Difference between revisions of "Switzerland"

From OWASP
Jump to: navigation, search
(Past Meetings: Changed the template to sortable table layout)
m (Next Meetings: Updated the information about the upcoming meeting.)
(37 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
= Welcome =
 
= Welcome =
  
[[File:owasp_switzerland_logo.png|180px|thumb|right]]
+
[[File:owasp_switzerland_logo.png|150px|right|OWASP Switzerland Chapter Logo]]
  
 
Welcome to the Home Page of the OWASP Switzerland Chapter.  
 
Welcome to the Home Page of the OWASP Switzerland Chapter.  
Line 9: Line 9:
 
*The chapter leader is [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] supported by the members of the board [mailto:antonio.fontes__AT__owasp.org Antonio Fontes] and [mailto:alexis.fitzgerald__AT__owasp.org Alexis FitzGerald]. Please contact us with any questions about the chapter.  
 
*The chapter leader is [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] supported by the members of the board [mailto:antonio.fontes__AT__owasp.org Antonio Fontes] and [mailto:alexis.fitzgerald__AT__owasp.org Alexis FitzGerald]. Please contact us with any questions about the chapter.  
 
*Please subscribe to the [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailing list] for meeting announcements and other news related to OWASP in Switzerland.  
 
*Please subscribe to the [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailing list] for meeting announcements and other news related to OWASP in Switzerland.  
*You can follow us on Twitter as [https://twitter.com/owasp_ch @OWASP_ch]
+
*You can follow us on [https://twitter.com/owasp_ch Twitter] and [https://www.facebook.com/OWASPSwitzerland Facebook]
  
 
<br> If you're living in the French speaking part of Switzerland, please also visit the '''[[Geneva|OWASP Geneva chapter]]''' for more information.  
 
<br> If you're living in the French speaking part of Switzerland, please also visit the '''[[Geneva|OWASP Geneva chapter]]''' for more information.  
  
 
= Next Meetings  =
 
= Next Meetings  =
 +
Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
 +
* '''Tuesday, June 17th 2014'''
 +
* Wednesday, August 20th 2014
 +
* Tuesday, October 21th 2014
 +
* Wednesday, December 10th 2014
  
Fore this year we are planning to serve you with six meetings. The first one will take place in February.<br>
+
<br>
Keep yourself informed and up-to-date by using one of the possibilities listed below.
+
----
 +
<br>
 +
'''Tuesday, June 17th 2014'''<br>
 +
We'd like to invite you to the third of six OWASP Switzerland meetings in 2014. Please make sure to [http://doodle.com/f4affysew6upxa8c register] for the event.
 +
* When:
 +
*:Tuesday, June 17th 2014
 +
*:Starting at 18:00
 +
*:Doors at 17:30
  
 +
* What:
 +
*:'''XSS and beyond''' (''René Freingruber, SEC Consult [[Image:person.png|20px|link=https://www.sec-consult.com/]]'')
 +
*:Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it’s possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it’s possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn’t crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.
 +
 +
* Where:
 +
*:Credit Suisse
 +
*:Europaallee 1
 +
*:8004 Zürich
 +
*:[https://www.google.ch/maps/search/Credit+Suisse+Europaallee+1+8004+Zürich Arrival]
 +
 +
* Who:
 +
*:As usual, all of our meetings are open to everyone and free of charge.
 +
 +
* Agenda
 +
*:18:00 – 18:15 | Intro and Update on OWASP by Sven Vetsch, OWASP Switzerland [[Image:person.png|20px|link=User:Disenchant]]
 +
*:18:20 – 19:30 | XSS and beyond by René Freingruber, SEC Consult [[Image:person.png|20px|link=https://www.sec-consult.com/]]
 +
*:20:00 – **:** | Dinner
 +
 +
<!--Fore this year we are planning to serve you with six meetings. The first one will take place in February.<br>
 +
Keep yourself informed and up-to-date by using one of the possibilities listed below. -->
 
<!-- There are no planned meetings for 2015 yet. Keep yourself informed and up-to-date by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist]. -->
 
<!-- There are no planned meetings for 2015 yet. Keep yourself informed and up-to-date by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist]. -->
  
