This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Switzerland"

From OWASP
Jump to: navigation, search
(Past Meetings: Added the missing slides and hid the past meeting on the Next Meeting page)
(Next Meetings: Added meeting infos)
Line 14: Line 14:
  
 
= Next Meetings  =
 
= Next Meetings  =
<!--We'd like to invite you to out next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event with your *full name* through register. Space is limited to 50 attendees.
+
We'd like to invite you to our next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event with your *full name* through register. Space is limited to 30 attendees.
  
[[Image:Register_button.png|62px|link=http://doodle.com/poll/r6hsx7bgmy9vun59]]
+
[[Image:Register_button.png|62px|link=http://doodle.com/poll/7qh388sgvhczbqrv]]
  
* When: Tuesday, December 15th 2015
+
* When: Tuesday, June 7th 2015
*:17:00         | Doors will open
+
*:17:30         | Doors will open
*:17:30 17:45 | Update on OWASP
+
*:18:00 18:15 | Update on OWASP
*:17:50 – 19:00 | Talks
+
*:18:20 – 19:00 | Talk
 
*:19:15 – **:** | Dinner
 
*:19:15 – **:** | Dinner
  
[[File:owasp_switzerland_next_meeting.png|150px|right|OWASP Switzerland Next Meeting]]
+
<!--[[File:owasp_switzerland_next_meeting.png|150px|right|OWASP Switzerland Next Meeting]]-->
* What "Top X OAuth 2 Hacks" by Antonio Sanso (Adobe):
+
* What: "The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin (Scip):
*:The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity.
+
*:Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no publicly available tool to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk I am going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI exploitation.
*:As the web grows, more and more sites rely on distributed services and cloud computing or a third-party application utilizing APIs from multiple services.
 
*:OAuth 2 is widely used from major internet players (as Google, Facebook, Twitter) in order to secure their (also REST) APIs.
 
*:This talk will introduce the OAuth 2 framework and it will show security pitfalls and common implementation mistakes.
 
  
*What "Reliable log data transfer: about syslog, logstash and log data signing” by Pascal Buchbinder: 
+
* Where: [[Image:location.png|20px|link=https://goo.gl/maps/d3eqUeT3zQ12]]
*:Collecting and processing log data has never been so easy as it is today. However, there are still some implementation details to consider in order to ensure that you don't lose any data. Choosing the wrong approach might cause loss of data just in the moment when you need the data most. This short field report shows you the implementation using either rsyslog or logstash for the transport and also shows how log message signatures ensure that detect if anything get lost.
+
*:Swisscom
 
+
*:Pfingstweidstrasse 51
* Where: [[Image:location.png|20px|link=https://goo.gl/maps/mMlSy]]
+
*:8005 Zürich
*:Liip AG
 
*:Limmatstrasse 183
 
*:8005 Zurich
 
  
 
* Who:
 
* Who:
 
*:As usual, all of our meetings are open to everyone and free of charge.
 
*:As usual, all of our meetings are open to everyone and free of charge.
 
----
 
----
Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
+
<!--Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
  
 
{| class="wikitable sortable" border="0"
 
{| class="wikitable sortable" border="0"
Line 63: Line 57:
 
|}
 
|}
 
-->
 
-->
 +
<!--
 
There are no planned meetings for 2016 yet. Keep yourself informed and up-to-date by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist].
 
There are no planned meetings for 2016 yet. Keep yourself informed and up-to-date by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist].
 +
-->
  
 
= Past Meetings  =
 
= Past Meetings  =

Revision as of 07:49, 19 May 2016


OWASP Switzerland Chapter Logo

Welcome to the Home Page of the OWASP Switzerland Chapter.

  • The chapter leader is Sven Vetsch supported by Antonio Fontes. Please contact us with any questions regarding the chapter.
  • Please subscribe to the mailing list for meeting announcements and other news related to OWASP in Switzerland.
  • You can follow us on Twitter and Facebook


If you're living in the French speaking part of Switzerland, please also visit the OWASP Geneva chapter for more information.

We'd like to invite you to our next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event with your *full name* through register. Space is limited to 30 attendees.

Register button.png

  • When: Tuesday, June 7th 2015
    17:30 | Doors will open
    18:00 – 18:15 | Update on OWASP
    18:20 – 19:00 | Talk
    19:15 – **:** | Dinner
  • What: "The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin (Scip):
    Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion (XSSI) vulnerabilities are not mentioned in the de facto standard for public attention - the OWASP Top 10. Additionally there is no publicly available tool to facilitate finding XSSI. The impact reaches from leaking personal information stored, circumvention of token-based protection to complete compromise of accounts. XSSI vulnerabilities are fairly wide spread and the lack of detection increases the risk of each XSSI. In this talk I am going to demonstrate how to find XSSI, exploit XSSI and also how to protect against XSSI exploitation.
  • Where: Location.png
    Swisscom
    Pfingstweidstrasse 51
    8005 Zürich
  • Who:
    As usual, all of our meetings are open to everyone and free of charge.

