Helsinki

Local News
Helsinki

Welcome to the OWASP Helsinki Chapter

The plan is to meet at least three to four times a year, each lasting 1,5-3 hours (more active "hands" means more meetings). This chapter is based in the capital area and therefore the meetings will be in or around Helsinki.

If you wish to present at one of the meetings or have any other inquiries, please contact the chapter leader.

Suomalaista sovellusturva-asiaa
Tietoa oppilaitoksille (Information for academic institutions)

Ohjeita turvallisen verkkomaksuintegraation toteuttamiseen

Chapter Meetings
Currently OWASP Helsinki is working on the following tasks:


 * Top 10 2007 Finnish aim to translate OWASP Top 10 list in Finnish

OWASP Helsinki Chapter Meeting #21: April 24 2013
'''Location: KPMG, Yrjönkatu 23 B, 6. floor'''

Time: 18:00-20:00

Agenda

18:00 Opening words /OWASP

18:10 Word from our sponsor

18:15 OWASP project news /Petteri Arola, OWASP

Newsflash of new and rebooted OWASP projects.

18:45 Utilizing VAHTI software development guide (VAHTI-sovelluskehitysohje) /Antti Alestalo, KPMG

VAHTI software development guide was published January 2013. Antti will talk about how to best utilize this new guide. Link to the guide: http://www.vm.fi/vm/fi/04_julkaisut_ja_asiakirjat/01_julkaisut/05_valtionhallinnon_tietoturvallisuus/20130207Sovell/VAHTI_1_Sovelluskehityksen_tietoturvaohje_NETTI.pdf

19:15 HTML5 & security /SC5

Developers point of view on HTML5 and security.

20:00 Official program ends and discussion continues over food & drinks at same location

Please register at Eventbrite

OWASP Helsinki Chapter Meeting #20: December 4 2012
Location: Nokia House, Keilalahdentie 4, Espoo

Time: 17:00-20:00

Agenda

17:00 Socializing time @ Nokia Lounge – Meet people & get to know your peer while having the opportunity to see Nokia product demos

18:00 Opening words /OWASP + HelsinkiJS

18:10 Word from our sponsor

18:20 Securing JavaScript based web apps /Erlend Oftedal

Single page web applications move much of the application logic to the client side. We now also see applications using JavaScript on the server side. How do we handle such applications from a security perspective? What problems are introduced and how do we handle them?

19:05 RESTful Security

Many applications rely on web services and ws-security for integration. But for more lightweight services with simpler protocols, REST is quickly gaining popularity. How do we secure REST services? What problems do we need to be aware of?

20:00 Official program ends and free debate continues at nearby location

CLOSED: Please register at Eventbrite

Please use the NORTH entrance when entering the Nokia campus

OWASP Helsinki Chapter Meeting #19: October 16 2012
Location: Fujitsu, Valimotie 16, Helsinki

Time: 18:00-20:00

Agenda

18:00 Opening words /Petteri Arola, chapter leader

18:10 Word from our sponsor /Fujitsu

18:25 Hybrid mobile application security and HTML5 with a focus on getUserMedia /Mikko Saario, Nokia

Both the mobile scene via “hybrid” apps and the so-called traditional web are evolving into the same direction – are the threats doing the same? Using mainly Windows Phone 7 (and some Qt) examples and demos, Mikko will take a look at the security aspects in mobile hybrid apps. The HTML5 demo will concentrate on some newly mainstreamed technologies such as getUserMedia.

19:10 Introduction to Oauth 2.0 + demo /Teemu Kääriäinen, Nixu

Teemu gives an introduction about Oauth 2.0 and takes a closer look at security aspects, implementation guidelines and compares Twitter, Facebook and Google implementations.