<br>
 
  
 
= Past Meetings  =
 
= Past Meetings  =
Line 28: Line 59:
  
 
|-
 
|-
| 17 December 2014
+
| 2013-12-17
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-October/000258.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-October/000258.html]]</center>
| [[Image:person.png|20px|link=User:USERNAME]]
+
| <center>[[Image:person.png|20px|link=User:USERNAME]]</center>
| [[Image:slides.png|20px|link=File:FILENAME.pdf]]
+
| <center>[[Image:location.png|20px|link=http://www.owasp.ch]]</center>
| Local Chapter Meeting (or as an example: Area41)
+
| <center>[[Image:slides.png|20px|link=File:FILENAME.pdf]]</center>
 +
| Chapter Meeting (or as an example: Area41)
 
| Node security
 
| Node security
  
Line 43: Line 75:
 
! scope="col" class="unsortable" | Info
 
! scope="col" class="unsortable" | Info
 
! scope="col" class="unsortable" | Speaker
 
! scope="col" class="unsortable" | Speaker
! scope="col" class="unsortable" | Slides
+
! scope="col" class="unsortable" | Host
 +
! scope="col" | Slides
 
! scope="col" | Event
 
! scope="col" | Event
 
! scope="col" | Topic
 
! scope="col" | Topic
 
|-
 
|-
| 17 December 2013
+
| 2014-04-09
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-December/000262.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2014-April/000271.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://twitter.com/dobinrutis]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.ubs.com/ch/]]</center>
 +
| <center>[[Image:slides.png|20px|link=File:20140409-SSL_TLS_jungle-Dobinrutis.pdf]]</center>
 +
| Chapter Meeting
 +
| SSL/TLS jungle - bringing light into the cipher forest
 +
|-
 +
| 2014-02-19
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2014-January/000267.html]]</center>
 +
| <center>[[Image:person.png|20px|link=User:Schattenbaum]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.swisscom.ch/]]</center>
 +
| <center>[[Image:slides.png|20px|link=File:20140219-SSDLC_Ready_for_Clouds-Robert.pdf]]</center>
 +
| Chapter Meeting
 +
| S-SDLC – Ready for Clouds?
 +
|-
 +
| 2013-12-17
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-December/000262.html]]</center>
 +
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.credit-suisse.ch/]]</center>
 
|  
 
|  
|  
+
| Chapter Meeting
| Local Chapter Meeting
+
 
| Annual Review & Outlook
 
| Annual Review & Outlook
 
|-
 
|-
| 22 October 2013
+
| 2013-10-22
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-October/000258.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-October/000258.html]]</center>
| [[Image:person.png|20px|link=https://www.xing.com/profiles/Alexandre_Herzog]]
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Alexandre_Herzog]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.colab-zurich.ch/]]</center>
| Local Chapter Meeting
+
| <center>[[Image:slides.png|20px|link=File:20131022-advances_in_secure_aspnet_development-alexandre.pdf]]</center>
| ASP.NET security
+
| Chapter Meeting
 +
| Advances in secure (ASP).NET development – Break the hacker's spirit
 
|-
 
|-
| 22 October 2013
+
| 2013-10-22
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-October/000258.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-October/000258.html]]</center>
| [[Image:person.png|20px|link=User:Disenchant]]
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
| [[Image:slides.png|20px|link=File:20131022-node_security-disenchant.pdf]]
+
| <center>[[Image:location.png|20px|link=http://www.colab-zurich.ch/]]</center>
| Local Chapter Meeting
+
| <center>[[Image:slides.png|20px|link=File:20131022-node_security-disenchant.pdf]]</center>
| Node security
+
| Chapter Meeting
 +
| Node.js Security
 
|-
 
|-
| 09 April 2013
+
| 2013-04-09
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-March/000241.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2013-March/000241.html]]</center>
 +
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.securesafe.com/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| Tools (not) to use
 +
|-
 +
| 2012-09-19
 
