This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Aarhus"

From OWASP
Jump to: navigation, search
(Presentations from previous OWASP meetings)
Line 1: Line 1:
{{Chapter Template|chaptername=Denmark|extra=The chapter leader is [mailto:[email protected] Ulf Munkedal]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denmark|emailarchives=http://lists.owasp.org/pipermail/owasp-denmark}}
+
{{Chapter Template|chaptername=Denmark|extra=The chapter leader is [mailto:[email protected] Ulf Munkedal]|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-denmark|emailarchives=http://lists.owasp.org/pipermail/owasp-denmark}}  
  
<paypal>Denmark</paypal>
+
<paypal>Denmark</paypal>  
  
== Editing OWASP pages ==
+
== Editing OWASP pages ==
As discussed on our first meeting, www.owasp.dk now points to this site. However, when entering the site using this URL, you can't edit the page if you have configured your browser to not accept 3rd party cookies. Instead, enter the site using [http://www.owasp.org/index.php/Denmark this] link.
 
  
== Local News ==
+
As discussed on our first meeting, www.owasp.dk now points to this site. However, when entering the site using this URL, you can't edit the page if you have configured your browser to not accept 3rd party cookies. Instead, enter the site using [http://www.owasp.org/index.php/Denmark this] link.
  
A general presentation of OWASP and the danish chapter, please open [https://docs.google.com/present/edit?id=0AemnFEYZb4AxZDM2a3B6N18zNmR3Y3N6ZmZ0&hl=da this].
+
== Local News  ==
  
====Meetings in OWASP-DK in 2010====
+
A general presentation of OWASP and the danish chapter, please open [https://docs.google.com/present/edit?id=0AemnFEYZb4AxZDM2a3B6N18zNmR3Y3N6ZmZ0&hl=da this].
  
We have decided to do things slightly different this year, and expand the team of organisers to include more people. One of the things we'll do is to make sure that every meeting is arranged by two people - one from the facilitating company and someone else. That someone else could be anyone. The only thing you have to do is to find out - along with the list - what should be arranged at the meeting and update the homepage and send out invites. Not really that much work.
+
==== Meetings in OWASP-DK in 2010 ====
  
We'll decide the location at the meetings from time to time.
+
We have decided to do things slightly different this year, and expand the team of organisers to include more people. One of the things we'll do is to make sure that every meeting is arranged by two people - one from the facilitating company and someone else. That someone else could be anyone. The only thing you have to do is to find out - along with the list - what should be arranged at the meeting and update the homepage and send out invites. Not really that much work.  
  
 +
We'll decide the location at the meetings from time to time.
  
Meetings in 2010 will be on the following dates and locations:
+
<br> Meetings in 2010 will be on the following dates and locations:  
  
 +
<br> 25/3 at PwC. Arranger: Rasmus Petersen and you! (was canceled)
  
25/3 at PwC. Arranger: Rasmus Petersen and you! (was canceled)
+
17/6 at Deloitte  
 
 
17/6 at Deloitte
 
  
 
23/9  
 
23/9  
Line 28: Line 27:
 
9/12  
 
9/12  
  
 +
<br> Send out a mail to the list asap if you want to be a part of arranging meetings and raise your hand at the next meeting (at the right time).
  
Send out a mail to the list asap if you want to be a part of arranging meetings and raise your hand at the next meeting (at the right time).
+
=== Meeting in OWASP-DK 17/6 2010 at 17.00 ===
  
===Meeting in OWASP-DK 17/6 2010 at 17.00===
+
'''Tidspunkt:''' Torsdag d. 17/6 kl. 17.  
  
 +
'''Sted:''' Hos Deloitte, Weidekampsgade 6, 2300 København S. Spørg efter Klaus Agnoletti.
  
'''Tidspunkt:''' Torsdag d. 17/6 kl. 17.
+
'''Program:'''  
  
'''Sted:''' Hos Deloitte, Weidekampsgade 6, 2300 København S. Spørg efter Klaus Agnoletti.
+
17.00&nbsp;: Velkommen til. Mingle og netværk.  
  
'''Program:'''
+
17.30&nbsp;: Angreb på "hjemmelavede" krypto løsninger af Emil Gurevitch
  
17.00 : Velkommen til. Mingle og netværk.
+
18.00&nbsp;: Case: XSS i Google Search API og sikring mod dette i Perl af Jonas B. Nielsen
  
17.30 : Angreb på "hjemmelavede" krypto løsninger af Emil Gurevitch
+
18.30&nbsp;: Videreuddannelse og certificeringer af Rasmus Petersen
  
18.00 : Case: XSS i Google Search API og sikring mod dette i Perl af Jonas B. Nielsen
+
Som du kan se, er listen over talere ret kort så vi vil meget gerne have flere talere på. så hvis du sidder og ved noget spændende om et eller andet der har noget med sikkerhed at gøre, eller har hørt om noget spændende for nyligt til en konference i udlandet, så kom da endeligt og fortæl om det. OWASP-DK er i høj grad afhængig af folks eget initiativ. Hvis du vil være med i det fine selskab af talere så send en mail til kagnoletti at deloitte prik dk.  
  
