casper Aleva was lucky enough to land my first job in IT as a night shift NOC operator. With quiet nightly hours to spend on self-study a fascination for information security quickly followed. A few years later I started as a security engineering consultant, getting to know many different organisations. Ten years later I discovered bol.com and it became my new home. Since 2014 I’m the lead engineer in the bol.com security team. In that role I help to keep (and improve) bol.com as a secure and reliable platform for all customers and partners.
– Profile Casper Aleva
Hackers! Do we shoot or do we hug? by Edwin van Andel
In this interactive and mostly humorous talk I’ll start with defining security (in a grotesque way), followed by the ‘real’ definition of hackers, the way hackers think and work, and how they can be used instead of feared by companies. I’ll show how bug bounties and the Responsible Disclosure processes can work, but also how they sometimes do not. I will take the audience with me along the path to these fails, and discuss the way we can –or could have- improve(d)these processes. I might even please you with some nice IOT drama. My final ‘calculation’ will try to open the door to a safer online world! (from a hacker’s point of view that is.) 😉
During the talk I interact a lot with the audience, do humorous quiz questions about the subject, and reward good answers with a bottle!
Bio: I, Edwin van Andel (better known as @Yafsec), was born on a late November day in the excellent wine year 1970 and immediately started pushing buttons from his crib. During my early years no device was safe for me, and my adolescence was described by my neighbors as a “very disastrous period”, mainly because of my discovery of computers, modems and the hack-tic. After working with different companies around the globe, I started my own company (2003) called Yafsec, with the sole purpose of guiding companies and IT dealers through the dark woods of the ever evolving security forest. As of 2016 I joined Zerocopter, where I mostly work on publicly expanding Zerocopter’s continuous security platform. Elected winner of the Lightning talks at BruCON 2013, and organizer of the alternative NCSC conference “because no hackers were invited” #ALT-S, I’m now a renowned speaker that will introduce you -in a humorous way- to the dangers, virtues and current state of affairs in thesecurity landscape. From a hacker’s perspective
– Profile Edwin van Andel
#Join this meetup