|  
 
|  
| Local Chapter Meeting
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.security-zone.info/]]</center>
 +
| <center>[[Image:slides.png|20px|link=File:Owasp_top_10_mobile_risks.pdf]]</center>
 +
| Security-Zone
 +
| OWASP Top 10 Mobile Risks
 +
|-
 +
| 2012-06-12
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2012-June/000229.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Tobias_Ospelt]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| Reversing Android Apps
 
|-
 
|-
| 12 June 2012
+
| 2012-02-14
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2012-June/000229.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2012-February/000224.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=https://www.blackhat.com/html/bh-us-12/speakers/Gianni-Gnesa.html]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
| Local Chapter Meeting
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| Analysis of the RSA Security Breach
 
|-
 
|-
| 14 February 2012
+
| 2011-12-13
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2012-February/000224.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-December/000223.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Alexis_FitzGerald]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
 
|  
 
|  
|  
+
| Chapter Meeting
| Local Chapter Meeting
+
| AppSec - Why is it important
|
+
 
|-
 
|-
| 13 December 2011
+
| 2011-12-13
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-December/000223.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-December/000223.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Stephan_Berger37]][[Image:person.png|20px|link=https://plus.google.com/106548980928636767176/posts]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
| Local Chapter Meeting
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| Dangers of Firefox Add-On's
 
|-
 
|-
| 11 October 2011
+
| 2011-10-11
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-September/000218.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-September/000218.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Cyrill_Brunschwiler]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.itacs.ch/]]</center>
| Local Chapter Meeting
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| Presentation of the OWASP Top 10 & a hands-on session
 
|-
 
|-
| 09 August 2011
+
| 2011-08-09
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-August/000215.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-August/000215.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
| Foundation of OWASP Switzerland Association
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| Foundation of OWASP Switzerland Association
 
|-
 
|-
| 14 June 2011
+
| 2011-06-14
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-June/000208.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-June/000208.html]]</center>
| [[Image:person.png|20px|link=https://www.xing.com/profiles/Pascal_Buchbinder]]
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Pascal_Buchbinder]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
| Local Chapter Meeting
+
| <center>[[Image:slides.png|20px|link=File:Owasl_lcm_20110614_mod_sslcrl.pdf]]</center>
 +
| Chapter Meeting
 
| Automatic CRL updates for the Apache Web server
 
| Automatic CRL updates for the Apache Web server
 
|-
 
|-
| 14 June 2011
+
| 2011-06-14
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-June/000208.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-June/000208.html]]</center>
| [[Image:person.png|20px|link=User:Disenchant]]
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
| Local Chapter Meeting
+
| <center>[[Image:slides.png|20px|link=File:OWASP_Browser_Security.pdf]]</center>
| New Standards and upcoming Technologies in Browser Security
+
| Chapter Meeting
 +
| New Standards and upcoming Technologies in Browser Security (Slides by [https://www.owasp.org/index.php/User:Tgondrom Tobias Gondrom])
 
|-
 
|-
| 12 May 2011
+
| 2011-05-12
 
|  
 
|  
|  
+
| <center>[[Image:person.png|20px|link=User:Afontes]]</center>
| [[Image:slides.png|20px|link=https://www.owasp.org/index.php/File:SwissCyberStorm3-Do_you_know_OWASP.pdf]]
+
| <center>[[Image:location.png|20px|link=https://www.swisscyberstorm.com/]]</center>
 +
| <center>[[Image:slides.png|20px|link=https://www.owasp.org/index.php/File:SwissCyberStorm3-Do_you_know_OWASP.pdf]]</center>
 
| Swiss Cyber Storm III
 
| Swiss Cyber Storm III
 +
| Do you know OWASP?
 +
|-
 +
| 2011-04-12
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-April/000204.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Alexandre_Herzog]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
 +
| <center>[[Image:slides.png|20px|link=File:20110412-aspnet_viewstate_security-alexandre.pdf]]</center>
 +
| Chapter Meeting
 +
| ASP.NET & ViewState Security
 +
|-
 +
| 2010-04-12
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2010-February/000152.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Tobias_Christen]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| Usability vs. Security
 
