This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Switzerland"

From OWASP

Jump to: navigation, search

Revision as of 06:31, 6 August 2014

Welcome
Next Meetings
Past Meetings
Participation
Sponsoring
Chapter Material

Welcome to the Home Page of the OWASP Switzerland Chapter.

The chapter leader is Sven Vetsch supported by the members of the board Antonio Fontes and Alexis FitzGerald. Please contact us with any questions about the chapter.
Please subscribe to the mailing list for meeting announcements and other news related to OWASP in Switzerland.
You can follow us on Twitter and Facebook

If you're living in the French speaking part of Switzerland, please also visit the OWASP Geneva chapter for more information.

Please find below the planned dates for the upcoming OWASP Switzerland Meetings:

Wednesday, August 20th 2014
Tuesday, October 21th 2014
Wednesday, December 10th 2014

Wednesday, August 20th 2014
We'd like to invite you to the fourth of six OWASP Switzerland meetings in 2014. Please make sure to register for the event.

When:
Wednesday, August 20th 2014

Starting at 18:00

Doors at 17:30

What:
(Client-Side) Flash Security by Stefan Horlacher

Flash has always been infamous for its security issues. Most of the time we hear about memory corruption vulnerabilities like buffer overflows and how clients are attacked. As such attacks are widely known, this presentation will focus on the less known vulnerabilities that might arise through the use of Flash. This presentation is going to show concepts such as client settings, cross-domain policies and how Flash files may be embedded in your web site in a secure way. Furthermore, common vulnerabilities found in Flash applications will be presented (e.g.: Cross-Site Flashing, redirection attacks and others). Some of these vulnerabilities will be demonstrated in a live demo.

Where:
Kantonsschule Hohe Promenade

Promenadengasse 11

8001 Zürich

Arrival

Exact location is the gallery of the "Mediothek" in the Kantonsschule Hohe Promenade. It's on the first floor next to the elevator.

Who:
As usual, all of our meetings are open to everyone and free of charge.

Agenda
18:00 – 18:15 | Intro and Update on OWASP by Sven Vetsch, OWASP Switzerland

18:20 – 19:00 | (Client-Side) Flash Security by Stefan Horlacher

19:20 – **:** | Dinner

Date	Event	Topic
2014-06-17	Chapter Meeting	XSS and beyond
2014-04-09	Chapter Meeting	SSL/TLS jungle - bringing light into the cipher forest
2014-02-19	Chapter Meeting	S-SDLC – Ready for Clouds?
2013-12-17	Chapter Meeting	Annual Review & Outlook
2013-10-22	Chapter Meeting	Advances in secure (ASP).NET development – Break the hacker's spirit
2013-10-22	Chapter Meeting	Node.js Security
2013-04-09	Chapter Meeting	Tools (not) to use
2012-09-19	Security-Zone	OWASP Top 10 Mobile Risks
2012-06-12	Chapter Meeting	Reversing Android Apps
2012-02-14	Chapter Meeting	Analysis of the RSA Security Breach
2011-12-13	Chapter Meeting	AppSec - Why is it important
2011-12-13	Chapter Meeting	Dangers of Firefox Add-On's
2011-10-11	Chapter Meeting	Presentation of the OWASP Top 10 & a hands-on session
2011-08-09	Chapter Meeting	Foundation of OWASP Switzerland Association
2011-06-14	Chapter Meeting	Automatic CRL updates for the Apache Web server
2011-06-14	Chapter Meeting	New Standards and upcoming Technologies in Browser Security (Slides by Tobias Gondrom)
2011-05-12	Swiss Cyber Storm III	Do you know OWASP?
2011-04-12	Chapter Meeting	ASP.NET & ViewState Security
2010-04-12	Chapter Meeting	Usability vs. Security
2010-04-12	Chapter Meeting	2-factor authentication for mobile devices: a secure and practical approach
2009-06-25	Chapter Meeting	Benefits of a security API such as ESAPI
2009-06-25	Chapter Meeting	Advanced SQL injection exploitation to operating system full control
2009-04-07	Chapter Meeting	Open security architecture (www.opensecurityarchitecture.org)
2009-04-07	Chapter Meeting	XSRF and JSON hijacking & a hands-on session
2008-09-08	Chapter Meeting	Quality of services for web applications (Hands-On Workshop)
2008-09-08	Chapter Meeting	XML Security (Hands-On Workshop)
2008-09-08	Chapter Meeting	ISC2/Application security
2008-04-01	Global OWASP Week	Taking Apache access logs to the next level
2008-04-01	Global OWASP Week	Implementing an Application Security Lifecycle programme
2008-04-01	Global OWASP Week	WebAppSec the Big Picture
2007-12-11	Chapter Meeting	Certified Secure Web
2007-12-11	Chapter Meeting	Secure Development Life Cycle
2007-12-11	Chapter Meeting	Securing my Assets (Presentation & Demo)
2007-09-20	Security-Zone	OWASP Testing Guide
2007-09-19	Security-Zone	OWASP Top 10
2007-07-24	Chapter Meeting	OWASP - An Overview
2007-07-24	Chapter Meeting	Dependability for Java Mobile Code
2007-07-24	Chapter Meeting	OWASP Top 10 (Demo)
2007-04-26	Chapter Meeting	Risk metrics
2007-02-12	Chapter Meeting	XSS-Worms
2006-11-11	Chapter Meeting	OWASP Switzerland Chapter Kick-Off Meeting

OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

Our main topics are:

Security testing
Secure development
Hacking
Secure Architectures

If you would like to give a presentation (make sure that you have read and understood the speaker agreement), or have any questions about the OWASP Switzerland Chapter, send an email to Sven Vetsch.

Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact Sven Vetsch to talk about the following sponsoring possibilities.

Chapter Supporter
Single Meeting Supporter
Facility Sponsor
Organization Supporters (allocating 40% of your annual donation to our Chapter)

Here you can find material related to the OWASP Switzerland Chapter.

OWASP Switzerland bylaws (in German)
Download bylaws

OWASP Switzerland Update Presentation (December 13th 2011)
Download Presentation

<paypal>Switzerland</paypal>

Retrieved from "https://wiki.owasp.org/index.php?title=Switzerland&oldid=180128"

Categories:

@@ Line 15: / Line 15: @@
 = Next Meetings  =
 Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
-* '''Wednesday, August 20th 2014''' (more information can be found [http://lists.owasp.org/pipermail/owasp-switzerland/2014-August/000279.html here])
+* '''Wednesday, August 20th 2014'''<!--(more information can be found [http://lists.owasp.org/pipermail/owasp-switzerland/2014-August/000279.html here])-->
 * Tuesday, October 21th 2014
 * Wednesday, December 10th 2014
-<!--
 <br>
 ----
 <br>
-'''Tuesday, June 17th 2014'''<br>
+'''Wednesday, August 20th 2014'''<br>
-We'd like to invite you to the third of six OWASP Switzerland meetings in 2014. Please make sure to [http://doodle.com/f4affysew6upxa8c register] for the event.
+We'd like to invite you to the fourth of six OWASP Switzerland meetings in 2014. Please make sure to [http://doodle.com/r9yc9k26vkuhp6k4 register] for the event.
 * When:
-*:Tuesday, June 17th 2014
+*:Wednesday, August 20th 2014
 *:Starting at 18:00
 *:Doors at 17:30
 * What:
-*:'''XSS and beyond''' (''René Freingruber, SEC Consult [[Image:person.png|20px|link=https://www.sec-consult.com/]]'')
+*:'''(Client-Side) Flash Security''' ''by Stefan Horlacher [[Image:person.png|20px|link=]]''
-*:Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it’s possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it’s possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn’t crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.
+*:Flash has always been infamous for its security issues. Most of the time we hear about memory corruption vulnerabilities like buffer overflows and how clients are attacked. As such attacks are widely known, this presentation will focus on the less known vulnerabilities that might arise through the use of Flash. This presentation is going to show concepts such as client settings, cross-domain policies and how Flash files may be embedded in your web site in a secure way. Furthermore, common vulnerabilities found in Flash applications will be presented (e.g.: Cross-Site Flashing, redirection attacks and others). Some of these vulnerabilities will be demonstrated in a live demo.
 * Where:
-*:Credit Suisse
+*:Kantonsschule Hohe Promenade
-*:Europaallee 1
+*:Promenadengasse 11
-*:8004 Zürich
+*:8001 Zürich
-*:[https://www.google.ch/maps/search/Credit+Suisse+Europaallee+1+8004+Zürich Arrival]
+*:[https://www.google.ch/maps/place/Kantonsschule+Hohe+Promenade+Gymnasium+Zürich/ Arrival]
+Exact location is the gallery of the "Mediothek" in the Kantonsschule Hohe Promenade. It's on the first floor next to the elevator.
 * Who:
@@ Line 45: / Line 46: @@
 * Agenda
 *:18:00 – 18:15 | Intro and Update on OWASP by Sven Vetsch, OWASP Switzerland [[Image:person.png|20px|link=User:Disenchant]]
-*:18:20 – 19:30 | XSS and beyond by René Freingruber, SEC Consult [[Image:person.png|20px|link=https://www.sec-consult.com/]]
+*:18:20 – 19:00 | (Client-Side) Flash Security by Stefan Horlacher [[Image:person.png|20px|link=]]
-*:20:00 – **:** | Dinner
+*:19:20 – **:** | Dinner
--->
 <!--Fore this year we are planning to serve you with six meetings. The first one will take place in February.<br>

Difference between revisions of "Switzerland"

Revision as of 06:31, 6 August 2014

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools