This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Medlemsmøter 2012
Medlemsmøter
Medlemsmøte: Mandag 18. oktober kl 17:00
Ansvarlig: Erlend Oftedal, tel: 98219335, Sponsor: Bekk, Adresse: Teknologihuset Bekk Consulting AS,
17:00-17:45 - Secure electronic voting? - Security assessment of the E-valg system - Emilie og Fredrik fra Combitech
In the autumn of 2011, electronic voting took place in Norway for the first time. The system used for voting is named E-valg and was developed by EDB ErgoGroup and Scytl during 2010 and 2011.
The security of an electronic voting system is crucial for a fair, free and transparent election process. In addition, people must be able to trust the system enough to use it. Security has been an important part of the E-valg project from the design phase to the implementation of the final production system. Combitech had the role of independent security assessor and has been performing design review, code review and penetration tests of the E-valg system. We will present the security assessment process, the design of the security solution and some details about the tests and the results.
This presentation will be in English
17:45-18:15 - Mat
18:15-18:** - Avinstaller Java nå! - Jostein Tveit
Utnyttelse av sårbarheter i Java er i ferd med å bli blant de vanligste metodene for en angriper å ta over en PC. Samtidig surfer de fleste av oss på nettet med Java-applets aktivert i nettleseren. Kan man stole på at sandkasseteknologien gjør nettsurfing trygt? Denne lyntalen prøver å gi svar på hvorfor utnytting av Java-sårbarheter nå er i vinden, og du vil få se både angrepskode og en demonstasjon på hvordan et sikkerhetshull i Java kan utnyttes.
Medlemsmøte: 24. april, kl 19:30
Ansvarlig: Erlend Oftedal , Sponsor: -, Adresse: Mesh Norway, Tordenskiolds gate 3,
Tema denne gang er sikkerhet i mobile applikasjoner. Det blir først en introduksjon, deretter kommer Martin Knobloch fra OWASP Nederland for å snakke om iGoat og GoatDroid, for så å dele erfaringer fra en code review.
Slides:
OWASP Mobile Top 10 - Ståle Pettersen
OWASP Mobile - Martin Knobloch
Medlemsmøte: 19. mars, kl 17:00
Ansvarlig: Erlend Oftedal , Sponsor: F5, Adresse: The Dubliner,
| "Web Application Access Control Design Excellence", Jim Manico Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism. |