18.30 : Videreuddannelse og certificeringer af Rasmus Petersen
+
'''Tilmelding''' Send en mail senest 16. juni til Louise på [email protected] (men gerne med det samme).  
  
Som du kan se, er listen over talere ret kort så vi vil meget gerne have flere talere på. så hvis du sidder og ved noget spændende om et eller andet der har noget med sikkerhed at gøre, eller har hørt om noget spændende for nyligt til en konference i udlandet, så kom da endeligt og fortæl om det. OWASP-DK er i høj grad afhængig af folks eget initiativ.
+
<br>
Hvis du vil være med i det fine selskab af talere så send en mail til kagnoletti at deloitte prik dk.
 
  
'''Tilmelding'''
+
==== Presentations from previous OWASP meetings ====
Send en mail senest 16. juni til Louise på [email protected] (men gerne med det samme).
 
  
 +
===== 17/6 2010 =====
  
====Presentations from previous OWASP meetings====
+
[http://www.owasp.org/images/a/a7/Kurser_og_certificeringer.pdf Rasmus Petersens presentation on Courses and certifications]
  
=====17/6 2010=====
+
[http://www.owasp.org/images/f/f8/Emil-gurevitch-practical-crypto-attacks-part-1.pdf Emil Gurevitch's presentation on Practical Crypto Attacks (Part 1)]
  
[http://www.owasp.org/images/a/a7/Kurser_og_certificeringer.pdf Rasmus Petersens presentation on Courses and certifications]
+
===== 11/11 2009 =====
  
=====11/11 2009=====
+
[http://www.owasp.org/images/d/de/Surveillance_and_logging_based_on_Amazon.pdf Søren Maigaards presentation on surveillance and logging based on Amazon]
  
[http://www.owasp.org/images/d/de/Surveillance_and_logging_based_on_Amazon.pdf Søren Maigaards presentation on surveillance and logging based on Amazon]
+
[http://www.owasp.org/images/c/c7/Cloud_Computing_in_Copenhagen_municipality.ppt Simon Kaastrup-Olesen and Kasper Pedersens presentation on Cloud Computing in Copenhagen municipality]  
  
[http://www.owasp.org/images/c/c7/Cloud_Computing_in_Copenhagen_municipality.ppt Simon Kaastrup-Olesen and Kasper Pedersens presentation on Cloud Computing in Copenhagen municipality]
+
===== 19/8 2009 =====
  
=====19/8 2009=====
+
[https://docs.google.com/present/edit?id=0AemnFEYZb4AxZDM2a3B6N18yNTN6bjY3OGRx&hl=da Klaus Agnolettis presentation on introduction to Cloud Computing]
  
[https://docs.google.com/present/edit?id=0AemnFEYZb4AxZDM2a3B6N18yNTN6bjY3OGRx&hl=da Klaus Agnolettis presentation on introduction to Cloud Computing]
+
[http://www.owasp.org/images/4/45/Ctf1-ejepsen.zip Erling Jepsens OWASP-DK CTF #1 winner entry]  
  
[http://www.owasp.org/images/4/45/Ctf1-ejepsen.zip Erling Jepsens OWASP-DK CTF #1 winner entry]
+
===== 13/5 2009 =====
  
=====13/5 2009=====
+
[http://www.owasp.org/images/3/3e/FlashSecurity.pdf Mihai Corlans presentation on Flash Security]
  
[http://www.owasp.org/images/3/3e/FlashSecurity.pdf Mihai Corlans presentation on Flash Security]
+
[http://www.owasp.org/images/8/8e/Hotm2.pdf Rasmus Petersens presentation on Hack of the Month - opgave 2]  
  
[http://www.owasp.org/images/8/8e/Hotm2.pdf Rasmus Petersens presentation on Hack of the Month - opgave 2]
+
[http://www.owasp.org/images/7/78/Owasp_dk_ctf1.pdf Joe and Rasmus Petersens presentation on Introduction to OWASP-DK CTF #1]  
  
[http://www.owasp.org/images/7/78/Owasp_dk_ctf1.pdf Joe and Rasmus Petersens presentation on Introduction to OWASP-DK CTF #1]
+
===== 24/2 2009 =====
  
=====24/2 2009=====
+
[http://www.owasp.org/images/a/ac/SilverlightSecurity.pdf Rene Løhdes slides on Silverlight security]
  
