German OWASP Day 2017 - Revision history

Hwillert: + slides

2017-11-28T16:29:56Z

+ slides

Knoblochmartin: Added presentation 'building secure software with OWASP'

2017-11-18T10:47:32Z

Added presentation 'building secure software with OWASP'

JanWolff: added slides for talk: Cheat Sheet Workshop 2017

2017-11-15T22:01:14Z

added slides for talk: Cheat Sheet Workshop 2017

Bjoern Kimminich: /* Programm */

2017-11-15T01:57:15Z

‎Programm

Bjoern Kimminich: /* Programm */

2017-11-15T01:55:40Z

‎Programm

Alexios: Last logos

2017-11-07T21:39:19Z

Last logos

Hwillert: + TLS Attacker 2.0

2017-11-03T00:35:13Z

+ TLS Attacker 2.0

Hwillert: /* Invited Talk: Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela Nava (Google): Breaking XSS mitigations via Script Gadgets' */

2017-11-01T18:43:42Z

‎Invited Talk: Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela Nava (Google): Breaking XSS mitigations via Script Gadgets'

Hwillert: rm Ultraschall Talk, da zurückgezogen

2017-11-01T15:53:38Z

rm Ultraschall Talk, da zurückgezogen

JanWolff: added abstract for talk: Cheat Sheet Workshop

2017-10-31T10:15:50Z

added abstract for talk: Cheat Sheet Workshop

@@ Line 111: / Line 111: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 11:00 - 11:30
-| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''PrivacyScore: ein Benchmarking-Portal zur Analyse von Webseiten auf Sicherheits- und Privatheitsprobleme'''<br> ''Pascal Wichmann, Dominik Herrmann (Universität Hamburg)''
+| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''PrivacyScore: ein Benchmarking-Portal zur Analyse von Webseiten auf Sicherheits- und Privatheitsprobleme''' [[Media:GOD17-PrivacyScore.pdf|(slides)]]<br> ''Pascal Wichmann, Dominik Herrmann (Universität Hamburg)''
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 11:30 - 12:00
-| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Threat Hunting mit Applikations-Logs und Sigma'''<br> ''Thomas Patzke''
+| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Threat Hunting mit Applikations-Logs und Sigma''' [[Media:GOD17-Sigma.pdf|(slides)]]<br> ''Thomas Patzke''
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 12:00 - 12:30
-| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs'''<br> ''Giancarlo Pellegrino (CISPA)''
+| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Deemon: Detecting CSRF with Dynamic Analysis and Property Graphs''' [[Media:GOD17-Deemon.pdf|(slides)]]<br> ''Giancarlo Pellegrino (CISPA)''
 |-
@@ Line 133: / Line 133: @@
 | style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''Lighning Talks'''<br>
-* Bastian Braun (MGM Security Partner): Bot or Not? - Mitigating Automated Threats to Web Applications
+* Bastian Braun (MGM Security Partner): Bot or Not? - Mitigating Automated Threats to Web Applications [[Media:GOD17-BotOrNot.pdf|(slides)]]
 * Stephan Plarre (VISUS Health IT): Kommunikationsstandards im Gesundheitswesen
 * Benjamin Kellermann (MGM Security Partner): NinjaDVA - NinjaDVA is not just another damn vulnerable application
@@ Line 148: / Line 148: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 16:15 - 16:45
-| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Chameleon: Automatic Generation of Low-Interaction Web Honeypots'''<br> ''Marius Musch (TU Braunschweig), Martin Härterich (SAP SE)''
+| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Chameleon: Automatic Generation of Low-Interaction Web Honeypots''' [[Media:GOD17-Chameleon.pdf|(slides)]]<br> ''Marius Musch (TU Braunschweig), Martin Härterich (SAP SE)''
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 16:45 - 17:15
-| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Large Scale Analysis of CORS misconfigurations'''<br> ''Jens Müller (Ruhr-Universität Bochum)''
+| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Large Scale Analysis of CORS misconfigurations''' [[Media:GOD17-CORS.pdf|(slides)]]<br> ''Jens Müller (Ruhr-Universität Bochum)''
 |-

@@ Line 103: / Line 103: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 10:00 - 10:30
-| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Building secure software with OWASP tools and guides'''<br> ''Martin Knobloch (OWASP)''
+| style="background: none repeat scroll 0% 0% rgb(153, 255, 153);" align="left" | '''Building secure software with OWASP tools and guides''' [[Media:GOD17-BuildingSecureSoftwareWithOWASP.pdf|(slides)]]<br> ''Martin Knobloch (OWASP)''
 |-

@@ Line 99: / Line 99: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 09:45 - 10:00
-| style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''OWASP Cheat Sheet Workshop'''<br>Jan Wolff, Rocco Gränitz
+| style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''OWASP Cheat Sheet Workshop''' [[Media:CheatSheetWorkshopImpressions2017.pdf|(slides)]] <br>Jan Wolff, Rocco Gränitz
 |-

@@ Line 156: / Line 156: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 17:15 - 17:30
-| style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''OWASP Juice Shop 5.x and beyond''' ([https://www.owasp.org/images/7/7c/GOD17-JuiceShop.pdf slides])<br> ''Björn Kimminich (Kuehne + Nagel)''
+| style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''OWASP Juice Shop 5.x and beyond''' [[Media:GOD17-JuiceShop.pdf|(slides)]] <br> ''Björn Kimminich (Kuehne + Nagel)''
 |-
 |}