20:00 Official program ends and free debate continues at nearby location

Please register in Eventbrite http://www.eventbrite.com/event/4462882602

OWASP Helsinki Chapter Meeting #18: June 26 2012
Location: Kela, Nordenskjölkinkatu 12, Helsinki

Time: 17:30-20:00

Agenda

17:30 Opening words /Petteri Arola, chapter leader

17:45 Word from our sponsor /Kela

18:00 Helsinki Ruby Brigade intro

18:15 Ruby on Rails security - why could it fail

19:00 Panel discussion

19:45 Wrap-up

20:00 Discussion continues in a nearby pub Hadanka

Please register with petteri.arola(at)owasp.org

OWASP Helsinki Chapter Meeting #17: March 21 2012
'''Location: Marttakeskus, Malminrinne 1 B, 7. krs, Helsinki'''

Time: 17:30-19:30

Agenda

17:30 Coffee

17:40 Opening words /Petteri Arola, chapter leader

17:50 Web Application Access Control Design Excellence / Jim Manico, OWASP

Download the presentation from our file page:

19:30 Meeting ends and discussion continues over buffet and refreshments and there's a possibility to bath in sauna too

23:00 Event ends

Please register with enroll(at)nixu.com

Tietoturvapäivä Turku: February 7 2012
 Sovellusturvallisuus / Petteri Arola, OWASP

Download the presentation from our file page:

OWASP Helsinki Chapter Meeting #16: October 18 2011
Location: Hall TU2, Tuas house, Otaniementie 17, 02150, Espoo

Time: 17:00-19:30

Agenda

17:00 Coffee and lock picking

17:30 OWASP - What is it?

17:45 Introduction to OWASP projects - OWASP Top Ten, ASVS 	 - Testing guide - How OWASP relates to academic world

Download presentation from our file-page:

18:45 Break

19:00 Hacking demonstrations

19:30 - Discussion continues in a nearby public house

Please register with petteri.arola(at)owasp.org

OWASP Introduction to Turku AMK students: September 12th 2011
Introduction to Application security and OWASP / Petteri Arola, OWASP

OWASP top 10 and hacking demos / Pekka Sillanpää, OWASP

OWASP Helsinki Chapter Meeting #15: June 15 2011
Location: Itämerenkatu 11 - 13, Helsinki

Time: 17:30-19:30

Agenda 

17:30 Welcome, Petteri Arola, Chapter Leader

17:35 Word from our sponsor Nokia

17:45 HTML5 Security, Ville Säävuori, Syneus

18:30 Break

18:40 Mobile Application Security, Ari Kesäniemi and Juhani Mäkelä, Nixu

19.30 - Discussion continues in a nearby public house or terrace if it's sunny

Please register with mikko.saario(at)nokia.com

OWASP Helsinki Chapter Meeting #14: February 22 2011
Location: Nixu Oy, Keilaranta 15, Espoo

Time: 17:30-19:30

Agenda

17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader

17:35 Word from our sponsor Nixu Oy

17:45 OpenSAMM, Pravir Chandra /Fortify

18:30 Break

18:40 Threat modeling, Pravir Chandra /Fortify

19.30 - Sauna and refreshments from our sponsor

Please register with enroll(at)nixu.com

Download OpenSAMM presentation from opensamm.org

OWASP Helsinki Chapter Meeting #13: June 8 2010
Location: KPMG, Forum, Yrjönkatu 23 B 6th floor, Helsinki

Time: 17:00-19:30

Agenda

17:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader

17:05 Word from our sponsor KPMG 

17:15 Agile secure software development, Antti Vähä-Sipilä / Nokia Oyj http://www.owasp.org/images/c/c6/OWASP_AppSec_Research_2010_Agile_Prod_Sec_Mgmt_by_Vaha-Sipila.pdf

18:00 ASVS (OWASP Application Security Verification Standard), Pekka Sillanpää / Nixu Oy

18:45 ESAPI (OWASP Enterprise Security API) demo, Anssi Porttikivi / KPMG

Download presentation from our file-page:

19.30 - Discussion continues at some nearby establishment

Please register with anssi.porttikivi(at)kpmg.fi

OWASP Goes! Locksport: April 20 2010
Location: Nsense Oy, Ahventie 4, Espoo

Time: 17:30-20:30

Agenda

17:30 Welcome Petteri Arola, OWASP Helsinki Chapter Leader

17:35 Word from our sponsor Nsense Oy

17:45 Introduction to Locksport (presentation in Finnish)

19:00 - Sauna and refreshments from our sponsor

Please register with ilmoittautumiset##nsense.fi 

OWASP Helsinki Chapter Meeting #12: March 30 2010
Location: Helsingin Energia, Sähkötalo, Runeberginkatu 1, Helsinki