[http://www.owasp.org/images/a/ac/SilverlightSecurity.pdf Rene Løhdes slides on Silverlight security]
+
[http://www.owasp.org/images/b/b9/JavaFX.pdf Thorbiörn Fritzons slides on JavaFX security]  
  
[http://www.owasp.org/images/b/b9/JavaFX.pdf Thorbiörn Fritzons slides on JavaFX security]
+
===== 3/12 2008 =====
  
=====3/12 2008=====
+
[https://www.owasp.org/images/0/0e/Webscarab-intro-screen.pdf Henrik Kramshøjs presentation on using Webscarab]
  
[https://www.owasp.org/images/0/0e/Webscarab-intro-screen.pdf Henrik Kramshøjs presentation on using Webscarab]
+
[https://www.owasp.org/images/5/58/Testing_Flash_Applications.pdf Martin Clausens presentation on Flash security]  
  
[https://www.owasp.org/images/5/58/Testing_Flash_Applications.pdf Martin Clausens presentation on Flash security]
+
[https://www.owasp.org/images/5/59/NemLog-in.pdf Thomas Gundels presentation on Nem Login]  
  
[https://www.owasp.org/images/5/59/NemLog-in.pdf Thomas Gundels presentation on Nem Login]
+
== Older news  ==
 +
 
 +
=== Meeting in OWASP-DK 14/12 2009 at 17.00 ===
  
== Older news ==
 
===Meeting in OWASP-DK 14/12 2009 at 17.00===
 
 
Der inviteres til årets sidste OWASP møde! Kom og vær med.  
 
Der inviteres til årets sidste OWASP møde! Kom og vær med.  
  
Line 107: Line 107:
 
Program:  
 
Program:  
  
17.00 : Velkommen til. Mingle og netværk.  
+
17.00&nbsp;: Velkommen til. Mingle og netværk.  
  
17.30 : Kort gennemgang af OWASP Top 10 2010 rc1 med fokus på det der er nyt (Ulf Munkedal).  
+
17.30&nbsp;: Kort gennemgang af OWASP Top 10 2010 rc1 med fokus på det der er nyt (Ulf Munkedal).  
  
18.15 : Benstræk og kort spisepause.  
+
18.15&nbsp;: Benstræk og kort spisepause.  
  
18.30 : Diskussion (fælles feedback sendes ind til Owasp arbejdsgruppen), fx: (Moderator: Ulf Munkedal. Vi skal have mindst en referent til at skrive et engelsk referat da vi kun har indtil udgangen af december til at indsende vores kommentarer)  
+
18.30&nbsp;: Diskussion (fælles feedback sendes ind til Owasp arbejdsgruppen), fx: (Moderator: Ulf Munkedal. Vi skal have mindst en referent til at skrive et engelsk referat da vi kun har indtil udgangen af december til at indsende vores kommentarer)  
  
 
- Er det de rigtige risici, der står på listen? Er det det her, som vi ser hos kunder/i virksomheder?  
 
- Er det de rigtige risici, der står på listen? Er det det her, som vi ser hos kunder/i virksomheder?  
Line 125: Line 125:
 
- Skal vi oversætte den til dansk når den er endeligt klar? (fx to personer pr. punkt).  
 
- Skal vi oversætte den til dansk når den er endeligt klar? (fx to personer pr. punkt).  
  
20.00 : Andet? Fx:  
+
20.00&nbsp;: Andet? Fx:  
  
 
- Et kig frem mod 2010 (fx konferencen i Stockholm i Juni)  
 
- Et kig frem mod 2010 (fx konferencen i Stockholm i Juni)  
Line 131: Line 131:
 
- Den nye TLS sårbarhed (som jeg kan forstå ikke blev drøftet på sidste Owasp møde?)  
 
- Den nye TLS sårbarhed (som jeg kan forstå ikke blev drøftet på sidste Owasp møde?)  
  
20.30 : Julehygge! Rygterne vil vide, at Klaus/Deloitte disker op med lidt godter. :)  
+
20.30&nbsp;: Julehygge! Rygterne vil vide, at Klaus/Deloitte disker op med lidt godter.&nbsp;:)  
  
 
Vil du hjælpe? Vi skal finde mindst en "frivillig", der kan skrive et kort engelsk referat af vores feedback, som vi kan sende til Top 10 projekt gruppen.  
 