@@ Line 156: / Line 156: @@
 |-
 | style="background: none repeat scroll 0% 0% rgb(199,199,199);" | 17:15 - 17:30
-| style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''OWASP Juice Shop 5.x and beyond'''<br> ''Björn Kimminich (Kuehne + Nagel)''
+| style="background: none repeat scroll 0% 0% rgb(255, 209, 209);" align="left" | '''OWASP Juice Shop 5.x and beyond''' ([https://www.owasp.org/images/7/7c/GOD17-JuiceShop.pdf slides])<br> ''Björn Kimminich (Kuehne + Nagel)''
 |-
 |}

@@ Line 46: / Line 46: @@
+|
 |-
-|  http://modusio.com/
+|[[File:Modusio-trans-FFFFFF.png|link=http://modusio.com/|www.modusio.com]]
 | [[Image:cxt_logo_8700.png|link=http://www.contextis.com/|www.contextis.com]]
+|
@@ Line 58: / Line 58: @@
 |-
+|
-| [[Image:Mgm_8700px.png|link=https://www.mgm-sp.com/|www.mgm-sp.com]]
+| [[File:Logo-mgm-sp-200.png|link=https://www.mgm-sp.com/|www.mgm-sp.com]]
+|
+|

@@ Line 136: / Line 136: @@
 * Stephan Plarre (VISUS Health IT): Kommunikationsstandards im Gesundheitswesen
 * Benjamin Kellermann (MGM Security Partner): NinjaDVA - NinjaDVA is not just another damn vulnerable application
 |-
@@ Line 259: / Line 260: @@
 Der Vortrag erklärt den Aufbau und die Technik, welche sich hinter dem Lab befindet. Wir werden auf verschiedene Schwierigkeiten eingehen, welche sich beim Entwickeln zeigten, z.B.: Wie demonstriert man verschiedene Schwachstellen, mit denen sich der Server vollständig kompromittieren lässt, erhält aber gleichzeitig die Funktionalität für langsamere Teilnehmer? Wie zeigt man Angriffe auf kollaborativen Seiten, ohne allen Teilnehmern gleich die Lösung für alle Angriffe (durch für ihn sichtbare erfolgreiche Angriffe) zu verraten?
 ----
@@ Line 283: / Line 293: @@
 '''Jan Wolff, Rocco Gränitz : OWASP Cheat Sheet Workshop'''
 ''Abstract'': In diesem Jahr hat das OWASP German Chapter zum ersten Mal einen Workshop zur Überarbeitung der OWASP Cheat Sheets organisiert. Dieser Kurzbeitrag gibt einen Einblick auf den Ablauf, die Ergebnisse und was für das nächste Jahr lernen.

@@ Line 168: / Line 168: @@
 === Invited Talk: '''Sebastian Lekies, Krzysztof Kotowicz, Eduardo Vela Nava (Google): Breaking XSS mitigations via Script Gadgets'''' ===
-''Abstract'': t.b.a.
+''Abstract'': Cross-Site Scripting is a constant problem of the Web platform. Over the years many techniques have been introduced to prevent or mitigate XSS. Most of these techniques, thereby, focus on script tags and event handlers. HTML sanitizers, for example, aim at removing potentially dangerous tags and attributes. Another example is the Content Security Policy, which forbids inline event handlers and aims at white listing of legitimate scripts.
 ----

← Older revision		Revision as of 10:15, 31 October 2017
Line 285:		Line 285:
	''Abstract'': This year OWASP Juice Shop saw several significant enhancements and extensions that you will learn all about in this talk: 2x NoSQL injection and 2x typosquatting challenges! Customization and re-branding of the shop to your own corporate look & feel! Juice Shop CTF extension makes setting up hacking events fast & easy! Free "Pwning the OWASP Juice Shop" eBook surpasses 150 pages of in-depth information, hints and solutions for all challenges and more! At AppSecEU the project was promoted into OWASP's "Lab Projects" maturity stage! You can now 3D-print your own Juice Shop merchandise! And much, much more - actually more than can be demonstrated in this 15min session, so best install the Juice Shop yourself afterwards and explore its capabilities yourself!		''Abstract'': This year OWASP Juice Shop saw several significant enhancements and extensions that you will learn all about in this talk: 2x NoSQL injection and 2x typosquatting challenges! Customization and re-branding of the shop to your own corporate look & feel! Juice Shop CTF extension makes setting up hacking events fast & easy! Free "Pwning the OWASP Juice Shop" eBook surpasses 150 pages of in-depth information, hints and solutions for all challenges and more! At AppSecEU the project was promoted into OWASP's "Lab Projects" maturity stage! You can now 3D-print your own Juice Shop merchandise! And much, much more - actually more than can be demonstrated in this 15min session, so best install the Juice Shop yourself afterwards and explore its capabilities yourself!

		+	----
		+
		+	'''Jan Wolff, Rocco Gränitz : OWASP Cheat Sheet Workshop'''
		+	''Abstract'': In diesem Jahr hat das OWASP German Chapter zum ersten Mal einen Workshop zur Überarbeitung der OWASP Cheat Sheets organisiert. Dieser Kurzbeitrag gibt einen Einblick auf den Ablauf, die Ergebnisse und was für das nächste Jahr lernen.

	== Online-Registrierung / Eintrittspreise ==		== Online-Registrierung / Eintrittspreise ==