This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Switzerland"

From OWASP
Jump to: navigation, search
(Added a Meetup link)
Line 8: Line 8:
  
 
*The chapter leader is [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] supported by [mailto:robert.schneider__AT__owasp.org Robert Schneider] and [mailto:antonio.fontes__AT__owasp.org Antonio Fontes]. Please contact us with any questions regarding the chapter.  
 
*The chapter leader is [mailto:sven.vetsch__AT__owasp.org Sven Vetsch] supported by [mailto:robert.schneider__AT__owasp.org Robert Schneider] and [mailto:antonio.fontes__AT__owasp.org Antonio Fontes]. Please contact us with any questions regarding the chapter.  
*Please subscribe to the [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailing list] for meeting announcements and other news related to OWASP in Switzerland.  
+
*Please join us on [https://www.meetup.com/de-DE/OWASPSwitzerland/ Meetup] and/or subscribe to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailing list] for meeting announcements and other news related to OWASP in Switzerland.  
*You can follow us on [https://twitter.com/owasp_ch Twitter] and [https://www.facebook.com/OWASPSwitzerland Facebook]
 
  
 
<br> If you're living in the French speaking part of Switzerland, please also visit the '''[[Geneva|OWASP Geneva chapter]]''' for more information.  
 
<br> If you're living in the French speaking part of Switzerland, please also visit the '''[[Geneva|OWASP Geneva chapter]]''' for more information.  
  
 
= Next Meetings  =
 
= Next Meetings  =
<!--We'd like to invite you to our next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event through the Meetup registration. Space is limited to 30 attendees.
+
We'd like to invite you to our next OWASP Switzerland meeting. If you want to attend, please make sure to [https://www.meetup.com/de-DE/OWASPSwitzerland/events/241771446/ register for the event through the Meetup registration]. Seats are limited.
  
[[Image:Register_button.png|62px|link=http://www.meetup.com/OWASPSwitzerland/events/233496754/]]
+
[[Image:Register_button.png|62px|link=https://www.meetup.com/de-DE/OWASPSwitzerland/events/241771446/]]
  
* When: Tuesday, October 4th 2016
+
* When: Wednesday, August 16th 2017
 
*:17:30        | Doors will open
 
*:17:30        | Doors will open
 
*:18:00 – 18:15 | Update on OWASP
 
*:18:00 – 18:15 | Update on OWASP
 
*:18:20 – 19:30 | Talk & Discussion
 
*:18:20 – 19:30 | Talk & Discussion
*:19:15 – **:** | Dinner
+
*:19:30 – **:** | Dinner
-->
+
 
<!--[[File:owasp_switzerland_next_meeting.png|150px|right|OWASP Switzerland Next Meeting]]-->
+
[[File:crs3.png|150px|right|OWASP Switzerland Next Meeting]]
<!--
+
 
* What: "Bug Bounty programs in Switzerland?" by Florian Badertscher (Swisscom):
+
* What: "Introducing the OWASP ModSecurity Core Rule Set 3.0" by [https://netnea.com Christian Folini]:
** Talk:
+
**Talk:
**:For over a year now Swisscom runs its own Bug Bounty program and has chosen to follow a different approach than many of the other well-known programs. Learn what it takes to set up the program, keep it running in a highly diverse environment and deal with the different needs and limitations from a Telco, ISP and IT Services perspective. We will share insights into the program and the real value it delivers to the company, in addition to the vulnerabilities you learn about.
+
**:The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts.
** Discussion:
+
**:This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.
**:You are a critical thinker (who ideal (him-)herself has reported findings to some kind of "bug bounty program"), a penetration tester, some coloured hat or simply interested in this topic? Then please attend our next meeting and bring along your questions, thoughts and own experiences with responsible disclosure programs.
+
**Speaker
**:Flo is looking forward to discussions around questions like:
+
**:Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.
**: * What are your concrete requirements / expectations to a bug bounty program, what are your experiences participating in these?
+
**:Christian is a frequent committer to the OWASP ModSecurity Core Rules project, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and many other things.
**: * How does your responsible disclosure program work (if there is one)?
 
