This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 02:19, 25 March 2012 by John.wilander (talk | contribs) (Added link to Jim's slides)

Jump to: navigation, search

OWASP Sweden

Welcome to the Sweden chapter homepage. The chapter co-leaders are John Wilander, Mattias Bergling, and Robert Malmgren


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

The OWASP Sweden blog

For lengthy news and event reports please visit the OWASP Sweden blog (in Swedish).

Local News

Slides from the OWASP Sweden Meeting, Stockholm, March 20, 2012

Here are the slides ( from Jim Manico's presentation on "Web Application Access Control Design Excellence".

OWASP Sweden Meeting, Stockholm, March 20, 2012: "Web Application Access Control Design Excellence"

Welcome to an OWASP Sweden seminar March 20, with Jim Manico. Book your seat at Eventbrite.

This event will be in English.

Sponsors for this event are:

  • F5 who is sponsoring for Jim's travel and hotel
  • .SE sponsoring with the venue
  • Cybercom who will supply you with beverage and snacks during the evening

The Speaker Jim Manico is a profile in the OWASP community working with the OWASP podcasts and ESAPI amongst other things. During march he is doing a nordic tour and will be visiting the chapters in Finland, Sweden, Norway and Denmark and we have the pleasure of welcoming him to Stockholm on March 20. Read more on the OWASP webpage

Abstract for Jim´s talk:

Web Application Access Control Design Excellence

Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.

OWASP Sweden SSL Day, Stockholm, November 23 2011

OWASP Sweden, Stockholm branch is happy to announce a full-day on the topic of SSL in cooperation with Internetdagarna

The speakers are

  • Jakob Schlyter, Kirei
  • John Wilander, OWASP Sweden and Handelsbanken
  • Andreas Jonson, Romab
  • Henrich Pöhls, University of Passau
  • Robert Malmgren, OWASP Sweden and Romab
OWASP Sweden Meeting March 7 2011, "Security impact of SVG" + ""ECMA Script 5, a frozen DOM and the eradication of XSS

Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft while finishing his PhD thesis.

We're very happy to invite Mario to OWASP Sweden in March. His two talks will be given in English at Royal Institute of Technology (KTH).

Get your ticket now at Eventbrite.

Mario's slides:
Media:Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf‎ "The Image That Called Me" on SVG security
Media:Mario_Heiderich_OWASP_Sweden_Locking_the_throneroom.pdf‎ "Locking the Throneroom" on locking the DOM to eradicate XSS

OWASP Sweden Meeting, Jan 31 2011, "HTTP-säkerhet"

Daniel Stenberg, Martin Holst Swende, and John Wilander will give talks for OWASP Sweden on Jan 31, 5:30 pm - 21 pm. The topics are Websockets, the new Cookie RFC, Content Security Policy, HTTP Strict Transport Security, and X-Frame-Options. We will be in lecture hall "New York", World Trade Center, Stockholm (map).

Omegapoint are sponsors and there will be lighter food and beers.

OWASP Sweden reaches 500 members ... and gets three leaders

OWASP Sweden now has a stunning 500 members on the mailing list. From now the chapter will be lead by three co-leaders: John Wilander, Mattias Bergling, and Robert Malmgren.

OWASP Sweden invites Samy Kamkar, October 4, 2010

Samy Kamkar, famous for the Samy XSS attack on MySpace in 2005 will be giving a talk for OWASP Sweden on October 4, 5:30 pm - 22 pm. We will be in Ljusgården, Årstaängsvägen 19, Marievik/Liljeholmen, Stockholm (map).

Nexus Safe and [email protected] are sponsors and there will be lighter food and beers.


Go to EventBrite and register for free now!

OWASP-Sweden + FOSS Sthlm "Community Hack" September 4-5 2010

The first weekend of September OWASP Sweden together with FOSS Sthlm invite our members to Community Hack II in Stockholm. A full weekend of hacking on open projects, testing new security hacks, trying out tools (for instance the favorite OWASP tool you've always wanted to learn), or writing new, open guidelines.

Go to EventBrite and register for free now!

OWASP AppSec Research 2010 in Stockholm, June 21-24 2010

June 21-24, 2010 appsec people will meet in beautiful Stockholm, Sweden. The OWASP chapters in Sweden, Norway, and Denmark together with Stockholm University host the OWASP AppSec Research 2010.

OWASP-Sweden Meeting January 21st 2010 -- The Big Protocols

Stiftelsen för Internetinfrastruktur (.SE) and Swedish Network Users' Society (SNUS) invite us to three seminars on the big protocols: BGP, DNSSEC, and SSL/TLS.

Program and invitation (in Swedish): File:OWASP Sweden - De stora protokollen 2010-01-21.pdf

OWASP-Sweden Meeting December 2nd 2009 -- OWASP Top 10 2010 (rc1)

Omegapoint invites us to discuss the release candidate of OWASP Top 10 2010 that was presented at OWASP AppSec DC November 13th. The invitation in Swedish is found File:OWASP Sweden Top 10 december 2009.pdf. Don't forget to send an email to John Wilander ([email protected]) no later than November 23rd to say you're coming. Seats usually fill up fast.

OWASP AppSec Research 2010, June 21-24 in Stockholm, Sweden

OWASP Sweden, Norway, and Denmark invite you to OWASP AppSec Research 2010, June 21-24 in Stockholm. Read more on the conference wiki page.

