This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Switzerland"
From OWASP
Schattenbaum (talk | contribs) m (Past Meetings: Added Tobi's slides) |
Schattenbaum (talk | contribs) (Next Meetings: Added Meeting information) |
||
| Line 15: | Line 15: | ||
= Next Meetings = | = Next Meetings = | ||
Please find below the planned dates for the upcoming OWASP Switzerland Meetings: | Please find below the planned dates for the upcoming OWASP Switzerland Meetings: | ||
| + | |||
| + | [[File:owasp_switzerland_next_meeting.png|150px|right|OWASP Switzerland Next Meeting]] | ||
{| class="wikitable sortable" border="0" | {| class="wikitable sortable" border="0" | ||
| Line 58: | Line 60: | ||
| ? | | ? | ||
|} | |} | ||
| + | |||
| + | <br> | ||
| + | ---- | ||
| + | <br> | ||
| + | We'd like to invite you to out next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event with your *full name* through [http://doodle.com/uh6ddr55nn7cywdg register]. Space is limited to 30 attendees. | ||
| + | |||
| + | * When: Wednesday, June 17th 2015 | ||
| + | *:Starting at 18:00 | ||
| + | *:Doors at 17:30 | ||
| + | |||
| + | * What (presentation): "Android apps in sheep's clothing" by Tobias Ospelt, Security Analyst at modzero AG | ||
| + | *:An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the or even run commands. These processors enable you also to perform so called Server Side Request Forgeries (SSRF). SSRF is a technique which triggers a request on the vulnerable host. So it is possible for an attacker to access remote machines which are not directly available for the attacker. | ||
| + | *:In a student project at the Hochschule für Technik Rapperswil (HSR), we did some testing on vulnerabilities of XSLT processors and the ability to use them for SSRF. In our talk we will present the test results and show a live demonstration. You will see which processor is vulerable against which vulnerabilities and what a developer can do to use them safely. | ||
| + | |||
| + | * Where: [[Image:location.png|20px|link=https://www.google.ch/maps/place/Ahornweg+2,+3012+Bern]] | ||
| + | *:Compass Security Schweiz AG | ||
| + | *:Ahornweg 2 | ||
| + | *:3012 Bern | ||
| + | |||
| + | * Who: | ||
| + | *:As usual, all of our meetings are open to everyone and free of charge. | ||
| + | |||
| + | * Agenda: | ||
| + | *:17:30 | Doors will open | ||
| + | *:18:00 – 18:15 | Update on OWASP by Sven Vetsch, OWASP Switzerland | ||
| + | *:18:20 – 19:00 | "XSLT Processing Security and Server Side Request Forgeries" by Roland Bischofberger and Emanuel Duss | ||
| + | *:19:15 - **:** | Dinner | ||
<!-- There are no planned meetings for 2015 yet. Keep yourself informed and up-to-date by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist]. --> | <!-- There are no planned meetings for 2015 yet. Keep yourself informed and up-to-date by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist]. --> | ||
Revision as of 19:13, 10 June 2015
Welcome to the Home Page of the OWASP Switzerland Chapter.
- The chapter leader is Sven Vetsch supported by Antonio Fontes. Please contact us with any questions regarding the chapter.
- Please subscribe to the mailing list for meeting announcements and other news related to OWASP in Switzerland.
- You can follow us on Twitter and Facebook
If you're living in the French speaking part of Switzerland, please also visit the OWASP Geneva chapter for more information.
Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
| Date | Info | Speaker | Location | Host | Event | Topic |
|---|---|---|---|---|---|---|
| 2015-06-17 |  |
 |
 |
Compass Security | Chapter Meeting | ? |
| 2015-08-19 | |
|
|
? | Chapter Meeting | ? |
| 2015-10-14 | |
|
|
Ergon Informatik | Chapter Meeting | ? |
| 2015-12-15 | |
|
|
? | Chapter Meeting | ? |
We'd like to invite you to out next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event with your *full name* through register. Space is limited to 30 attendees.
- When: Wednesday, June 17th 2015
- Starting at 18:00
- Doors at 17:30
- What (presentation): "Android apps in sheep's clothing" by Tobias Ospelt, Security Analyst at modzero AG
- An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the or even run commands. These processors enable you also to perform so called Server Side Request Forgeries (SSRF). SSRF is a technique which triggers a request on the vulnerable host. So it is possible for an attacker to access remote machines which are not directly available for the attacker.
- In a student project at the Hochschule für Technik Rapperswil (HSR), we did some testing on vulnerabilities of XSLT processors and the ability to use them for SSRF. In our talk we will present the test results and show a live demonstration. You will see which processor is vulerable against which vulnerabilities and what a developer can do to use them safely.
- Where:
- Compass Security Schweiz AG
- Ahornweg 2
- 3012 Bern
- Who:
- As usual, all of our meetings are open to everyone and free of charge.