**: * What pitfalls did you step in?
 
**: * What are your experiences with companies like Hackerone or Bugcrowd?
 
  
* Where: [[Image:location.png|20px|link=https://goo.gl/maps/irgNhDb5m582]]
+
* Where:
*:Swiss Re
+
*:<!--[[Image:location.png|20px|link=https://goo.gl/maps/irgNhDb5m582]]-->Tbd: but in Zürich ;)
*:Soodstrasse 52
 
*:8134 Adliswil
 
  
 
* Who:
 
* Who:
Line 46: Line 40:
  
 
* Dinner:
 
* Dinner:
*: This time no official dinner is planned. If you still would like to grab a bite afterwards, simply stay a little longer after the meeting and we will form up a group of hungry people. ;)
+
*:No official dinner is planned.
 
+
*:If you still would like to grab a bite afterwards, simply stay a little longer after the meeting and we will form up a group of hungry people. ;)
<!--
 
*:For those of you, who would like to grab a bite afterwards, please additionally select the "Dinner" checkbox during your registration. This will allow us to reserve a large enough location.
 
  
 
----
 
----
 +
To make sure you are not going to miss any of our upcoming events, please join us on us on [https://www.meetup.com/de-DE/OWASPSwitzerland/ Meetup] and/or subscribe to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailing list].
  
Please find below the planned dates for the upcoming OWASP Switzerland Meetings:
+
'''Teaser: Monday, October 16th 2017 - DevOps'''
 
 
{| class="wikitable sortable" border="0"
 
|-
 
! scope="col" | Date
 
! scope="col" class="unsortable" | Info
 
! scope="col" class="unsortable" | Speaker
 
! scope="col" class="unsortable" | Location
 
! scope="col" class="unsortable" | Host
 
! scope="col" | Event
 
! scope="col" | Topic
 
|-
 
| 2015-12-15
 
| <center>[[Image:info.png|20px|link=http://lists.owasp.org/pipermail/owasp-switzerland/2015-December/000304.html]]</center>
 
| Pascal Buchbinder<br>Antonio Sanso
 
| <center>[[Image:location.png|20px|link=https://goo.gl/maps/mMlSy]]</center>
 
| [https://www.liip.ch/ Liip AG]
 
| Chapter Meeting
 
| "Reliable log data transfer: about syslog, logstash and log data signing"<br>"Top X OAuth 2 Hacks"
 
|}
 
 
 
-->
 
There are two upcoming meetings in the pipeline for you:
 
* August - WAF
 
* October - DevOps
 
Stay tuned by subscribing to our (low-traffic) [https://lists.owasp.org/mailman/listinfo/owasp-switzerland mailinglist] and / or by joining us on [https://www.meetup.com/de-DE/OWASPSwitzerland/ Meetup].
 
  
 
= Past Meetings  =
 
= Past Meetings  =
Line 531: Line 499:
 
<br> Our main topics are:  
 
<br> Our main topics are:  
  
 +
*DevOps
 
*Security testing  
 
*Security testing  
 
*Secure development  
 
*Secure development  
Line 536: Line 505:
 
*Secure Architectures
 
*Secure Architectures
  
<br> If you would like to give a presentation (make sure that you have read and understood the [[Speaker_Agreement|speaker agreement]]), or have any questions about the OWASP Switzerland Chapter, send an email to [mailto:sven.vetsch__AT__disenchant.ch Sven Vetsch].  
+
<br> If you would like to give a presentation (make sure that you have read and understood the [[Speaker_Agreement|speaker agreement]]), or have any questions about the OWASP Switzerland Chapter, send an email to [mailto:robert.schneider__AT__owasp.org Robert Schneider].  
  