|-
 
|-
| 12 April 2011
+
| 2010-04-12
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2011-April/000204.htmll]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2010-February/000152.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Michael_Tschannen]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.rheinfelder.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| 2-factor authentication for mobile devices: a secure and practical approach
 +
|-
 +
| 2009-06-25
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2009-June/000144.html]]</center>
 +
| <center>[[Image:person.png|20px|Jerry Hoff]][[Image:person.png|20px|Jason Li]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.avantec.ch/]]</center>
 
|  
 
|  
| Local Chapter Meeting
+
| Chapter Meeting
 +
| Benefits of a security API such as ESAPI
 +
|-
 +
| 2009-06-25
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2009-June/000144.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Bruno_Blumenthal]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.avantec.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| Advanced SQL injection exploitation to operating system full control
 
|-
 
|-
| 12 April 2010
+
| 2009-04-07
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2010-February/000152.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2009-March/000140.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Tobias_Christen]]</center>
|  
+
| <center>[[Image:location.png|20px|link=https://www.avantec.ch/]]</center>
| Local Chapter Meeting
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| Open security architecture (www.opensecurityarchitecture.org)
 
|-
 
|-
| 25 June 2009
+
| 2009-04-07
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2009-June/000144.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2009-March/000140.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Cyrill_Brunschwiler]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.avantec.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| XSRF and JSON hijacking & a hands-on session
 +
|-
 +
| 2008-09-08
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2008-August/000132.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Pascal_Buchbinder]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.swissre.com/]]</center>
 
|  
 
|  
| Local Chapter Meeting
+
| Chapter Meeting
|  
+
| Quality of services for web applications (Hands-On Workshop)
 
|-
 
|-
| 07 April 2009
+
| 2008-09-08
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2009-March/000140.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2008-August/000132.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Cyrill_Brunschwiler]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.swissre.com/]]</center>
| Local Chapter Meeting
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| XML Security (Hands-On Workshop)
 
|-
 
|-
| 08 September 2008
+
| 2008-09-08
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2008-August/000132.html]]  
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2008-August/000132.html]]</center>
|  
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Alessandro_Moretti]]</center>
|  
+
| <center>[[Image:location.png|20px|link=http://www.swissre.com/]]</center>
| Local Chapter Meeting
+
 
|  
 
|  
 +
| Chapter Meeting
 +
| ISC2/Application security
 
|-
 
|-
| 01 April 2008
+
| 2008-04-01
|  
+
| <center>[[Image:info.png|20px|link=http://lists.owasp.org/pipermail/owasp-switzerland/2008-March/000114.html]]</center>
| [[Image:person.png|20px|link=https://www.xing.com/profiles/Christian_Folini]]
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Christian_Folini]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.ethz.ch/]]</center>
 
|  
 
|  
 
| Global OWASP Week
 
| Global OWASP Week
 
| Taking Apache access logs to the next level
 
| Taking Apache access logs to the next level
 
|-
 
|-
| 01 April 2008
+
| 2008-04-01
|  
+
| <center>[[Image:info.png|20px|link=http://lists.owasp.org/pipermail/owasp-switzerland/2008-March/000114.html]]</center>
| [[Image:person.png|20px|link=https://www.xing.com/profiles/Alessandro_Moretti]]
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Alessandro_Moretti]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.ethz.ch/]]</center>
 
|  
 
|  
 
| Global OWASP Week
 
| Global OWASP Week
 
| Implementing an Application Security Lifecycle programme
 
| Implementing an Application Security Lifecycle programme
 
|-
 
|-
| 01 April 2008
+
| 2008-04-01
|  
+
| <center>[[Image:info.png|20px|link=http://lists.owasp.org/pipermail/owasp-switzerland/2008-March/000114.html]]</center>
| [[Image:person.png|20px|link=User:Disenchant]]
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.ethz.ch/]]</center>
 
|  
 
|  
 
| Global OWASP Week
 
| Global OWASP Week
 
| WebAppSec the Big Picture
 
| WebAppSec the Big Picture
 
|-
 
|-
| 11 December 2007
+
| 2007-12-11
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-November/000106.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-November/000106.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Thomas_Bader]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.zurich.com/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| Certified Secure Web
 +
|-
 +
| 2007-12-11
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-November/000106.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/Tobias_Christen]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.zurich.com/]]</center>
 