- Agenda:
- 17:30 | Doors will open
- 18:00 – 18:15 | Update on OWASP by Sven Vetsch, OWASP Switzerland
- 18:20 – 19:00 | "XSLT Processing Security and Server Side Request Forgeries" by Roland Bischofberger and Emanuel Duss
- 19:15 - **:** | Dinner
| Date | Info | Speaker | Host | Slides | Event | Topic |
|---|---|---|---|---|---|---|
| 2015-04-15 | |
|
|
 |
Chapter Meeting | Android apps in sheep's clothing |
| 2015-02-18 | |
|
|
|
Chapter Meeting | Abusing JSONP with Rosetta Flash |
| 2014-12-10 | |
|
|
Chapter Meeting | OWASP Switzerland Fondue | |
| 2014-11-12 | |
|
|
|
Chapter Meeting | Living on the Edge - Advanced ModSecurity to Save Your Ass |
| 2014-08-20 | |
|
|
|
Chapter Meeting | (Client-Side) Flash Security |
| 2014-06-17 | |
|
|
|
Chapter Meeting | XSS and beyond |
| 2014-04-09 | |
|
|
|
Chapter Meeting | SSL/TLS jungle - bringing light into the cipher forest |
| 2014-02-19 | |
|
|
|
Chapter Meeting | S-SDLC – Ready for the Cloud? |
| 2013-12-17 | |
|
|
Chapter Meeting | Annual Review & Outlook | |
| 2013-10-22 | |
|
|
|
Chapter Meeting | Advances in secure (ASP).NET development – Break the hacker's spirit |
| 2013-10-22 | |
|
|
|
Chapter Meeting | Node.js Security |
| 2013-04-09 | |
|
|
Chapter Meeting | Tools (not) to use | |
| 2012-09-19 | |
|
|
Security-Zone | OWASP Top 10 Mobile Risks | |
| 2012-06-12 | |
|
|
Chapter Meeting | Reversing Android Apps | |
| 2012-02-14 | |
|
|
Chapter Meeting | Analysis of the RSA Security Breach | |
| 2011-12-13 | |
|
|
Chapter Meeting | AppSec - Why is it important | |
| 2011-12-13 | |
|
|
Chapter Meeting | Dangers of Firefox Add-On's | |
| 2011-10-11 | |
|
|
Chapter Meeting | Presentation of the OWASP Top 10 & a hands-on session | |
| 2011-08-09 | |
|
|
Chapter Meeting | Foundation of OWASP Switzerland Association | |
| 2011-06-14 | |
|
|
|
Chapter Meeting | Automatic CRL updates for the Apache Web server |
| 2011-06-14 | |
|
|
|
Chapter Meeting | New Standards and upcoming Technologies in Browser Security (Slides by Tobias Gondrom) |
| 2011-05-12 | |
|
|
Swiss Cyber Storm III | Do you know OWASP? | |
| 2011-04-12 | |
|
|
|
Chapter Meeting | ASP.NET & ViewState Security |
| 2010-04-12 | |
|
|
Chapter Meeting | Usability vs. Security | |
| 2010-04-12 | |
|
|
Chapter Meeting | 2-factor authentication for mobile devices: a secure and practical approach | |
| 2009-06-25 | |
 |
|
Chapter Meeting | Benefits of a security API such as ESAPI | |
| 2009-06-25 | |
|
|
Chapter Meeting | Advanced SQL injection exploitation to operating system full control | |
| 2009-04-07 | |
|
|
Chapter Meeting | Open security architecture (www.opensecurityarchitecture.org) | |
| 2009-04-07 | |
|
|
Chapter Meeting | XSRF and JSON hijacking & a hands-on session | |
| 2008-09-08 | |
|
|
Chapter Meeting | Quality of services for web applications (Hands-On Workshop) | |
| 2008-09-08 | |
|
|
Chapter Meeting | XML Security (Hands-On Workshop) | |
| 2008-09-08 | |
|
|
Chapter Meeting | ISC2/Application security | |
| 2008-04-01 | |
|
|
Global OWASP Week | Taking Apache access logs to the next level | |
| 2008-04-01 | |
|
|
Global OWASP Week | Implementing an Application Security Lifecycle programme | |
| 2008-04-01 | |
|
|
Global OWASP Week | WebAppSec the Big Picture | |
| 2007-12-11 | |
|
|
Chapter Meeting | Certified Secure Web | |
| 2007-12-11 | |
|
|
Chapter Meeting | Secure Development Life Cycle | |
| 2007-12-11 | |
|
|
Chapter Meeting | Securing my Assets (Presentation & Demo) | |
| 2007-09-20 | |
|
|
Security-Zone | OWASP Testing Guide | |
| 2007-09-19 | |
|
|
Security-Zone | OWASP Top 10 | |
| 2007-07-24 | |
|
|
Chapter Meeting | OWASP - An Overview | |
| 2007-07-24 | |
|
|
|
Chapter Meeting | Dependability for Java Mobile Code |
| 2007-07-24 | |
|
|
Chapter Meeting | OWASP Top 10 (Demo) | |
| 2007-04-26 | |
|
|
Chapter Meeting | Risk metrics | |
| 2007-02-12 | |
|
|
|
Chapter Meeting | XSS-Worms |
| 2006-11-11 | |
Chapter Meeting | OWASP Switzerland Chapter Kick-Off Meeting |
OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.
Our main topics are:
- Security testing
- Secure development
- Hacking
- Secure Architectures
If you would like to give a presentation (make sure that you have read and understood the speaker agreement), or have any questions about the OWASP Switzerland Chapter, send an email to Sven Vetsch.
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found here.
If your company is interested in supporting us directly, please contact Sven Vetsch to talk about the following sponsoring possibilities.
- Chapter Supporter
- Single Meeting Supporter
- Facility Sponsor
- Organization Supporters (allocating 40% of your annual donation to our Chapter)
Here you can find material related to the OWASP Switzerland Chapter.
OWASP Switzerland bylaws (in German)
Download bylaws
OWASP Switzerland Update Presentation (December 13th 2011)
Download Presentation
<paypal>Switzerland</paypal>
|
|
|