Time: 18:00-20:00

Agenda

18:00 Welcome Petteri Arola, OWASP Helsinki Chapter Leader

Download presentation from our file-page:

18:05 Word from our sponsor Helsingin Energia 

18:15 3 different views on information security and social media applications

- information security in social media API’s, Antti Nuopponen/Nixu Oy

Download presentation from our file-page:

- Facebook apps, Markus Törnqvist/Fad Consulting

Download presentation from our file-page:

- Payment API’s, Tuomas Toivonen/Scred

Download presentation from our file-page:

20.00 - Discussion continues at nearby establishment Bruuveri

Please register with antti##owasp.org

OWASP Helsinki Chapter Meeting #11: November 17 2009
Location: Nsense Oy, Ahventie 4, Espoo

Time: 18:00-20:30

Schedule

18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader

18:05 Word from our sponsor Nsense Oy

18:15 Manual vs. Automated Code Analysis, Ari Kesäniemi, Senior Consultant, Nixu

Download presentation from our file-page:

19.00- Sauna and refreshments from our sponsor

Please register with ilmoittautumiset##nsense.fi

OWASP Helsinki Chapter Meeting #10: October 20 2009
Location: Tieto Oy, Ratamestarinkatu 7B, Helsinki

Time: 18:00-19:40

Schedule

18:00 Welcome Antti Laulajainen, OWASP Helsinki Chapter Leader

18:00 Word from our sponsor Tieto Oy

18:10 Distributed Services Security, Anton Panhelainen, Tieto Oy

Download presentation from our file-page:

18:40 Public Web Services Interface and Security, Pyry Heikkinen, Finnish Customs

19:40 Closure and move to Vltava

20:00 or so


 * Enjoy Helsinki Vltava watering hole at own risk &amp; cost near Helsinki Railway station

Please register with Pauli Kauppila pauli.kauppila##tieto.com or Mobile +358 400 870 324

OWASP Helsinki Chapter Meeting #9: May 12 2009
Location: Louhi Networks Oy, Itälahdenkatu 22 A, Helsinki

Time: 17:30-19:00

Schedule

17:30 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader

17:45 Word from our sponsor Louhi Networks

18:00 Panel discussion about application scanners


 * Panel members includes representatives for Nixu Oy, KPMG Oy and Louhi Networks Oy

19:00 or so


 * Enjoy local establishments at own risk &amp; cost at Bar 52 near meeting location

Please register with Henri Lindberg henri.lindberg##louhi.fi

OWASP OWASP Goes! Viestimuseo: March 29 2009
'''Location: Varuskunta, Takakasarmi, Viestimuseontie rak. 64, 11311 Riihimäki '''

Time: 13:00-15:00

Viestimuseossa Riihimäellä, http://www.viestikiltojenliitto.fi/viestimuseo/ on maaliskuun loppuun WWII radiotiedustelua esittelevä erikoisnäyttely, josta voi löytyä ammennettavaa myös tämän päivän tietoturvatekniikoiden parissa työskenteleville. Koska OWASP:in tiimoilta löytyi kiinnostusta lähteä tutustumaan ko. näyttelyyn, museolle on varattu opastettu kierros maaliskuun viimeiselle sunnuntaille su 29.3.2009 klo 13:00 eli kokoontuminen museolla ko. aikaan.

Museo ja näyttely ovat auki myös muina aikoina, joten jos tämä aika ei käy, paikalla voi toki käydä muulloinkin.

Tarkemmat ajo-ohjeet ja yhteystiedot löytyvät museon kotisivuilta, http://www.viestikiltojenliitto.fi/viestimuseo/yhteystiedot.html

Museo sijaitsee Viestirykmentin vieressä, mutta varsinaisen varuskunta-alueen ulkopuolella, joten museokäynti ei vaadi kulkulupia alueelle.

Paikalle innostuvat hoitavat oman logistiikkaratkaisunsa &amp; sisäänpääsymaksunsa.