Vil du hjælpe? Vi skal finde mindst en "frivillig", der kan skrive et kort engelsk referat af vores feedback, som vi kan sende til Top 10 projekt gruppen.  
Line 149: Line 149:
 
--Ulf Munkedal 22:19, 2 December 2009 (UTC)  
 
--Ulf Munkedal 22:19, 2 December 2009 (UTC)  
  
 +
<br>
  
===Meeting in OWASP-DK 11/11 2009 at 17.30===
+
=== Meeting in OWASP-DK 11/11 2009 at 17.30 ===
  
17:30 Welcome - and OWASP basics by Klaus Agnoletti, Deloitte.
+
17:30 Welcome - and OWASP basics by Klaus Agnoletti, Deloitte.  
  
17:35 Overvågning og logning i Cloud Computing by eSec
+
17:35 Overvågning og logning i Cloud Computing by eSec  
  
18:05 Overvågning og logning i Cloud Computing based on Amazon by Inspekt Security
+
18:05 Overvågning og logning i Cloud Computing based on Amazon by Inspekt Security  
  
18:35 Break
+
18:35 Break  
  
19:00 Cloud Computing i Københavns Kommune by Simon Kaastrup-Olesen and Kasper Pedersen, Københavns Kommune
+
19:00 Cloud Computing i Københavns Kommune by Simon Kaastrup-Olesen and Kasper Pedersen, Københavns Kommune  
  
19:30 Awareness virker ikke by Carsten Jørgensen, Devoteam
+
19:30 Awareness virker ikke by Carsten Jørgensen, Devoteam  
  
 
19:45 PwC: Awareness  
 
19:45 PwC: Awareness  
  
20:30 What is a web application firewall? (WAF) - including demonstration by Jacob Gercke and Srebrenko Sehic, Armorlogic
+
20:30 What is a web application firewall? (WAF) - including demonstration by Jacob Gercke and Srebrenko Sehic, Armorlogic  
  
21.00 Let's hit a bar
+
21.00 Let's hit a bar  
  
 +
<br> The meeting will be held at DKUUG, Symbion, Fruebjergvej 3, København Ø.
  
The meeting will be held at DKUUG, Symbion, Fruebjergvej 3, København Ø.
+
In order for DKUUG to know how many people will attend the meeting, you need to register at [email protected] no later than 10/11 2009.  
  
In order for DKUUG to know how many people will attend the meeting, you need to register at [email protected] no later than 10/11 2009.
+
DKUUG will serve sandwiches, coffee, tea and water.  
  
DKUUG will serve sandwiches, coffee, tea and water.
+
=== Meeting in OWASP-DK 19/8 2009 at 17.30 ===
  
===Meeting in OWASP-DK 19/8 2009 at 17.30===
+
The Agenda for the meeting is:
  
 +
17.30 Welcome - and OWASP basics by Klaus Agnoletti, Deloitte.
  
 +
17.45 Presentation: Cloud Computing Basics by Klaus Agnoletti, Deloitte
  
The Agenda for the meeting is:
+
18.15 Break
  
17.30 Welcome - and OWASP basics by Klaus Agnoletti, Deloitte.
+
18.45 Presentation: The future of Cloud computing by Carsten Jørgensen, Devoteam
  
17.45 Presentation: Cloud Computing Basics by Klaus Agnoletti, Deloitte
+
19.15 Presentation: Salesforce.com and security by Salesforce.com.
  
18.15 Break
+
20.15 Break  
  
18.45 Presentation: The future of Cloud computing by Carsten Jørgensen, Devoteam
+
20.30 OWASP-DK CTF #1 by Joe and Rasmus Petersen
  
19.15 Presentation: Salesforce.com and security by Salesforce.com.
+
20.55 Next Meeting and Wrap-up.  
 
 
20.15 Break
 
 
 
20.30 OWASP-DK CTF #1 by Joe and Rasmus Petersen
 
 
 
20.55 Next Meeting and Wrap-up.
 
 
 
21.00 Let's hit a bar!
 
  
 +
21.00 Let's hit a bar!
  
 +
<br>
  
 
During the meeting we’ll arrange sandwiches, coffee, fruit etc.  
 
During the meeting we’ll arrange sandwiches, coffee, fruit etc.  
Line 211: Line 209:
 
Weidekampsgade 6  
 
Weidekampsgade 6  
  
2300 København S
+
2300 København S  
  
===Meeting in OWASP-DK 13/5 2009 at 17.30===
+
=== Meeting in OWASP-DK 13/5 2009 at 17.30 ===
  
 
The agenda for the meeting is:  
 
The agenda for the meeting is:  
  
