We are pleased to announce our next event on Thursday 19 April

PCI, an introduction (Peter Johannes, Atos Worldline)

Trustwave Global Security Report 2012 (John Yeo, Spiderlabs)

The Schedule:
18h00 - 18h30: Welcome at Atos Worldline (Brussels)
18h30 - 19h30: PCI, an introduction (Peter Johannes)
19h30 - 19h45: Networking break
19h45 - 20h45: Trustwave Global Security Report 2012 (John Yeo)
20h45 - 21h30: Networking & closure

With special thanks to Atos Worldline for hosting the event and providing catering.

Registration procedure:

We are pleased to invite you to our event 'The Art of Mobile - Know Your Device' by Ulrik Van Schepdael (Mobco). This will take place on Thursday 29 March at 19:30 at SWIFT (81 avenue Ernest Solvay, 1310 La Hulpe), together with the ISSA-BE Annual General Meeting.

The Schedule:
18h00-18h15: Welcome at SWIFT for ISSA-BE members
18h15-19h15: ISSA-BE Annual General Meeting (ISSA-BE members only)
19h15-19h30: Break / welcome to non-members
19h30-21h00: The Art of Mobile - Know Your Device by Ulrik Van Schepdael
21h00-21h30: Networking drink & closure

With special thanks to SWIFT for hosting this event and providing the catering.

Registration is mandatory, both for the AGM and for the following event. Please make sure to register by Tuesday 27 March EOB. Parking will be available - please report to the guard.

Register here:

Abstract 'The Art of Mobile - Know Your Device':

The market trends are clear and there is no doubt mobile will become even more important in the future.
The impact these devices have on the business network in terms of security is huge; established values are changing and our approach needs tuning.

Using real-life case studies a build-up is made of a reference architecture design that accommodates "any" devices using the available, and coming, tools on the market.

Some questions that will be answered during the presentation:
How does Mobile Device Management actually work ?
What is the advantage of moving from self-configuration towards MDM systems ?
How to secure network services ?
How to provision different 'services' ?
How do handle mobile apps ?

The purpose of this presentation is to provide an insight into Mobile Device Management, the impact on the IT architecture and most important; how to use that mobile information to put IT security onto the next level.
Given the market trend, the presentation will focus most on iOS devices and Android where applicable.

Bio - Ulrik Van Schepdael:

Ulrik Van Schepdael, founder of mobco bvba, has a track record in the ICT business with over 15 years experience. He started his career in R&D and joined Belgacom NV in product management where he later became marketing director of the enterprise division. In 2008 Ulrik was CEO of Euremis NV, a Belgacom subsidiary focussed on mobile B2B application development.
Mobco bvba, founded in 2010, has a unique focus on Mobile in Business and offers strategic consultancy services and mobile integration services to configure, control and secure the mobile fleet.

Annual General Meeting:

ISSA-BE members are also warmly invited to attend the AGM taking place just before the above presentation.

If you're an ISSA-BE member 'in good standing' and would like to participate in the board's activities, please send a mail to This e-mail address is being protected from spambots. You need JavaScript enabled to view it for more information or to become a candidate. Also, if you are unable to attend the AGM, you can give a voting mandate to another ISSA-BE member; please send a mail to This e-mail address is being protected from spambots. You need JavaScript enabled to view it with both your name and the name of your proxy.

The agenda for the AGM is as follows:
- Welcome
- Financials
- Membership
- New chapter bylaws - the proposal can be found here
- Elections, including presentation of the functions and the candidates

We are pleased to announce our next event on Thursday 8 March.

Memory Corruption and Application Sandboxing

We invited Peter Van Eeckhoutte (Corelan Team) and Didier Stevens.

The Schedule:
18h00 - 18h30: Welcome at PricewaterhouseCoopers (Brussels)
18h30 - 19h30: Part 1: “2012.eip=41414141” by Peter Van Eeckhoutte
19h30 - 19h45: Networking break
19h45 - 20h45: Part 2: “Let’s Go Play In The Sandbox” by Didier Stevens
20h45 - 21h30: Networking & closure

With special thanks to PricewaterhouseCoopers for hosting of the evening and for the catering.

The Venue :
PricewaterhouseCoopers
Woluwegarden
Woluwedal 18
B-1932 Brussels
how to get there

Registration procedure:

Register here:

Abstract “2012.eip=41414141” (Peter Van Eeckhoutte)
In this talk, Peter will provide an overview of the history of some of the memory corruption conditions in the Win32 environment. He will explain how these conditions, despite the introduction of several memory protection techniques in Windows Vista/2008/7/8, can still lead to arbitrary code injection & execution today. Finally, he will showcase how tools such as mona.py can assist with writing reliable exploits.

Abstract “Let’s Go Play In The Sandbox” (Didier Stevens)
Google Chrome, Microsoft Office, Internet Explorer, Adobe Reader, ...
All these products have a feature to protect against the effects of exploits: a sandbox.
A sandbox does not prevent exploitation of a vulnerability, but it contains the running exploit in an environment (the sandbox) to prevent the exploit from modifying the operating system it is running on.

First we'll get into the underlying technologies of sandboxes, and then we'll discuss the different implementations of these sandboxes and point out important details when choosing and implementing.
As an IT pro, you'll be better informed to select the right product that offers the right sandbox for your needs, and as a developer, you'll hear about OS technologies that help you implementing your own sandbox in your software.

Bio – Peter Van Eeckhoutte
Peter Van Eeckhoutte is a CISO and the founder of Corelan Team. He enjoys doing security research in his spare time and provides exploit development training at various conferences, private companies, government and military organizations.

Bio – Didier Stevens
Didier Stevens (Microsoft MVP Consumer Security, CISSP, GSSP-C, MCSD .NET, MCITP, MCSE/Security, RHCT, CCNA Security, OSWP) is an IT Security Consultant currently working at a large Belgian financial corporation.

He is employed by Contraste Europe NV, an IT Consulting Services company (http://www.contraste.com) You can find his open source security tools on his IT security related blog at http://blog.DidierStevens.com

We hope to see you there!

Dear ISSA-BE Member,
Dear Security Professional,

We are pleased to announce SecAppDev 2012, an intensive one-week course in secure application development. The course is organized by secappdev.org

• Ken van Wyk, the OWASP iGoat project lead.
• Jim Manico, founder, producer and host of the OWASP Podcast Series.
• Lieven Desmet, OWASP Belgium chapter board.

We cover a wide range of facets of secure software engineering including:

• threat modeling
• architecture
• design
• coding
• testing
• cryptography
• web applications
  
• mobile applications
• economic/business aspects
  

The course takes place from March 5th to 9th in the Irish College,Leuven, Belgium.

For more information visit the web site: http://secappdev.org