Lisätietoja tarvittaessa timo.merilainen (ät) iki.fi

OWASP Helsinki Chapter Meeting #8: March 12 2009
Location: Samlink, Linnoitustie 9, Espoo (Leppävaara)

Time: 17:00-19:00

Schedule

17:00 OWASP latest activities Antti Laulajainen, OWASP Helsinki Chapter Leader

17:15 Introduction to Samlink, Jari Pirhonen, security director, Samlink

17:30 Methodology owner’s point of view: Information security as part of software development methodology, Topi Mattila, methodology manager, Samlink

18:15 Presentation from Finnish Tax Administration", Petri Puhakainen, security director, Finnish Tax Administration

19:00 or so


 * Enjoy local establishments at own risk &amp; cost at Sello

Please register with Jari Pirhonen jari.pirhonen##samlink.fi

OWASP Introduction to startup firms: Thursday January 15th 2009
Location: Ravintola Korjaamo, Töölönkatu 51, 00250 Helsinki

Time: 18:00-20:00

Schedule

18:00 Introduction to OWASP by Henri Lindberg, OWASP Helsinki Active Visitor


 * What OWASP is
 * Examples of useful Tools and Documents
 * OWASP in Finland

Presentation:

(Antti Laulajainen, OWASP Helsinki Chapter Leader was originally supposed to introduce OWASP)

18:15 Implementing application security in a Finnish startup by Henri Lindberg, Scred


 * Henri Lindberg from Scred shares experiences and lessons learned
 * How to make your web application more secure with minimal budget

Presentation:

18:30 or so


 * Enjoy local establishments at own risk &amp; cost

OWASP Helsinki Meeting #7: Tuesday November 11th 2008
Location: Nokia Ruoholahti, Itämerenkatu 11-13, 00180 Helsinki

Time: 17:00-18:30

Schedule

17:00 Welcome by Antti Laulajainen, OWASP Chapter Leader


 * Current state and progress of OWASP Top 10 Finnish translation

17:20 Antti Vähä-Sipilä, Nokia: SAFECode


 * Introduction and overview of SAFECode (The Software Assurance Forum for Excellence in Code)
 * SAFECode publications

17:40 Juhani Eronen, CERT-FI: Lifecycle of a security vulnerability


 * Microsoft MS08-067 (Vulnerability in Server Service Could Allow Remote Code Execution), its history (MS06-040) and exploitation.

Discussion

18:30 or so


 * Enjoy local establishments at own risk &amp; cost [cerveza, aqua con gas, etc]

'''PLEASE REGISTER WITH: mikko. saario at nokia. com (we have reserved snacks for 25 people)'''

OWASP Helsinki Web Hacking Workshop, Tuesday September 10th 2008
'''Location: Teleware / KPMG, Laajalahdentie 23, 6. floor, reception at the ground floor, 00330 Helsinki'''

Time: 18.00 - 20.00

Schedule

'''18.00 Welcome and recent activities. Antti Laulajainen '''

18.05 Web Hacking Workshop, Anssi Porttikivi, Senior ICT Advisor KPMG/Teleware


 * KPMG Oy IT Security Advisory marketing presentation 15 min
 * Web hacking exercises and demonstrations in a laboratory class (using WebGoat and WebScarab tools)

'''Snacks available. Send your reservations to Anssi's mail address, anssi.porttikivi@kpmg.fi. Room for 20 participants.'''

'''Note! Be in time, because the reception closes at 18.'''

OWASP Goes! CERT-FI, Thursday, June 12th 2008
Location: Viestintävirasto, Itämerenkatu 3 A, 00180 Helsinki and One Pint Pub Santakatu 2, 00180 Helsinki

Time: 16.00 - 20.00

Schedule

'''16.00 Welcome and recent activities. Antti Laulajainen '''

'''16.10 Introduction of CERT-FI. Juhani Eronen, Information Security Adviser, CERT-FI'''

'''16.30 Vulnerability coordination. Juhani Eronen'''


 * CERT-FI as a vulnerability coordinator
 * Coordination examples

18.00 Possibility to continue the evening at the One Pint Pub


 * If someone fancies a (self-financed) beer

'''Viestintävirasto asks those who wish to participate to the meeting to register in advance. For registrations please contact CERT-FI Unit Secretary Virpi Hienonen (virpi.hienonen(at)ficora.fi). The deadline is June 6, 2008.'''

