Switzerland

= Welcome =



Welcome to the Home Page of the OWASP Switzerland Chapter.


 * The chapter leader is [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] supported by the members of the board [mailto:antonio.fontes__AT__owasp.org Antonio Fontes] and [mailto:alexis.fitzgerald__AT__owasp.org Alexis FitzGerald]. Please contact us with any questions about the chapter.
 * Please subscribe to the mailing list for meeting announcements and other news related to OWASP in Switzerland.
 * You can follow us on Twitter and Facebook

If you're living in the French speaking part of Switzerland, please also visit the OWASP Geneva chapter for more information.

= Next Meetings = Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
 * Tuesday, June 17th 2014
 * Wednesday, August 20th 2014
 * Tuesday, October 21th 2014
 * Wednesday, December 10th 2014

Tuesday, June 17th 2014 We'd like to invite you to the third of six OWASP Switzerland meetings in 2014. Please make sure to register for the event.
 * When:
 * Tuesday, June 17th 2014
 * Starting at 18:00
 * Doors at 17:30


 * What:
 * XSS and beyond (René Freingruber, SEC Consult [[Image:person.png|20px|link=https://www.sec-consult.com/]])
 * Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it’s possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it’s possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn’t crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.


 * Where:
 * Credit Suisse
 * Europaallee 1
 * 8004 Zürich
 * Arrival


 * Who:
 * As usual, all of our meetings are open to everyone and free of charge.


 * Agenda
 * 18:00 – 18:15 | Intro and Update on OWASP by Sven Vetsch, OWASP Switzerland [[Image:person.png|20px|link=User:Disenchant]]
 * 18:20 – 19:30 | XSS and beyond by René Freingruber, SEC Consult [[Image:person.png|20px|link=https://www.sec-consult.com/]]
 * 20:00 – **:** | Dinner

= Past Meetings =

= Participation =

OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.

Our main topics are:


 * Security testing
 * Secure development
 * Hacking
 * Secure Architectures

If you would like to give a presentation (make sure that you have read and understood the speaker agreement), or have any questions about the OWASP Switzerland Chapter, send an email to [mailto:sven.vetsch__AT__disenchant.ch Sven Vetsch].

= Sponsoring =

Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] to talk about the following sponsoring possibilities.


 * Chapter Supporter
 * Single Meeting Supporter
 * Facility Sponsor
 * Organization Supporters (allocating 40% of your annual donation to our Chapter)

= Chapter Material =

Here you can find material related to the OWASP Switzerland Chapter.

OWASP Switzerland bylaws (in German) [[Media:Bylaws owasp switzerland.pdf|Download bylaws]]

OWASP Switzerland Update Presentation (December 13th 2011) [[Media:Owasp_update_presentation.pdf|Download Presentation]]

Switzerland