OWASP-Sweden Meeting April 28th 2009 -- Code Analysis and Review

The second chapter meeting of 2009 will be held on Tuesday April 28th at Clarion Hotel Stockholm. The focus is code analysis and code review. Fortify sponsors the event and welcome the chapter members to refreshments, starting at 17.30.

The program:

  • Fredrik Möller (Fortify) will biefly present Fortify and their support of OWASP
  • David Anumudu (Fortify) will present and do a live demo of Fortify Solution
  • James Dickson (Simovits Consulting) will give a talk on code review

Don't forget to send an email to John Wilander ([email protected]) no later than April 23rd to say you're coming. We need to know how many will turn up.

OWASP-Sweden Meeting March 26th 2009 -- XSS & CSRF

The first meeting of 2009 will be held Thursday March 26th at LabCenter, Oxtorgsgränd 2, Stockholm. The focus is cross-site scripting and cross-site request forgery, attacks and countermeasures. Inspect it and LabCenter sponsor the event and welcome the chapter members to refreshments, starting at 17.00.

The program:

  • Hasain Alshakarti, TrueSec: "XSS & CSRF -- A Deadly Cocktail"
  • Sergio Molero, Concrete IT: "Skydd mot XSS och CSRF"

Don't forget to send an email to Mattias Bergling ([email protected]) no later than March 23rd to say you're coming. We need to know how many will turn up.

OWASP-Sweden Meeting November 19th 2008 -- PCI DSS

The next chapter meeting is Wednesday November 19th. The focus of the seminars is on PCI-DSS, i.e. security in payment card handling on the Internet. The program:

  • Mats Henriksson, Pan Nordic Card Assoc: "PCI DSS - Tre goda anledningar"
  • Pål Göran Stensson, Defensor Sverige AB: "PCI DSS - Externa krav och konsulten"
  • Bengt Berg, Cybercom Sweden East AB: "Olika angreppssätt på PCI DSS"

The meeting is fully booked. But do send an email to John Wilander ([email protected]) to say you're interested and we'll let you know if seats become available.

OWASP Sweden Hosts the OWASP AppSec Europe Conference 2010

We're hosting the European OWASP AppSec conference in 2010! Please read the announcement.

OWASP-Sweden Meeting October 6th 2008 -- Security in the Open Source Process

The next chapter meeting is Monday October 6th at Clarion Hotel Stockholm (Skanstull). The focus of the seminars will be on "Security in the Open Source Process". Refreshments will be served from 16:30 and the seminars will commence at 17:30. Except for a closing panel discussion the program contains the following:

  • Simon Josefsson, SJD: ”Anekdoter och lärdomar från granskning av säkerhetsprogram”
  • Daniel Stenberg, ”Säker kod och utveckling i cURL-projektet”
  • Anders Karlsson, MySQL och Sun Microsystems: ”MySQL: Säkerhet i ett kommersiellt open source-projekt”

Don't forget to send an email to Robert Malmgren ([email protected]) no later than September 29th to say you're coming. We need to know how many will turn up.

OWASP-Sweden Meeting May 27th 2008 - SQL Injection, Web Scarab

OWASP-Sweden welcomes its members to the next chapter meeting - Tuesday May 27th at Clarion Hotel Stockholm. Refreshments will be served from 17:00, demos will be shown from 17:30, and the seminars will commence at 18:00. The main attractions are:

  • Patrik Karlson, Inspect it: "SQL injection, identifiering och utnyttjande"
  • Johannes Gumbel, TrueSec: "WebScarab—funktioner, fördelar och nackdelar"

Don't forget to send an email to Mattias Bergling ([email protected]) no later than May 21st to say you're coming. We need to know how many will turn up.

Kick-Off Meeting for OWASP-Sweden April 1st 2008

The OWASP-Sweden kick-off will be held at WTC in Stockholm on April 1st. Yeah, it's April Fool's Day but we go under the tagline "Application Security is Not a Joke". The presentation program includes:

  • Andrei Sabelfeld, well-known security researcher from Chalmers
  • Michael Anderberg, Chief Security Advisor at Microsoft Sweden
  • Per Mellstrand, software analyst at Sony Ericsson and researcher at Blekinge Institute of Technology

Don't forget to send an email to John Wilander ([email protected]) no later than March 27 to say you're coming. We need to know how many will turn up.

We're kicking off!

OWASP-Sweden in Computer Sweden - 08:44, 19 Dec 2007 (EDT)

Today the Swedish national IT newspaper 'Computer Sweden' published an article on the new OWASP-Sweden chapter - Mecka för säker programmering till Sverige, or A Mecka for Secure Programming Reaches Sweden in English. While OWASP is more than a programmer's guide, Mattias Bergling and I are very happy to get the news out to a large part of Sweden's IT industry.

To become a member of Owasp-Sweden just join the mailing list.

OWASP-Sweden opens! - 22:25, 01 Oct 2007 (EDT)

Finally, Sweden has joined the OWASP movement and John Wilander, the local chapter leader, welcomes members to the Stockholm-based OWASP-Sweden. Please, join our mailing list. Plans for meetings and seminars will be made.

Are you interested in helping out? Do you have ideas for great invited speakers or workshop meetings? Feel free to contact the chapter.