|  
 
|  
| Local Chapter Meeting
+
| Chapter Meeting
 +
| Secure Development Life Cycle
 +
|-
 +
| 2007-12-11
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-November/000106.html]]</center>
 +
| <center>[[Image:person.png|20px|Daniel Hulliger]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.zurich.com/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| Securing my Assets (Presentation & Demo)
 
|-
 
|-
| 19 September 2007
+
| 2007-09-20
| [[Image:info.png|20px|link=http://www.disenchant.ch/blog/owasp-switzerland-goes-public/80]]
+
| <center>[[Image:info.png|20px|link=http://www.disenchant.ch/blog/owasp-switzerland-goes-public/80]]</center>
|  
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.security-zone.info/]]</center>
 
|  
 
|  
 
| Security-Zone
 
| Security-Zone
|  
+
| OWASP Testing Guide
 
|-
 
|-
| 20 September 2007
+
| 2007-09-19
| [[Image:info.png|20px|link=http://www.disenchant.ch/blog/owasp-switzerland-goes-public/80]]
+
| <center>[[Image:info.png|20px|link=http://www.disenchant.ch/blog/owasp-switzerland-goes-public/80]]</center>
|  
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=http://www.security-zone.info/]]</center>
 
|  
 
|  
 
| Security-Zone
 
| Security-Zone
 +
| OWASP Top 10
 +
|-
 +
| 2007-07-24
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-July/000095.html]]</center>
 +
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.zurich.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| OWASP - An Overview
 
|-
 
|-
| 24 July 2007
+
| 2007-07-24
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-July/000095.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-July/000095.html]]</center>
| [[Image:person.png|20px|link=https://www.xing.com/profiles/Pierre_Parrend]]
+
| <center>[[Image:person.png|20px|link=https://www.xing.com/profiles/Pierre_Parrend]]</center>
| [[Image:slides.png|20px|link=Mobile_Java_Security]]
+
| <center>[[Image:location.png|20px|link=https://www.zurich.ch/]]</center>
| Local Chapter Meeting
+
| <center>[[Image:slides.png|20px|link=Mobile_Java_Security]]</center>
 +
| Chapter Meeting
 
| Dependability for Java Mobile Code
 
| Dependability for Java Mobile Code
 
|-
 
|-
| 26 April 2007
+
| 2007-07-24
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-April/000086.html]]  
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-July/000095.html]]</center>
 +
| <center>[[Image:person.png|20px|link=https://www.xing.com/profile/HansPeter_Waldegger]][[Image:person.png|20px|link=https://www.xing.com/profiles/Pascal_Buchbinder]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.zurich.ch/]]</center>
 
|  
 
|  
 +
| Chapter Meeting
 +
| OWASP Top 10 (Demo)
 +
|-
 +
| 2007-04-26
 +
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-April/000086.html]]</center>
 +
| <center>[[Image:person.png|20px|link=http://www.linkedin.com/in/bchess]]</center>
 +
| <center>[[Image:location.png|20px|link=https://www.zurich.ch/]]</center>
 
|  
 
|  
| Local Chapter Meeting
+
| Chapter Meeting
|  
+
| Risk metrics
 
|-
 
|-
| 12 February 2007
+
| 2007-02-12
| [[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-February/000079.html]]
+
| <center>[[Image:info.png|20px|link=https://lists.owasp.org/pipermail/owasp-switzerland/2007-February/000079.html]]</center>
| [[Image:person.png|20px|link=User:Disenchant]]
+
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
| [[Image:slides.png|20px|link=File:20070212-xss_worms-disenchant.pdf]]
+
| <center>[[Image:location.png|20px|link=https://www.zurich.ch/]]</center>
| Local Chapter Meeting
+
| <center>[[Image:slides.png|20px|link=File:20070212-xss_worms-disenchant.pdf]]</center>
 +
| Chapter Meeting
 
| XSS-Worms
 
| XSS-Worms
 
|-
 
|-
| 11 November 2006
+
| 2006-11-11
 
|  
 
|  
 +
| <center>[[Image:person.png|20px|link=User:Disenchant]]</center>
 
|  
 
|  
 
|  
 
|  
| OWASP Switzerland Local Chapter Kick-Off Meeting
+
| Chapter Meeting
|
+
| OWASP Switzerland Chapter Kick-Off Meeting
 
|}
 
|}
 
  
  
 
= Participation  =
 
= Participation  =
  
OWASP Local Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.  
+
OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.  
  