 +
<br>
  
 +
17.30 Welcome by Rasmus Petersen
  
17.30 Welcome by Rasmus Petersen
+
17.45 Presentation: Flash security by Mihai Corlan from Adobe  
 
 
17.45 Presentation: Flash security by Mihai Corlan from Adobe
 
  
18.30 Break
+
18.30 Break  
  
 
18.40 Presentation: Facebook API by Martin Clausen  
 
18.40 Presentation: Facebook API by Martin Clausen  
  
19.10 Break
+
19.10 Break  
  
 
19.20 Presentation: Hack of the Month - opgave 2 by Rasmus Petersen  
 
19.20 Presentation: Hack of the Month - opgave 2 by Rasmus Petersen  
  
19.50 Break
+
19.50 Break  
  
 
20.00 Presentation: Introduction to OWASP-DK CTF #1 by Joe og Rasmus Petersen  
 
20.00 Presentation: Introduction to OWASP-DK CTF #1 by Joe og Rasmus Petersen  
  
20.30 Evaluation and discussion regarding the next meeting
+
20.30 Evaluation and discussion regarding the next meeting  
  
 +
<br>
  
 +
If you want to join the meeting, please send a mail to Rasmus at [email protected].
  
If you want to join the meeting, please send a mail to Rasmus at [email protected].
+
<br>
  
 +
During the meeting we’ll arrange sandwiches, coffee, fruit etc.
  
 +
<br>
  
During the meeting we’ll arrange sandwiches, coffee, fruit etc.
+
The address is:
  
 +
PricewaterhouseCoopers
  
 +
Strandvejen 44
  
The address is:
+
2900 Hellerup
  
PricewaterhouseCoopers
+
=== Meeting in OWASP-DK 24/2 2009 at 17.30 ===
  
Strandvejen 44
+
This will be a meeting where we talk about Rich Internet Application (RIA) technologies. We have arranged a talk from both Microsoft and Sun. Not surprisingly, the talks will be focused on the security side of the technologies.
  
2900 Hellerup
+
Lined up for you we have&nbsp;:
  
===Meeting in OWASP-DK 24/2 2009 at 17.30===
+
*René Løhde from Microsoft who'll talk about Silverlight. Here is a short description from René in danish&nbsp;:
This will be a meeting where we talk about Rich Internet Application (RIA) technologies. We have arranged a talk from both Microsoft and Sun.
 
Not surprisingly, the talks will be focused on the security side of the technologies.
 
  
Lined up for you we have :
+
"Silverlight Security model I .Net er Code Access Security alfa og omega for sikkerhed. I Silverlight og CoreCLR er transparency den vigtigste del af sikkerhedsmodellen og derfor er det vigtigt at vide hvilke restriktioner transparent code er underlagt. I denne session kigges på CoreCLR og de sikkerhedrelaterede aspekter af RIA applikationer med Silverlight. Der kigges blandt andet på Silverlight applikationer under full trust og Silverlight sandbox.”
  
* René Løhde from Microsoft who'll talk about Silverlight. Here is a short description from René in danish :
+
<br>
"Silverlight Security model
 
I .Net er Code Access Security alfa og omega for sikkerhed. I Silverlight og CoreCLR er transparency den vigtigste del af sikkerhedsmodellen og derfor er det vigtigt at vide hvilke restriktioner transparent code er underlagt. I denne session kigges på CoreCLR og de sikkerhedrelaterede aspekter af RIA applikationer med Silverlight. Der kigges blandt andet på Silverlight applikationer under full trust og Silverlight sandbox.”
 
  
 +
*Thorbiörn Fritzon from Sun who'll talk to us about JavaFX. Here is an abstract from Thorbiörn on his talk:
  
* Thorbiörn Fritzon from Sun who'll talk to us about JavaFX. Here is an abstract from Thorbiörn on his talk:
+
"JavaFX and the power of Java. This talk gives an overview of JavaFX, the new Rich Internet Application (RIA) environment for the Java™ platform and the capabilities that it can harness due to the fact that it runs on the complete Java™ platform. The talk will be an introduction to JavaFX and related technologies with a special focus on what Rich Internet Applications require from a security standpoint."  
"JavaFX and the power of Java. This talk gives an overview of JavaFX, the new Rich Internet Application (RIA) environment for the Java™ platform and the capabilities that it can harness due to the fact that it runs on the complete Java™ platform. The talk will be an introduction to JavaFX and related technologies with a special focus on what Rich Internet Applications require from a security standpoint."
 
  
René and Thorbiörn will both talk for about an hour. After the talks we'll have an open discussion about RIA technologies and security in general.
+
René and Thorbiörn will both talk for about an hour. After the talks we'll have an open discussion about RIA technologies and security in general.  
  
This also means that we'll change the program so that there won't be time for any shorts talks about interesting projects this time around due to the fantastic chance that Sun and MS has given us by showing up and talking to us.
+
This also means that we'll change the program so that there won't be time for any shorts talks about interesting projects this time around due to the fantastic chance that Sun and MS has given us by showing up and talking to us.  
  
