This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Medlemsmøter 2012"

From OWASP
Jump to: navigation, search
(Medlemsmøter)
 
Line 36: Line 36:
 
[[Media:OWASP-mobile aps.pdf|OWASP Mobile]] - Martin Knobloch
 
[[Media:OWASP-mobile aps.pdf|OWASP Mobile]] - Martin Knobloch
  
 +
==== Medlemsmøte: 19. mars, kl 17:00 ====
 +
'''Ansvarlig:''' Erlend Oftedal ,
 +
'''Sponsor:''' F5,
 +
'''Adresse:''' [http://maps.google.com/maps?q=the+dubliner+oslo&hl=en&client=ubuntu&channel=fs&fb=1&hq=the+dubliner&hnear=0x46416e61f267f039:0x7e92605fd3231e9a,Oslo,+Norway&cid=0,0,12890284609415510924&t=h&z=15&iwloc=A The Dubliner],
 +
 +
{|
 +
|'''"Web Application Access Control Design Excellence"''', Jim Manico<br>
 +
 +
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss
 +
several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns
 +
include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing
 +
these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual,
 +
activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust
 +
web-based access-control mechanism.
 +
|}
  
 
==== Tilbake til [[Norway]] Chapter ====
 
==== Tilbake til [[Norway]] Chapter ====

Latest revision as of 20:26, 14 January 2015

Medlemsmøter

Medlemsmøte: Mandag 18. oktober kl 17:00

Ansvarlig: Erlend Oftedal, tel: 98219335, Sponsor: Bekk, Adresse: Teknologihuset Bekk Consulting AS,

17:00-17:45 - Secure electronic voting? - Security assessment of the E-valg system - Emilie og Fredrik fra Combitech

In the autumn of 2011, electronic voting took place in Norway for the first time. The system used for voting is named E-valg and was developed by EDB ErgoGroup and Scytl during 2010 and 2011.

The security of an electronic voting system is crucial for a fair, free and transparent election process. In addition, people must be able to trust the system enough to use it. Security has been an important part of the E-valg project from the design phase to the implementation of the final production system. Combitech had the role of independent security assessor and has been performing design review, code review and penetration tests of the E-valg system. We will present the security assessment process, the design of the security solution and some details about the tests and the results.

This presentation will be in English

17:45-18:15 - Mat

18:15-18:** - Avinstaller Java nå! - Jostein Tveit

Utnyttelse av sårbarheter i Java er i ferd med å bli blant de vanligste metodene for en angriper å ta over en PC. Samtidig surfer de fleste av oss på nettet med Java-applets aktivert i nettleseren. Kan man stole på at sandkasseteknologien gjør nettsurfing trygt? Denne lyntalen prøver å gi svar på hvorfor utnytting av Java-sårbarheter nå er i vinden, og du vil få se både angrepskode og en demonstasjon på hvordan et sikkerhetshull i Java kan utnyttes.

Medlemsmøte: 24. april, kl 19:30

Ansvarlig: Erlend Oftedal , Sponsor: -, Adresse: Mesh Norway, Tordenskiolds gate 3,

Tema denne gang er sikkerhet i mobile applikasjoner. Det blir først en introduksjon, deretter kommer Martin Knobloch fra OWASP Nederland for å snakke om iGoat og GoatDroid, for så å dele erfaringer fra en code review.

Slides:

OWASP Mobile Top 10 - Ståle Pettersen

OWASP Mobile - Martin Knobloch

Medlemsmøte: 19. mars, kl 17:00

Ansvarlig: Erlend Oftedal , Sponsor: F5, Adresse: The Dubliner,

"Web Application Access Control Design Excellence", Jim Manico

Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.

Tilbake til Norway Chapter

Tidligere år

Medlemsmøter 2011

Medlemsmøter 2010

Medlemsmøter 2009

Medlemsmøter 2008