 
<br> Our main topics are:  
 
<br> Our main topics are:  
Line 250: Line 413:
 
*Secure Architectures
 
*Secure Architectures
  
<br> If you would like to give a presentation (make sure that you have read and understood the [[Speaker_Agreement|speaker agreement]]), or have any questions about the OWASP Switzerland Local Chapter, send an email to [mailto:sven.vetsch__AT__disenchant.ch Sven Vetsch].  
+
<br> If you would like to give a presentation (make sure that you have read and understood the [[Speaker_Agreement|speaker agreement]]), or have any questions about the OWASP Switzerland Chapter, send an email to [mailto:sven.vetsch__AT__disenchant.ch Sven Vetsch].  
  
 
= Sponsoring  =
 
= Sponsoring  =
  
Help us to make application security visible and become a supporter of the OWASP or our Local Chapter in Switzerland. All information about becoming a member/sponsor can be found [[Membership|here]].
+
Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found [[Membership|here]].
  
 
If your company is interested in supporting us directly, please contact [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] to talk about the following sponsoring possibilities.  
 
If your company is interested in supporting us directly, please contact [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] to talk about the following sponsoring possibilities.  
Line 261: Line 424:
 
*Single Meeting Supporter  
 
*Single Meeting Supporter  
 
*Facility Sponsor  
 
*Facility Sponsor  
*Organization Supporters (allocating 40% of your annual donation to our Local Chapter)
+
*Organization Supporters (allocating 40% of your annual donation to our Chapter)
  
= Local Chapter Material  =
+
= Chapter Material  =
  
Here you can find material related to the OWASP Switzerland Local Chapter.  
+
Here you can find material related to the OWASP Switzerland Chapter.  
  
 
'''OWASP Switzerland bylaws (in German)'''<br> [[Media:Bylaws owasp switzerland.pdf|Download bylaws]]
 
'''OWASP Switzerland bylaws (in German)'''<br> [[Media:Bylaws owasp switzerland.pdf|Download bylaws]]

Revision as of 08:42, 4 June 2014


[edit]

OWASP Switzerland Chapter Logo

Welcome to the Home Page of the OWASP Switzerland Chapter.


If you're living in the French speaking part of Switzerland, please also visit the OWASP Geneva chapter for more information.

Please find below the planned dates for the upcoming OWASP Switzerland Meetings:

  • Tuesday, June 17th 2014
  • Wednesday, August 20th 2014
  • Tuesday, October 21th 2014
  • Wednesday, December 10th 2014




Tuesday, June 17th 2014
We'd like to invite you to the third of six OWASP Switzerland meetings in 2014. Please make sure to register for the event.

  • When:
    Tuesday, June 17th 2014
    Starting at 18:00
    Doors at 17:30
  • What:
    XSS and beyond (René Freingruber, SEC Consult Person.png)
    Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it’s possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it’s possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn’t crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.
  • Where:
    Credit Suisse
    Europaallee 1
    8004 Zürich
    Arrival
  • Who:
    As usual, all of our meetings are open to everyone and free of charge.
  • Agenda
    18:00 – 18:15 | Intro and Update on OWASP by Sven Vetsch, OWASP Switzerland Person.png
    18:20 – 19:30 | XSS and beyond by René Freingruber, SEC Consult Person.png
    20:00 – **:** | Dinner