If you want to join the meeting, please send a mail to Louise at [email protected].
+
If you want to join the meeting, please send a mail to Louise at [email protected].  
  
During the meeting we’ll arrange sandwiches, coffee, fruit etc.
+
During the meeting we’ll arrange sandwiches, coffee, fruit etc.  
  
The address is:
+
The address is:  
  
 
Deloitte  
 
Deloitte  
Line 283: Line 283:
 
Weidekampsgade 6  
 
Weidekampsgade 6  
  
2300 København S
+
2300 København S  
  
 +
<br> It's possible to park in the basement of the Deloitte building. Just drive down the ramp and press the button to talk to our reception.
  
It's possible to park in the basement of the Deloitte building. Just drive down the ramp and press the button to talk to our reception.
+
=== Medlemsmøde i OWASP-DK - kl 17.30, 3. december 2008  ===
  
=== Medlemsmøde i OWASP-DK - kl 17.30, 3. december 2008 ===
+
==== Dagsorden  ====
  
==== Dagsorden ====
+
===== Del I - Velkomst og oplæg  =====
  
===== Del I - Velkomst og oplæg =====
+
17.30 Velkomst v. Klaus Agnoletti  
17.30                 Velkomst v. Klaus Agnoletti
 
  
17.40                 Oplæg - Webscarab intro v. Henrik Kramshøj
+
17.40 Oplæg - Webscarab intro v. Henrik Kramshøj  
  
18.05                 Oplæg - Hacking flash med Webscarab v. Martin Clausen
+
18.05 Oplæg - Hacking flash med Webscarab v. Martin Clausen  
  
18.30                 Oplæg - Nem Login v. Thomas Gundel
+
18.30 Oplæg - Nem Login v. Thomas Gundel  
  
18.55                 Oplæg - Web Application Attack and Audit Framework v. Robert Larsen
+
18.55 Oplæg - Web Application Attack and Audit Framework v. Robert Larsen  
  
19.20 Pause og sandwiches
+
19.20 Pause og sandwiches  
  
===== Del II - OWASP =====
+
===== Del II - OWASP =====
  
19.30                 Intro til den globale OWASP forening v. Niels Bach
+
19.30 Intro til den globale OWASP forening v. Niels Bach  
  
19.40                 Præsentation af DK Chapter nu og i fremtiden v. Ulf Munkedal
+
19.40 Præsentation af DK Chapter nu og i fremtiden v. Ulf Munkedal  
  
20.00                 Evaluering og aftale om næste mødeaktivitet
+
20.00 Evaluering og aftale om næste mødeaktivitet  
  
Vi forventer at mødet slutter senest 20.30.
+
Vi forventer at mødet slutter senest 20.30.  
  
 +
<br> Adresse:
  
Adresse:
+
Deloitte
  
Deloitte
+
Weidekampsgade 6  
 
 
Weidekampsgade 6
 
  
 
2300 København S
 
2300 København S

Revision as of 15:55, 6 July 2010

OWASP Denmark

Welcome to the Denmark chapter homepage. The chapter leader is Ulf Munkedal


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


<paypal>Denmark</paypal>

Editing OWASP pages

As discussed on our first meeting, www.owasp.dk now points to this site. However, when entering the site using this URL, you can't edit the page if you have configured your browser to not accept 3rd party cookies. Instead, enter the site using this link.

Local News

A general presentation of OWASP and the danish chapter, please open this.

Meetings in OWASP-DK in 2010

We have decided to do things slightly different this year, and expand the team of organisers to include more people. One of the things we'll do is to make sure that every meeting is arranged by two people - one from the facilitating company and someone else. That someone else could be anyone. The only thing you have to do is to find out - along with the list - what should be arranged at the meeting and update the homepage and send out invites. Not really that much work.

We'll decide the location at the meetings from time to time.


Meetings in 2010 will be on the following dates and locations:


25/3 at PwC. Arranger: Rasmus Petersen and you! (was canceled)

17/6 at Deloitte

23/9

9/12


Send out a mail to the list asap if you want to be a part of arranging meetings and raise your hand at the next meeting (at the right time).

Meeting in OWASP-DK 17/6 2010 at 17.00

Tidspunkt: Torsdag d. 17/6 kl. 17.

Sted: Hos Deloitte, Weidekampsgade 6, 2300 København S. Spørg efter Klaus Agnoletti.

Program:

17.00 : Velkommen til. Mingle og netværk.