OWASP Helsinki Chapter meeting/Get Together #6 Tuesday, May 13th 2008
Thank you for attending.

You can download the presentation herehttps://www.owasp.org/images/7/70/OWASP_HelsinkiChapter_130508.pdf

Coverage of the event in local news (Finnish only) http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20080514#w2008051411524012715

Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki and Ravintola Kaisla, Vilhonkatu 4, 00100 Helsinki

Time: 16.00 - 20.00

Welcome to spring meeting 2008.

Schedule

'''16.00 - 16.10 OWASP update. Antti Laulajainen'''

16.10-17.00 Notes From The field, OWASP tools and usage experiences, Jarkko Holappa &amp; Antti Laulajainen

17.30 - 20.00 Drinks at Ravintola Kaisla (Bring Your Own Wallet)

Hope to see as many of you as possible!

OWASP Helsinki Chapter meeting #5 Tuesday, March 11th 2008
Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.

Time: 18.30 - 20.30

Welcome to first meeting of 2008. OWASP Helsinki resumes activities after winter break.

We are pleased to have as a speaker Technology Manager of Nokia Product Security, Alexandr Seleznyov. His topic will be current state of application security.

Schedule

'''18.30 - 18.40 OWASP update. Antti Laulajainen'''

'''18.40 - 20.30 Current State of Application Security. Alexandr Seleznyov'''

Hope to see as many of you as possible!

OWASP Helsinki &amp; RWSUG Seminar Tuesday, January 29th 2008
Location: IBM, Laajalahdentie 23, 00330 Helsinki. Time: 11.15 - 19.00

OWASP Helsinki and Rational and Websphere User Group Finland RWSUG are aiming to co-operate to raise application security awareness. OWASP Helsinki will have a presentation in RWSUG agility seminar. More information from http://www.rwsug.fi/default.asp?path=1,39,385

You can download the presentation here https://www.owasp.org/images/c/cd/RWSUG5_Agile_Security_Management.pdf

See program below. Most of it is Finnish only


 * 11.15 Ilmoittautuminen alkaa
 * 11.15-12.00 Buffet-lounas
 * 12.00-12.10 Tilaisuuden avaus Jussi Jutila, Puheenjohtaja, RWSUG ry

KEYNOTE


 * 12.10-13.30 Scaling Agile Software Development: Strategies for Applying Agile in Complex Situations Scott W. Ambler, Practice Leader Agile Development, IBM Canada
 * 13.30-13.45 Kahvitauko
 * 13.45-15.30 SOA liiketoiminnan näkökulmasta ja SOA toteutuksen näkökulmasta kansainvälisessa hankkeessa Kari Laine, IT Architect, IF ja Jarmo Laine, Senior Software Architect,Primasoft
 * 15.30-15.45 Tauko
 * 15.45-16.30 Ketterä tietoturvan hallinta ohjelmistotuotannossa Reijo Savola, VTT
 * 16.30-17.15 Jazz Update IBM
 * 17.15-19.00 Iltapalaa ja verkostoitumista IBM Forumissa

OWASP Helsinki Introduction to ISACA Finland Thursday January 24th 2008
OWASP Helsinki participated in ISACA Finland meeting to raise application security awareness among system auditors and inspectors. A presentation was held that introduced basic web techniques, some security issues, OWASP in general, OWASP projects and OWASP Helsinki chapter. You can download the presentation here: https://www.owasp.org/images/e/e4/OWASP_ISACA_20080124.pdf (Finnish Only)

OWASP Helsinki meeting #4 Fall 2007 with Mark Curphey, Tuesday, October 2 2007
Location: Ixonos, Hitsaajankatu 20, 00810 Helsinki.

Thank you for all participants and Mark from great presentation.

Coverage of the meeting in the local news (in Finnish): http://mikropc.net/uutiset/index.jsp?categoryId=atk&amp;day=20071003#w2007100315112711629

We are delighted to have Mark Curphey - the OWASP founder and new head of Microsoft's ACE (Application Consulting &amp; Engineering) team in Europe - to visit Finland and discuss web app security with us. Hopefully as many as of you possible can participate!

