This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
File list
This special page shows all uploaded files.
| Date | Name | Thumbnail | Size | Description | Versions |
|---|---|---|---|---|---|
| 21:46, 3 January 2014 | Email info.png (file) |  |
19 KB | 1 | |
| 21:46, 3 January 2014 | Info.png (file) |  |
19 KB | 1 | |
| 21:54, 3 January 2014 | Slides.png (file) |  |
3 KB | Source: http://findicons.com/icon/51042/presentation?id=51112 | 1 |
| 22:01, 3 January 2014 | Person.png (file) |  |
4 KB | Source: http://findicons.com/icon/67167/gnome_stock_person?id=67895 | 1 |
| 00:13, 4 January 2014 | 20131022-node security-disenchant.pdf (file) |  |
3.34 MB | * Using Node.js can be a good thing but you ** have to care about a lot of things ** know the modules you can use ** need to write a lot of code yourself until someone writes a module for it * We have to wait for (and help) improve modules that make No... | 1 |
| 00:19, 4 January 2014 | 20070212-xss worms-disenchant.pdf (file) | |
535 KB | Table of Content * Basics on XSS * How XHRs work * Famous XSS-Worms * Anatomy of XSS-Worms * The full risk * Webbased Dynamic Botnets * Countermeasures | 1 |
| 18:36, 6 January 2014 | 20110412-aspnet viewstate security-alexandre.pdf (file) | |
0 bytes | Agenda * Headlines and ViewState Intro * ViewState Flaw * How to Protect ** Input Validation / Request Validation ** Output Encoding ** How to really avoid ViewSTat4e Tampering * Conclusion | 1 |
| 18:41, 6 January 2014 | 20131022-advances in secure aspnet development-alexandre.pdf (file) | |
2.86 MB | Agenda * Introduction to .NET * Configuration of (ASP).NET 4.5 * Key security points of application lifecycle ** Development ** Deployment ** Operations ** Third party component review | 1 |
| 09:56, 20 February 2014 | 20140219-SSDLC Ready for Clouds-Robert.pdf (file) | |
1.35 MB | S-SDLC – Ready for Clouds? (by Robert Schneider, Swisscom IT Services AG ) Many companies have it (somehow) and numerous are planning to implement one – a Secure Software Development Life Cycle (S-SDLC). As Swisscom is building a new Cloud, the who... | 1 |
| 18:52, 10 April 2014 | 20140409-SSL TLS jungle-Dobinrutis.pdf (file) | |
1.44 MB | The protocols SSL and TLS are widely used to ensure confidentiality and integrity of data transmitted over insecure networks. As every implementation of crypto algorithms, they come in different versions, and can contain a multitude of errors, faults a... | 1 |
| 09:29, 29 May 2014 | Location.png (file) |  |
29 KB | 2 | |
| 09:45, 27 June 2014 | 20140617-XSS and beyond-Rene.pdf (file) | |
3.14 MB | 2 | |
| 14:22, 2 September 2014 | 20140820-Flash Security by Arcus Security.pdf (file) | |
888 KB | (Client-Side) Flash Security by Stefan Horlacher Flash has always been infamous for its security issues. Most of the time we hear about memory corruption vulnerabilities like buffer overflows and how clients are attacked. As such attacks are widely kno... | 1 |
| 10:16, 19 October 2014 | Test-Schattenbaum.png (file) |  |
10 KB | 1 | |
| 10:19, 19 October 2014 | Facebook-icon.png (file) |  |
10 KB | Same image as the last version. However, I am trying to fix a bug within chrome, by reuploading this image. (The image is shown in the latest Firefox but not in Chrome...) | 4 |
| 10:20, 19 October 2014 | Follow-us-on-twitter.png (file) |  |
69 KB | Same image as the last version. However, I am trying to fix a bug within chrome, by reuploading this image. (The image is shown in the latest Firefox but not in Chrome...) | 2 |
| 14:16, 30 October 2014 | Owasp switzerland geneva logo.png (file) |  |
111 KB | 1 | |
| 10:14, 6 March 2015 | 20150218-Abusing JSONP with Rosetta Flash-miki.it.pdf (file) | |
2.93 MB | Michele will present an exploitation technique that involves crafting charset-restricted Flash SWF files in order to abuse JSONP endpoints and allow Cross Site Request Forgery attacks against domains hosting JSONP endpoints, bypassing the Same Origin P... | 1 |
| 08:14, 27 April 2015 | 20150415-Android apps in sheeps clothing-Tobias Ospelt-modzero.pdf (file) | |
13.06 MB | Android is the most widely used mobile operating system worldwide. The Android permission system is broken by design and probably the worst problem in the entire Android ecosystem. Additionally, Android is providing very risky and overly permissive fea... | 1 |
| 19:57, 1 July 2015 | OWASP Switzerland Meeting 2015-06-17 XSLT SSRF ENG.pdf (file) | |
1.52 MB | An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possi... | 1 |
| 11:55, 6 July 2015 | Owasp switzerland register.png (file) |  |
9 KB | Chapter meeting register button. Used template from fkrivda.com & addaptions made by schattenbaum.ch | 1 |
| 19:10, 30 July 2015 | Twitter button.png (file) |  |
3 KB | 2 | |
| 19:10, 30 July 2015 | Facebook button.png (file) |  |
2 KB | 1 | |
| 19:10, 30 July 2015 | Mailinglist button.png (file) |  |
3 KB | 1 | |
| 19:19, 30 July 2015 | Register button.png (file) |  |
3 KB | 1 | |
| 12:12, 21 October 2015 | 20151014-Application Security Testing by Static Code Analysis-blitzfranklyn.pdf (file) | |
627 KB | Application security is in the focus of attention in a world where digitization is becoming one of the key business success factor and where current breaches show that companies face serious threats from professional hackers. For security professionals... | 1 |
| 08:16, 15 January 2016 | 20151215-Top X OAuth 2 Hacks-asanso.pdf (file) | |
9.46 MB | The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity. As the web grows, more and... | 1 |
| 08:18, 15 January 2016 | 20151215-Reliable log data transfer-Pascal Buchbinder.pdf (file) | |
290 KB | (about syslog, logstash and log data signing) Collecting and processing log data has never been so easy as it is today. However, there are still some implementation details to consider in order to ensure that you don't lose any data. Choosing the wrong... | 1 |
| 07:49, 19 May 2016 | Owasp switzerland next meeting.png (file) |  |
10 KB | 16 | |
| 06:30, 29 June 2016 | 20160607-xssi-the tale of a fameless but widepsread vulnerability-Veit Hailperin.pdf (file) | |
2.01 MB | "XSSI - The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion... | 1 |
| 10:50, 6 October 2016 | 20161004-Bug Bounty progams in Switzerland-Florian Badertscher.pdf (file) | |
1.37 MB | For over a year now Swisscom runs its own Bug Bounty program and has chosen to follow a different approach than many of the other well-known programs. Learn what it takes to set up the program, keep it running in a highly diverse environment and deal w... | 1 |
| 09:01, 7 July 2017 | Meetup-logo.png (file) |  |
6 KB | 1 | |
| 19:34, 16 July 2017 | Crs3.png (file) |  |
160 KB | 1 | |
| 19:59, 23 August 2017 | 20170816-Introducing the OWASP ModSecurity Core Rule Set 3-Christian Folini.pdf (file) | |
6.87 MB | The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those s... | 1 |