17.30 : Angreb på "hjemmelavede" krypto løsninger af Emil Gurevitch

18.00 : Case: XSS i Google Search API og sikring mod dette i Perl af Jonas B. Nielsen

18.30 : Videreuddannelse og certificeringer af Rasmus Petersen

Som du kan se, er listen over talere ret kort så vi vil meget gerne have flere talere på. så hvis du sidder og ved noget spændende om et eller andet der har noget med sikkerhed at gøre, eller har hørt om noget spændende for nyligt til en konference i udlandet, så kom da endeligt og fortæl om det. OWASP-DK er i høj grad afhængig af folks eget initiativ. Hvis du vil være med i det fine selskab af talere så send en mail til kagnoletti at deloitte prik dk.

Tilmelding Send en mail senest 16. juni til Louise på [email protected] (men gerne med det samme).


Presentations from previous OWASP meetings

17/6 2010

Rasmus Petersens presentation on Courses and certifications

Emil Gurevitch's presentation on Practical Crypto Attacks (Part 1)

11/11 2009

Søren Maigaards presentation on surveillance and logging based on Amazon

Simon Kaastrup-Olesen and Kasper Pedersens presentation on Cloud Computing in Copenhagen municipality

19/8 2009

Klaus Agnolettis presentation on introduction to Cloud Computing

Erling Jepsens OWASP-DK CTF #1 winner entry

13/5 2009

Mihai Corlans presentation on Flash Security

Rasmus Petersens presentation on Hack of the Month - opgave 2

Joe and Rasmus Petersens presentation on Introduction to OWASP-DK CTF #1

24/2 2009

Rene Løhdes slides on Silverlight security

Thorbiörn Fritzons slides on JavaFX security

3/12 2008

Henrik Kramshøjs presentation on using Webscarab

Martin Clausens presentation on Flash security

Thomas Gundels presentation on Nem Login

Older news

Meeting in OWASP-DK 14/12 2009 at 17.00

Der inviteres til årets sidste OWASP møde! Kom og vær med.

Tema: Ny OWASP Top10 release candidate 1 - hvad synes vi egentlig om den?

Tidspunkt: Mandag 14. december 2009 kl. 17.

Sted: Hos Deloitte, Weidekampsgade 6, 2300 København S. Spørg efter Klaus Agnoletti.

Program:

17.00 : Velkommen til. Mingle og netværk.

17.30 : Kort gennemgang af OWASP Top 10 2010 rc1 med fokus på det der er nyt (Ulf Munkedal).

18.15 : Benstræk og kort spisepause.

18.30 : Diskussion (fælles feedback sendes ind til Owasp arbejdsgruppen), fx: (Moderator: Ulf Munkedal. Vi skal have mindst en referent til at skrive et engelsk referat da vi kun har indtil udgangen af december til at indsende vores kommentarer)

- Er det de rigtige risici, der står på listen? Er det det her, som vi ser hos kunder/i virksomheder?

- Er listen i rigtig rækkefølge? Læg mærke til, at den nu er risikobaseret.

- Er listen formuleret så man kan forstå den? Fungerer den for pentestere og PCI-auditors? Forstår ikke-konsulenter den?

- Hvordan vil vi gå ud med listen i OWASP Danmark? Listen i sig selv gør jo ikke nogen glade. Hvordan bruger vi den til at gøre verden lidt bedre?

- Skal vi oversætte den til dansk når den er endeligt klar? (fx to personer pr. punkt).

20.00 : Andet? Fx:

- Et kig frem mod 2010 (fx konferencen i Stockholm i Juni)

- Den nye TLS sårbarhed (som jeg kan forstå ikke blev drøftet på sidste Owasp møde?)

20.30 : Julehygge! Rygterne vil vide, at Klaus/Deloitte disker op med lidt godter. :)

Vil du hjælpe? Vi skal finde mindst en "frivillig", der kan skrive et kort engelsk referat af vores feedback, som vi kan sende til Top 10 projekt gruppen.

Tilmelding Send en mail senest 10. december til Louise på [email protected] (men gerne med det samme).

Links (godt til forberedelse inden mødet):

http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Og Dave's presentation fra DC:

http://www.owasp.org/images/a/a1/AppSec_DC_2009_-_OWASP_Top_10_-_2010_rc1.pptx

Vel mødt!

--Ulf Munkedal 22:19, 2 December 2009 (UTC)


Meeting in OWASP-DK 11/11 2009 at 17.30

17:30 Welcome - and OWASP basics by Klaus Agnoletti, Deloitte.

17:35 Overvågning og logning i Cloud Computing by eSec

18:05 Overvågning og logning i Cloud Computing based on Amazon by Inspekt Security

18:35 Break

19:00 Cloud Computing i Københavns Kommune by Simon Kaastrup-Olesen and Kasper Pedersen, Københavns Kommune

19:30 Awareness virker ikke by Carsten Jørgensen, Devoteam

19:45 PwC: Awareness

20:30 What is a web application firewall? (WAF) - including demonstration by Jacob Gercke and Srebrenko Sehic, Armorlogic

21.00 Let's hit a bar


The meeting will be held at DKUUG, Symbion, Fruebjergvej 3, København Ø.

