[Owasp-switzerland] Summary of the meeting at the 12. February 2007

Sven Vetsch / Disenchant sven.vetsch at disenchant.ch
Tue Feb 13 15:40:55 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list members,
for those of you who weren't at the OWASP Switzerland Local Chapter
meeting on the 12. February 2007 here's a small summary.

Unfortunately we were only 4 people at the meeting which's even if
Switzerland is a very small country not really much and we're looking
forward to be more people at the next meeting. Please don't forget, also
your working collegues and friends are kindly invited in participate.

Following you'll find an overview of what happened during the meeting:

- - Fortify Software
About a week ago, I got a phone call by Nick Blamey from Fortify
Software (http://www.fortifysoftware.com/) which's been sponsoring
dinners for OWASP meetings and offering their technology management team
to perform presentations to OWASP developers in UK, Holland and Ireland
as well as their extensive work with OWASP in the USA. Now, they like to
offering us the same in Switzerland which's very positive for us.


- - Tweakfest
I don't want to write my own text about the Tweakfest, just visit their
website at http://tweakfest.ch/ for get an overview about this event.

Now the organizers of the Tweakfest confirmed, that we can have two
slots for talks about OWASP and related topics.

The first slot I've already confirmed, that we'll take it and there I'd
like to hold a presentation about OWASP at all and give the people there
an overview about it, show them how the OWASP can help them and of
course talking about our Local Chapter with the goal to reach more
people who are interested in application security.

The second slot the organizers and also me looking forward to fill
with a "Hands-on" session. For example an idea of mine was to show the
people there how it is possible to detect and exploit some easy
vulnerabilities in webapplications only with Firefox and some
extensions, this way we can show them, that it's not that hard as they
might think to do such stuff. Also we looking forward to do this not
only on a beamer, we also like to give the people who attending to this
presentation a Linux Live-CD with which the can try everything from the
beamer on their local machines.

Because I need also some time to sleep, I can't prepare both
presentations and so we've several possibilities how to handle this.

1.) I prepare the OWASP presentation and hold it at the Tweakfest.
2.) Someone help me out with preparation of the presentation or also
help me presenting it directly on the event.

- From my point of view, if nobody can help me out with one of the
presentations, I've to cancel the second slot because then I can't give
any guarantee that I've the time to prepare something which's worth to
be presented. So if you're interested, please contact me as soon as
possible.


- - XSS-Worms presentation
I had a presentation about XSS-Worms which inludes also some kind of new
information about the topic. It was the first talk which also talks
about building and using webbased (dynamic) botnets and it seems that
the attending people liked the presentation.

You can download the presentation under the following URL:
http://www.disenchant.ch/blog/files/presentations/pres_20070206_04_svetsch_xss_worms.pdf

If there are any questions about it or the topic itself, don't hesitate
to ask me :)

At this time I'd like to thank my employer Dreamlab Technologies Ltd.
for give me some working hours for preparing myself for this presentation.

This is a good way of knowledge transfer I think and we should try to do
such presentations also in the future. If someone is interested in
holding a presentation, please contact me. Also security from a
management point of view would be very interesting  :)

At the meeting we decided to meet again in April (I'll set up a voting
pool again for the date in a few weeks I think) because if there are
only about 5 people who come to the meetings we can't offer a
presentation or something similar once a month but we're looking forward
to meet about once a month as soon as more people come to the meetings.
For the next meeting I'll also send out a mail or set up a voting pool
again, for registration because it's the only way to know, how many
people we can expect.

Just as an information here's my mobile number: +41 (0)79 466 37 08
For example if you can't find the meeting place (or just like to talk to
me) you can reach me there. It would be great if all of you can send the
number of their mobile at least to me, so that I have the possibility to
call you when it's needed.

Last but not least, thanks to all people who were at the meeting and of
course a special thankyou to Tobias Christen and the Zurich Financial
Services for give us a room.

Sorry for the long mail but I think it's important, that everyone knows
what's going on in our Local Chapter :)

Regards,
Sven

- --

sent by Sven Vetsch / Disenchant

www.disenchant.ch

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF0iJW8luv3I4ijh0RAsFiAKCpoRTTCrVHzD4Qz7jp3wbY/LRLmQCgwAcP
mxhq+r5OvB/XAW7751z9dF0=
=h4t4
-----END PGP SIGNATURE-----


More information about the Owasp-switzerland mailing list