 
= Sponsoring  =
 
= Sponsoring  =
Line 562: Line 531:
 
|-
 
|-
 
| [[Image:Mailinglist_button.png|62px|link=https://lists.owasp.org/mailman/listinfo/owasp-switzerland]]  
 
| [[Image:Mailinglist_button.png|62px|link=https://lists.owasp.org/mailman/listinfo/owasp-switzerland]]  
| [[Image:Twitter_button.png|62px|link=https://twitter.com/owasp_ch]]
 
| [[Image:Facebook_button.png|62px|link=https://www.facebook.com/OWASPSwitzerland]]
 
 
| [[Image:Meetup-logo.png|62px|link=https://www.meetup.com/de-DE/OWASPSwitzerland/]]
 
| [[Image:Meetup-logo.png|62px|link=https://www.meetup.com/de-DE/OWASPSwitzerland/]]
 
|}
 
|}

Revision as of 13:43, 16 July 2017


OWASP Switzerland Chapter Logo

Welcome to the Home Page of the OWASP Switzerland Chapter.


If you're living in the French speaking part of Switzerland, please also visit the OWASP Geneva chapter for more information.

We'd like to invite you to our next OWASP Switzerland meeting. If you want to attend, please make sure to register for the event through the Meetup registration. Seats are limited.

Register button.png

  • When: Wednesday, August 16th 2017
    17:30 | Doors will open
    18:00 – 18:15 | Update on OWASP
    18:20 – 19:30 | Talk & Discussion
    19:30 – **:** | Dinner
OWASP Switzerland Next Meeting
  • What: "Introducing the OWASP ModSecurity Core Rule Set 3.0" by Christian Folini:
    • Talk:
      The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts.
      This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.
    • Speaker
      Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.
      Christian is a frequent committer to the OWASP ModSecurity Core Rules project, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and many other things.
  • Where:
    Tbd: but in Zürich ;)
  • Who:
    As usual, all of our meetings are open to everyone and free of charge.
  • Dinner:
    No official dinner is planned.
    If you still would like to grab a bite afterwards, simply stay a little longer after the meeting and we will form up a group of hungry people. ;)

To make sure you are not going to miss any of our upcoming events, please join us on us on Meetup and/or subscribe to our (low-traffic) mailing list.

Teaser: Monday, October 16th 2017 - DevOps

Date Info Speaker Host Slides Event Topic
2016-10-04
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Bug Bounty programs in Switzerland?
2016-06-07
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting XSSI - The Tale of a Fameless but Widespread Vulnerability
2015-12-15
Info.png
Person.png
Person.png
Location.png
Slides.png
Slides.png
Chapter Meeting Top X OAuth 2 Hacks
Reliable log data transfer: about syslog, logstash and log data signing
2015-10-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Application Security Testing by Static Code Analysis
2015-08-19
Info.png
Person.pngPerson.pngPerson.pngPerson.png
Location.png
Chapter Meeting BarCamp
2015-06-17
Info.png
Person.pngPerson.png
Location.png
Slides.png
Chapter Meeting XSLT Processing Security and Server Side Request Forgeries
2015-04-15
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Android apps in sheep's clothing
2015-02-18
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Abusing JSONP with Rosetta Flash
2014-12-10
Info.png
Person.png
Location.png
Chapter Meeting OWASP Switzerland Fondue
2014-11-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Living on the Edge - Advanced ModSecurity to Save Your Ass
2014-08-20
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting (Client-Side) Flash Security
2014-06-17
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting XSS and beyond
2014-04-09
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting SSL/TLS jungle - bringing light into the cipher forest
2014-02-19
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting S-SDLC – Ready for the Cloud?
2013-12-17
Info.png
Person.png
Location.png
Chapter Meeting Annual Review & Outlook
2013-10-22
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Advances in secure (ASP).NET development – Break the hacker's spirit
2013-10-22
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Node.js Security
2013-04-09
Info.png
Person.png
Location.png
Chapter Meeting Tools (not) to use
2012-09-19
Person.png
Location.png
Slides.png
Security-Zone OWASP Top 10 Mobile Risks
2012-06-12
Info.png
Person.png
Location.png
Chapter Meeting Reversing Android Apps
2012-02-14
Info.png
Person.png
Location.png
Chapter Meeting Analysis of the RSA Security Breach
2011-12-13
Info.png
Person.png
Location.png
Chapter Meeting AppSec - Why is it important
2011-12-13
Info.png
Person.pngPerson.png
Location.png
Chapter Meeting Dangers of Firefox Add-On's
2011-10-11
Info.png
Person.png
Location.png
Chapter Meeting Presentation of the OWASP Top 10 & a hands-on session
2011-08-09
Info.png
Person.png
Location.png
Chapter Meeting Foundation of OWASP Switzerland Association
2011-06-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Automatic CRL updates for the Apache Web server
2011-06-14
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting New Standards and upcoming Technologies in Browser Security (Slides by Tobias Gondrom)
2011-05-12
Person.png
Location.png
Slides.png
Swiss Cyber Storm III Do you know OWASP?
2011-04-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting ASP.NET & ViewState Security
2010-04-12
Info.png
Person.png
Location.png
Chapter Meeting Usability vs. Security
2010-04-12
Info.png
Person.png
Location.png
Chapter Meeting 2-factor authentication for mobile devices: a secure and practical approach
2009-06-25
Info.png
Jerry HoffJason Li
Location.png
Chapter Meeting Benefits of a security API such as ESAPI
2009-06-25
Info.png
Person.png
Location.png
Chapter Meeting Advanced SQL injection exploitation to operating system full control
2009-04-07
Info.png
Person.png
Location.png
Chapter Meeting Open security architecture (www.opensecurityarchitecture.org)
2009-04-07
Info.png
Person.png
Location.png
Chapter Meeting XSRF and JSON hijacking & a hands-on session
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting Quality of services for web applications (Hands-On Workshop)
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting XML Security (Hands-On Workshop)
2008-09-08
Info.png
Person.png
Location.png
Chapter Meeting ISC2/Application security
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week Taking Apache access logs to the next level
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week Implementing an Application Security Lifecycle programme
2008-04-01
Info.png
Person.png
Location.png
Global OWASP Week WebAppSec the Big Picture
2007-12-11
Info.png
Person.png
Location.png
Chapter Meeting Certified Secure Web
2007-12-11
Info.png
Person.png
Location.png
Chapter Meeting Secure Development Life Cycle
2007-12-11
Info.png
Daniel Hulliger
Location.png
Chapter Meeting Securing my Assets (Presentation & Demo)
2007-09-20
Info.png
Person.png
Location.png
Security-Zone OWASP Testing Guide
2007-09-19
Info.png
Person.png
Location.png
Security-Zone OWASP Top 10
2007-07-24
Info.png
Person.png
Location.png
Chapter Meeting OWASP - An Overview
2007-07-24
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting Dependability for Java Mobile Code
2007-07-24
Info.png
Person.pngPerson.png
Location.png
Chapter Meeting OWASP Top 10 (Demo)
2007-04-26
Info.png
Person.png
Location.png
Chapter Meeting Risk metrics
2007-02-12
Info.png
Person.png
Location.png
Slides.png
Chapter Meeting XSS-Worms
2006-11-11
Person.png
Chapter Meeting OWASP Switzerland Chapter Kick-Off Meeting

OWASP Chapter meetings are free and open. Our chapter's meetings are informal and encourage open discussion of all aspects of application security. Anyone in our area interested in application security is welcome to attend. We encourage attendees to give short presentations about specific topics.


Our main topics are:

  • DevOps
  • Security testing
  • Secure development
  • Hacking
  • Secure Architectures


If you would like to give a presentation (make sure that you have read and understood the speaker agreement), or have any questions about the OWASP Switzerland Chapter, send an email to Robert Schneider.

Help us to make application security visible and become a supporter of the OWASP or our Chapter in Switzerland. All information about becoming a member/sponsor can be found here.

If your company is interested in supporting us directly, please contact Sven Vetsch to talk about the following sponsoring possibilities.

  • Chapter Supporter
  • Single Meeting Supporter
  • Facility Sponsor
  • Organization Supporters (allocating 40% of your annual donation to our Chapter)

Here you can find material related to the OWASP Switzerland Chapter.

OWASP Switzerland bylaws (in German)
Download bylaws

OWASP Switzerland Update Presentation (December 13th 2011)
Download Presentation

Mailinglist button.png Meetup-logo.png