Date Info Speaker Host Slides Event Topic
2015-12-15
Info.png
Person.png
Person.png
Location.png
Slides.png
Slides.png
Chapter Meeting Top X OAuth 2 Hacks
Reliable log data transfer: about syslog, logstash and log data signing
2015-10-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Application Security Testing by Static Code Analysis
2015-08-19
Info.png
Person.pngPerson.pngPerson.pngPerson.png
Location.png
Chapter Meeting BarCamp
2015-06-17
Info.png
Person.pngPerson.png
Location.png
Slides.png
Chapter Meeting XSLT Processing Security and Server Side Request Forgeries
2015-04-15
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Android apps in sheep's clothing
2015-02-18
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Abusing JSONP with Rosetta Flash
2014-12-10
Info.png
Person.png
Location.png
Chapter Meeting OWASP Switzerland Fondue
2014-11-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Living on the Edge - Advanced ModSecurity to Save Your Ass
2014-08-20
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting (Client-Side) Flash Security
2014-06-17
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting XSS and beyond
2014-04-09
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting SSL/TLS jungle - bringing light into the cipher forest
2014-02-19
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting S-SDLC – Ready for the Cloud?
2013-12-17
Info.png
Person.png
Location.png
Chapter Meeting Annual Review & Outlook
2013-10-22
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Advances in secure (ASP).NET development – Break the hacker's spirit
2013-10-22
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Node.js Security
2013-04-09
Info.png
Person.png
Location.png
Chapter Meeting Tools (not) to use
2012-09-19
Person.png
Location.png
Slides.png
Security-Zone OWASP Top 10 Mobile Risks
2012-06-12
Info.png
Person.png
Location.png
Chapter Meeting Reversing Android Apps
2012-02-14
Info.png
Person.png
Location.png
Chapter Meeting Analysis of the RSA Security Breach
2011-12-13
Info.png
Person.png
Location.png
Chapter Meeting AppSec - Why is it important
2011-12-13
Info.png
Person.pngPerson.png
Location.png
Chapter Meeting Dangers of Firefox Add-On's
2011-10-11
Info.png
Person.png
Location.png
Chapter Meeting Presentation of the OWASP Top 10 & a hands-on session
2011-08-09
Info.png
Person.png
Location.png
Chapter Meeting Foundation of OWASP Switzerland Association
2011-06-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Automatic CRL updates for the Apache Web server
2011-06-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting New Standards and upcoming Technologies in Browser Security (Slides by Tobias Gondrom)
2011-05-12
Person.png
Location.png
Slides.png
Swiss Cyber Storm III Do you know OWASP?
2011-04-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting ASP.NET & ViewState Security
2010-04-12
Info.png
Person.png
Location.png
Chapter Meeting Usability vs. Security
2010-04-12
Info.png
Person.png
Location.png
Chapter Meeting 2-factor authentication for mobile devices: a secure and practical approach
2009-06-25
Info.png
Jerry HoffJason Li
Location.png
Chapter Meeting Benefits of a security API such as ESAPI
2009-06-25
Info.png
Person.png
Location.png
Chapter Meeting Advanced SQL injection exploitation to operating system full control
2009-04-07
Info.png
Person.png
Location.png
Chapter Meeting Open security architecture (www.opensecurityarchitecture.org)
2009-04-07
Info.png
Person.png
Location.png
Chapter Meeting XSRF and JSON hijacking & a hands-on session
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting Quality of services for web applications (Hands-On Workshop)
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting XML Security (Hands-On Workshop)
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting ISC2/Application security
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week Taking Apache access logs to the next level
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week Implementing an Application Security Lifecycle programme
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week WebAppSec the Big Picture
2007-12-11
Info.png
Person.png
Location.png
Chapter Meeting Certified Secure Web
2007-12-11
Info.png
Person.png
Location.png
Chapter Meeting Secure Development Life Cycle
2007-12-11
Info.png
Daniel Hulliger
Location.png
Chapter Meeting Securing my Assets (Presentation & Demo)
2007-09-20
Info.png
Person.png
Location.png
Security-Zone OWASP Testing Guide
2007-09-19
Info.png
Person.png
Location.png
Security-Zone OWASP Top 10
2007-07-24
Info.png
Person.png
Location.png
Chapter Meeting OWASP - An Overview
2007-07-24
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Dependability for Java Mobile Code
2007-07-24
Info.png
Person.pngPerson.png
Location.png
Chapter Meeting OWASP Top 10 (Demo)
2007-04-26
Info.png
Person.png
Location.png
Chapter Meeting Risk metrics
2007-02-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting XSS-Worms
2006-11-11
Person.png
Chapter Meeting OWASP Switzerland Chapter Kick-Off Meeting

OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.


Our main topics are:

  • Security testing
  • Secure development
  • Hacking
  • Secure Architectures


If you would like to give a presentation (make sure that you have read and understood the speaker agreement), or have any questions about the OWASP Switzerland Chapter, send an email to Sven Vetsch.

Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact Sven Vetsch to talk about the following sponsoring possibilities.

  • Chapter Supporter
  • Single Meeting Supporter
  • Facility Sponsor
  • Organization Supporters (allocating 40% of your annual donation to our Chapter)

Here you can find material related to the OWASP Switzerland Chapter.

OWASP Switzerland bylaws (in German)
Download bylaws

OWASP Switzerland Update Presentation (December 13th 2011)
Download Presentation

<paypal>Switzerland</paypal>

Mailinglist button.png Twitter button.png Facebook button.png