This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

File list

Jump to: navigation, search

This special page shows all uploaded files.

File list
Date Name Thumbnail Size Description Versions
13:59, 23 August 2017 20170816-Introducing the OWASP ModSecurity Core Rule Set 3-Christian Folini.pdf (file) 6.87 MB The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those s... 1
13:34, 16 July 2017 Crs3.png (file) 160 KB   1
03:01, 7 July 2017 Meetup-logo.png (file) 6 KB   1
04:50, 6 October 2016 20161004-Bug Bounty progams in Switzerland-Florian Badertscher.pdf (file) 1.37 MB For over a year now Swisscom runs its own Bug Bounty program and has chosen to follow a different approach than many of the other well-known programs. Learn what it takes to set up the program, keep it running in a highly diverse environment and deal w... 1
00:30, 29 June 2016 20160607-xssi-the tale of a fameless but widepsread vulnerability-Veit Hailperin.pdf (file) 2.01 MB "XSSI - The Tale of a Fameless but Widespread Vulnerability" by Veit Hailperin Two key components account for finding vulnerabilities of a certain class: awareness of the vulnerability and ease of finding the vulnerability. Cross-Site Script Inclusion... 1
01:49, 19 May 2016 Owasp switzerland next meeting.png (file) 10 KB   16
02:18, 15 January 2016 20151215-Reliable log data transfer-Pascal Buchbinder.pdf (file) 290 KB (about syslog, logstash and log data signing) Collecting and processing log data has never been so easy as it is today. However, there are still some implementation details to consider in order to ensure that you don't lose any data. Choosing the wrong... 1
02:16, 15 January 2016 20151215-Top X OAuth 2 Hacks-asanso.pdf (file) 9.46 MB The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity. As the web grows, more and... 1
06:12, 21 October 2015 20151014-Application Security Testing by Static Code Analysis-blitzfranklyn.pdf (file) 627 KB Application security is in the focus of attention in a world where digitization is becoming one of the key business success factor and where current breaches show that companies face serious threats from professional hackers. For security professionals... 1
13:19, 30 July 2015 Register button.png (file) 3 KB   1
13:10, 30 July 2015 Mailinglist button.png (file) 3 KB   1
13:10, 30 July 2015 Facebook button.png (file) 2 KB   1
13:10, 30 July 2015 Twitter button.png (file) 3 KB   2
05:55, 6 July 2015 Owasp switzerland register.png (file) 9 KB Chapter meeting register button. Used template from & addaptions made by 1
13:57, 1 July 2015 OWASP Switzerland Meeting 2015-06-17 XSLT SSRF ENG.pdf (file) 1.52 MB An XSLT processor is a piece of software for manipulating XML files or transforming them into other file formats. These XSLT processors are very feature rich, which makes them interessting in the context of information security. For example it is possi... 1
02:14, 27 April 2015 20150415-Android apps in sheeps clothing-Tobias Ospelt-modzero.pdf (file) 13.06 MB Android is the most widely used mobile operating system worldwide. The Android permission system is broken by design and probably the worst problem in the entire Android ecosystem. Additionally, Android is providing very risky and overly permissive fea... 1
04:14, 6 March 2015 20150218-Abusing JSONP with Rosetta (file) 2.93 MB Michele will present an exploitation technique that involves crafting charset-restricted Flash SWF files in order to abuse JSONP endpoints and allow Cross Site Request Forgery attacks against domains hosting JSONP endpoints, bypassing the Same Origin P... 1
08:16, 30 October 2014 Owasp switzerland geneva logo.png (file) 111 KB   1
04:20, 19 October 2014 Follow-us-on-twitter.png (file) 69 KB Same image as the last version. However, I am trying to fix a bug within chrome, by reuploading this image. (The image is shown in the latest Firefox but not in Chrome...) 2
04:19, 19 October 2014 Facebook-icon.png (file) 10 KB Same image as the last version. However, I am trying to fix a bug within chrome, by reuploading this image. (The image is shown in the latest Firefox but not in Chrome...) 4
04:16, 19 October 2014 Test-Schattenbaum.png (file) 10 KB   1
08:22, 2 September 2014 20140820-Flash Security by Arcus Security.pdf (file) 888 KB (Client-Side) Flash Security by Stefan Horlacher Flash has always been infamous for its security issues. Most of the time we hear about memory corruption vulnerabilities like buffer overflows and how clients are attacked. As such attacks are widely kno... 1
03:45, 27 June 2014 20140617-XSS and beyond-Rene.pdf (file) 3.14 MB   2
03:29, 29 May 2014 Location.png (file) 29 KB   2
12:52, 10 April 2014 20140409-SSL TLS jungle-Dobinrutis.pdf (file) 1.44 MB The protocols SSL and TLS are widely used to ensure confidentiality and integrity of data transmitted over insecure networks. As every implementation of crypto algorithms, they come in different versions, and can contain a multitude of errors, faults a... 1
03:56, 20 February 2014 20140219-SSDLC Ready for Clouds-Robert.pdf (file) 1.35 MB S-SDLC – Ready for Clouds? (by Robert Schneider, Swisscom IT Services AG ) Many companies have it (somehow) and numerous are planning to implement one – a Secure Software Development Life Cycle (S-SDLC). As Swisscom is building a new Cloud, the who... 1
12:41, 6 January 2014 20131022-advances in secure aspnet development-alexandre.pdf (file) 2.86 MB Agenda * Introduction to .NET * Configuration of (ASP).NET 4.5 * Key security points of application lifecycle ** Development ** Deployment ** Operations ** Third party component review 1
12:36, 6 January 2014 20110412-aspnet viewstate security-alexandre.pdf (file) 0 bytes Agenda * Headlines and ViewState Intro * ViewState Flaw * How to Protect ** Input Validation / Request Validation ** Output Encoding ** How to really avoid ViewSTat4e Tampering * Conclusion 1
18:19, 3 January 2014 20070212-xss worms-disenchant.pdf (file) 535 KB Table of Content * Basics on XSS * How XHRs work * Famous XSS-Worms * Anatomy of XSS-Worms * The full risk * Webbased Dynamic Botnets * Countermeasures 1
18:13, 3 January 2014 20131022-node security-disenchant.pdf (file) 3.34 MB * Using Node.js can be a good thing but you ** have to care about a lot of things ** know the modules you can use ** need to write a lot of code yourself until someone writes a module for it * We have to wait for (and help) improve modules that make No... 1
16:01, 3 January 2014 Person.png (file) 4 KB Source: 1
15:54, 3 January 2014 Slides.png (file) 3 KB Source: 1
15:46, 3 January 2014 Info.png (file) 19 KB   1
15:46, 3 January 2014 Email info.png (file) 19 KB   1