In order for DKUUG to know how many people will attend the meeting, you need to register at [email protected] no later than 10/11 2009.

DKUUG will serve sandwiches, coffee, tea and water.

Meeting in OWASP-DK 19/8 2009 at 17.30

The Agenda for the meeting is:

17.30 Welcome - and OWASP basics by Klaus Agnoletti, Deloitte.

17.45 Presentation: Cloud Computing Basics by Klaus Agnoletti, Deloitte

18.15 Break

18.45 Presentation: The future of Cloud computing by Carsten Jørgensen, Devoteam

19.15 Presentation: Salesforce.com and security by Salesforce.com.

20.15 Break

20.30 OWASP-DK CTF #1 by Joe and Rasmus Petersen

20.55 Next Meeting and Wrap-up.

21.00 Let's hit a bar!


During the meeting we’ll arrange sandwiches, coffee, fruit etc.

The address is:

Deloitte

Weidekampsgade 6

2300 København S

Meeting in OWASP-DK 13/5 2009 at 17.30

The agenda for the meeting is:


17.30 Welcome by Rasmus Petersen

17.45 Presentation: Flash security by Mihai Corlan from Adobe

18.30 Break

18.40 Presentation: Facebook API by Martin Clausen

19.10 Break

19.20 Presentation: Hack of the Month - opgave 2 by Rasmus Petersen

19.50 Break

20.00 Presentation: Introduction to OWASP-DK CTF #1 by Joe og Rasmus Petersen

20.30 Evaluation and discussion regarding the next meeting


If you want to join the meeting, please send a mail to Rasmus at [email protected].


During the meeting we’ll arrange sandwiches, coffee, fruit etc.


The address is:

PricewaterhouseCoopers

Strandvejen 44

2900 Hellerup

Meeting in OWASP-DK 24/2 2009 at 17.30

This will be a meeting where we talk about Rich Internet Application (RIA) technologies. We have arranged a talk from both Microsoft and Sun. Not surprisingly, the talks will be focused on the security side of the technologies.

Lined up for you we have :

  • René Løhde from Microsoft who'll talk about Silverlight. Here is a short description from René in danish :

"Silverlight Security model I .Net er Code Access Security alfa og omega for sikkerhed. I Silverlight og CoreCLR er transparency den vigtigste del af sikkerhedsmodellen og derfor er det vigtigt at vide hvilke restriktioner transparent code er underlagt. I denne session kigges på CoreCLR og de sikkerhedrelaterede aspekter af RIA applikationer med Silverlight. Der kigges blandt andet på Silverlight applikationer under full trust og Silverlight sandbox.”


  • Thorbiörn Fritzon from Sun who'll talk to us about JavaFX. Here is an abstract from Thorbiörn on his talk:

"JavaFX and the power of Java. This talk gives an overview of JavaFX, the new Rich Internet Application (RIA) environment for the Java™ platform and the capabilities that it can harness due to the fact that it runs on the complete Java™ platform. The talk will be an introduction to JavaFX and related technologies with a special focus on what Rich Internet Applications require from a security standpoint."

René and Thorbiörn will both talk for about an hour. After the talks we'll have an open discussion about RIA technologies and security in general.

This also means that we'll change the program so that there won't be time for any shorts talks about interesting projects this time around due to the fantastic chance that Sun and MS has given us by showing up and talking to us.

If you want to join the meeting, please send a mail to Louise at [email protected].

During the meeting we’ll arrange sandwiches, coffee, fruit etc.

The address is:

Deloitte

Weidekampsgade 6

2300 København S


It's possible to park in the basement of the Deloitte building. Just drive down the ramp and press the button to talk to our reception.

Medlemsmøde i OWASP-DK - kl 17.30, 3. december 2008

Dagsorden

Del I - Velkomst og oplæg

17.30 Velkomst v. Klaus Agnoletti

17.40 Oplæg - Webscarab intro v. Henrik Kramshøj

18.05 Oplæg - Hacking flash med Webscarab v. Martin Clausen

18.30 Oplæg - Nem Login v. Thomas Gundel

18.55 Oplæg - Web Application Attack and Audit Framework v. Robert Larsen

19.20 Pause og sandwiches

Del II - OWASP

19.30 Intro til den globale OWASP forening v. Niels Bach

19.40 Præsentation af DK Chapter nu og i fremtiden v. Ulf Munkedal

20.00 Evaluering og aftale om næste mødeaktivitet

Vi forventer at mødet slutter senest 20.30.


Adresse:

Deloitte

Weidekampsgade 6

2300 København S