'''18:30 Welcome and recent Helsinki chapter activities. Antti Laulajainen'''

'''18:40 Naked Software Security. Mark Curphey'''


 * Commentary on how to build secure software
 * Thoughts on the industry

WELCOME!

OWASP Helsinki meeting #3 Summer 2007: "SOA, Web Services &amp; XML Security", Tuesday, June 5th 2007
Date: June 5th

Location: Smilehouse, Itälahdenkatu 22A (Stonesoft building), Lauttasaari.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/tietoturva_docview.jsp?f_id=1186167

'''19:00 Welcome &amp; quick recap of recent OWASP activity and the Spring conference. Mikko Saario.'''

19:15 Gunnar Peterson, CTO Arctec Group and project lead for the OWASP "XML Security Gateway Evaluation Criteria".

Gunnar will be visiting Finland to provide training via Tietoturva ry on this subject. Topics to be covered:


 * XML Security Gateways
 * Message level threats and security countermeasures in Web services
 * OWASP XML Security Gateway Evaluation Criteria Project

'''20:15 "Real-life usage of OWASP tools". Alexandr Seleznyov, Nokia Product Security.'''

(There is a chance Alex cannot make it. In that case we will discuss SOA stuff in more detail or just head off to bar earlier.)

20:45 Enter Bar 52... --&gt; Enjoy (sponsored) beverages.

OWASP Helsinki meeting #2 Winter 2007, Web Application Firewalls, Thursday, February 22 2007
Thank you for the 29 participants, the speakers and the host - Nixu - for making this event happen!

Location: Nixu, Mäkelänkatu 91, 00601 Helsinki.

What are Web Application Firewalls (WAF), how do they work, what do they do and what don't they do. Discussion and sharing of experiences of various technologies and products.

'''18.30 Welcome. Mikko Saario, Chapter Leader.'''

Today's topic and agenda in short.

'''18.35 "Web Application Firewalls Technical Analysis". Joakim Sandström, CTO nSense.'''

http://www.owasp.org/images/6/6a/Owasp_waf_joakim.pdf

- Technology

- Blacklisting &amp; Whitelisting

- mod_security features

- Do's and Don'ts

'''19.30 "The Core Rule Sets". Ofer Shezaf, CTO Breach Security.'''

http://www.owasp.org/images/f/f4/The_Core_Rule_Set_-_Ofer.pdf

- WAF deployment and protection strategies

- Detection of generic web layer attacks

- Virtual patching

OWASP Helsinki meeting #1, Tuesday, Dec 12 2006 at Ernst &amp; Young
The Helsinki chapter had the first meeting at Ernst &amp; Young office in Elielinaukio 5 B. The agenda and the presentations for the meeting are below. We had a good turnout: 22 people were present i.e. all seats were taken - we were very happy to see all these people to be interested in application security issues.

Coverage of the meeting in the local news (in Finnish): http://www.tietoviikko.fi/doc.do?f_id=1083463

'''18:30 Welcome. What is OWASP and why OWASP Helsinki?'''

Mikko Saario made a short presentation about OWASP and the objective for the local Helsinki chapter.

19:00 Analyzing Threats (Olli Wiren; olli [at] juurihoito.org)

Olli Wiren discussed application related threats and corresponding security issues.

http://www.owasp.org/images/7/7c/Owasp-olli.pdf

19:45 Open discussion regarding OWASP Helsinki; what is expected or wished; how to go ahead and so forth.

There was a lively discussion regarding what type of activities should be arranged in the future. More details will follow...

Helsinki OWASP Chapter Leaders
The chapter leader is [mailto:Petteri.arola@owasp.org Petteri Arola]

The chapter board members are [mailto:antti.laulajainen@owasp.org Antti Laulajainen], [mailto:timo@owasp.org Timo Merilainen], [mailto:mikko.saario@owasp.org Mikko Saario], and [mailto:pekka.sillanpaa@owasp.org Pekka Sillanpaa]. The Deputy members are [mailto:henri.lindberg@owasp.org Henri Lindberg] and [mailto:anssi.porttikivi@owasp.org Anssi Porttikivi]