Date Info Speaker Host Slides Event Topic
2014-04-09
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting SSL/TLS jungle - bringing light into the cipher forest
2014-02-19
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting S-SDLC – Ready for Clouds?
2013-12-17
Info.png
Person.png
Location.png
Chapter Meeting Annual Review & Outlook
2013-10-22
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Advances in secure (ASP).NET development – Break the hacker's spirit
2013-10-22
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Node.js Security
2013-04-09
Info.png
Person.png
Location.png
Chapter Meeting Tools (not) to use
2012-09-19
Person.png
Location.png
Slides.png
Security-Zone OWASP Top 10 Mobile Risks
2012-06-12
Info.png
Person.png
Location.png
Chapter Meeting Reversing Android Apps
2012-02-14
Info.png
Person.png
Location.png
Chapter Meeting Analysis of the RSA Security Breach
2011-12-13
Info.png
Person.png
Location.png
Chapter Meeting AppSec - Why is it important
2011-12-13
Info.png
Person.pngPerson.png
Location.png
Chapter Meeting Dangers of Firefox Add-On's
2011-10-11
Info.png
Person.png
Location.png
Chapter Meeting Presentation of the OWASP Top 10 & a hands-on session
2011-08-09
Info.png
Person.png
Location.png
Chapter Meeting Foundation of OWASP Switzerland Association
2011-06-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Automatic CRL updates for the Apache Web server
2011-06-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting New Standards and upcoming Technologies in Browser Security (Slides by Tobias Gondrom)
2011-05-12
Person.png
Location.png
Slides.png
Swiss Cyber Storm III Do you know OWASP?
2011-04-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting ASP.NET & ViewState Security
2010-04-12
Info.png
Person.png
Location.png
Chapter Meeting Usability vs. Security
2010-04-12
Info.png
Person.png
Location.png
Chapter Meeting 2-factor authentication for mobile devices: a secure and practical approach
2009-06-25
Info.png
Jerry HoffJason Li
Location.png
Chapter Meeting Benefits of a security API such as ESAPI
2009-06-25
Info.png
Person.png
Location.png
Chapter Meeting Advanced SQL injection exploitation to operating system full control
2009-04-07
Info.png
Person.png
Location.png
Chapter Meeting Open security architecture (www.opensecurityarchitecture.org)
2009-04-07
Info.png
Person.png
Location.png
Chapter Meeting XSRF and JSON hijacking & a hands-on session
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting Quality of services for web applications (Hands-On Workshop)
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting XML Security (Hands-On Workshop)
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting ISC2/Application security
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week Taking Apache access logs to the next level
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week Implementing an Application Security Lifecycle programme
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week WebAppSec the Big Picture
2007-12-11
Info.png
Person.png
Location.png
Chapter Meeting Certified Secure Web
2007-12-11
Info.png
Person.png
Location.png
Chapter Meeting Secure Development Life Cycle
2007-12-11
Info.png
Daniel Hulliger
Location.png
Chapter Meeting Securing my Assets (Presentation & Demo)
2007-09-20
Info.png
Person.png
Location.png
Security-Zone OWASP Testing Guide
2007-09-19
Info.png
Person.png
Location.png
Security-Zone OWASP Top 10
2007-07-24
Info.png
Person.png
Location.png
Chapter Meeting OWASP - An Overview
2007-07-24
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Dependability for Java Mobile Code
2007-07-24
Info.png
Person.pngPerson.png
Location.png
Chapter Meeting OWASP Top 10 (Demo)
2007-04-26
Info.png
Person.png
Location.png
Chapter Meeting Risk metrics
2007-02-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting XSS-Worms
2006-11-11
Person.png
Chapter Meeting OWASP Switzerland Chapter Kick-Off Meeting


OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.


Our main topics are:

  • Security testing
  • Secure development
  • Hacking
  • Secure Architectures


If you would like to give a presentation (make sure that you have read and understood the speaker agreement), or have any questions about the OWASP Switzerland Chapter, send an email to Sven Vetsch.

Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact Sven Vetsch to talk about the following sponsoring possibilities.

  • Chapter Supporter
  • Single Meeting Supporter
  • Facility Sponsor
  • Organization Supporters (allocating 40% of your annual donation to our Chapter)

Here you can find material related to the OWASP Switzerland Chapter.

OWASP Switzerland bylaws (in German)
Download bylaws

OWASP Switzerland Update Presentation (December 13th 2011)
Download Presentation

funds to OWASP earmarked for Switzerland.

Join the list.png Follow-us-on-twitter.png Facebook-icon.png