Welcome to the OWASP Norway Local Chapter
Welcome to the local Norway chapter homepage. The chapter leader is Kåre Presttun.
OWASP chapter meetings are free and open to anyone interested in application security. We encourage members to give presentations on specific topics and to contribute to the local chapter by sharing their knowledge with others. Prior to participating with OWASP please review the Chapter Rules.
To join the chapter mailing list, please visit our mailing list homepage. The list is used to discuss the meetings and to arrange meeting locations. You can also review the email archives to see what folks have been talking about. Please check the mailing list before coming to a meeting to confirm the location and time and to catch any last minute notes.
Forslagskasse for tema
Hvis du ikke er på e-postlista så meld deg på!
Generalforsamling: Torsdag 12. mai kl 17:00 - 17:15
- Godkjenning av innkalling
- Årsberetning 2010/2011
Medlemsmøte: Torsdag 12. mai kl 17:15 - 19:15
Ansvarlig: Kåre Presttun, tel: 4100 4908, Sponsor: mnemonic as , Adresse: Wergelandsveien 25
|17.15 - 18.00||The Image that called me - Security impact of Scalable Vector Graphics on the WWW - Mario Heiderich
Scalable Vector Graphics are about to conquer the web. Unlike most of their raster based companions from the GIF, PNG and JPEG family, their vector based structure allows to display them on many different devices with various screen sizes without losing visual information. The open XML based SVG sources permit addition of meta data, helping even the visually impaired and blind to get the most out of these images. Additional modules, such as animations, events, SVG fonts, several scripting APIs and inclusion of hyper-links, other images and documents and even arbitrary content from cross-domain sources make SVG the perfect image format for the future WWW.
Nevertheless, a powerful standard such as SVG certainly poses a lot of risks. This presentation provides a close look at SVG from a security perspective. How can attackers abuse this mighty image format, which ways exist to execute script code and worse, and what should web developers and browser vendors consider when dealing with SVG. How will HTML5 change the way to work with SVGs and why does it matter for security professionals to know about things like SVG Tiny, in-line SVG, SVGz and other acronyms from a world where imaging and scripting collide? Besides many examples of malicious SVGs the talk will shed light on a novel filtering tool capable of filtering and sanitizing SVG images without loss of important content.
|18.00 - 18.30||Mat|
|18.30 - 19.15||Locking the Throne Room - ECMA Script 5, a frozen DOM and the eradication of XSS - Mario Heiderich
Cross Site Scripting has been a topic in countless presentations over the last decade. That easy to grasp but hard to solve problem has been shaking the web and caused major trouble on hundreds to thousands of high traffic and commercial and well as governmental websites. Mitigation techniques have been developed and discussed in depth - starting with restrictive content filters, educational programs and trainings, programmer's best practices and guidelines, proxy filters and many more. Still XSS remains a major problem far from being solved. The multilayer model on which the web relies causes too much reciprocity to find an easy cure - and the DOM as the actually affected layer is still lying unprotected open for the attacker.
Speaker: Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany as well as Microsoft, Redmond and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft while finishing his PhD thesis. Mario invoked the HTML5 security cheat-sheet and maintains the PHPIDS filter rules. In his spare time he delivers trainings and security consultancy for larger German and international companies. He is also one of the co-authors of Web Application Obfuscation: '-/WAFs..Evasion..Filters//
Medlemsmøte tirsdag 22. mars kl 16:00 -->
Dette møtet er i samarbeid med Communities in Action 2011. OWASP Norway Chapter deltar sammen med javaBin, Kode kata, XP meetup, Framsia, Makers, Cocoaheads, NNUG og Oslo Lean Meetup. Dette er en spennende anledning til å mingle med andre "communities".
- 16:00 - 17:30 Enkel bevertning
- 17:30 - 19:30 Parallellsesjoner
- 20:00 - 21:00 Paneldebatt
- 21:00 --> Mingling i Skybar