[Owasp-switzerland] Summary of the meeting at the 24. July 2007

Sven Vetsch / Disenchant sven.vetsch at disenchant.ch
Thu Jul 26 10:49:50 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,
for those of you who weren't at the OWASP Switzerland Local Chapter
meeting on the 24. July 2007 and also as a review for the guys who
where there, here's a small summary:

- ----------------------------------------------------------------------
+--------+
| People |
+--------+

We where 10 people which is not that much but I think it's easy this way
to have a good exchange and everyone can talk to everyone.

+-------------+
| Information |
+-------------+

- - List of attendees
Because everybody's interested in who was at the meetings and what kind
of people he can expect at the next meeting. There will be a "List of
Attendees" from now on, just like we already had it this meeting.
Everyone who's attending the meeting can add himself to the list (or
not) and after the meeting, the complete list will be sent to everyone
who's on the list.

- - Tweakfest 2007
As already mentioned multiple times, the OWASP Switzerland went to the
Tweakfest 2007 (http://tweakfest.ch) in Zurich. There we had two
presentation slots. One of this slot we filled with Hans-Peter Waldegger
and Pascal Buchbinder from United Security Providers who gave a live
demonstration of the OWASP Top 10 and Sven Vetsch from Dreamlab
Technologies Ltd. presented a short overview on the OWASP. It was a good
training for the speakers and it was a good event but from our pint of
view, there where not the people who are really interested in WebAppSec.

- - Security-Zone 2007
For those of you who don't know the Security-Zone, it's the most
important security event in Switzerland which takes place once a year in
Zurich Oerlikon http://security-zone.info/. From the organizers, we've
got great chances to present the OWASP so for example there's an OWASP
logo on every ticket and I could also write an article for their
newsletter about the OWASP Top 10, which you can find now here (but it's
in German):
http://www.security-zone.info/newsletter/07/juli07/redaktion/S_Vetsch.pdf

Then also at this event we will be present in form of the OWASP Top 10
demo by Hans-Peter (and Pascal?) and Sven Vetsch will present the OWASP
Testing Guide 2.0. More information about this Slot can be found here:
http://www.security-zone.info/php/congresso/products.php?pos=29a08

... and of course you can order a free Ticket here:
http://security-zone.adim.ch/Anmeldung.php?client=1&lang=1&idcatart=75&o=owasp%22%20target=%22_new

- - OWASP Conference (USA/2007)
If somebody wants to travel a little bit, you can go to the next OWASP
Application Security Conference in the US
Tutorials: November 12-13
Main conference November 14-15
The location will be at eBay in San Jose.

- - OWASP Day
Some people in the OWASP came up with the idea to do something OWASP
related in the so called Global Security Week (GWS). The exact date for
the "OWASP Day" will be Thursday 6th Sep 2007 and the main topic was set
to "Privacy in the 21st Century". Sven wouldn't have the time then to
organize something because one week later he'll start studying and he'd
like to be prepared at least a little bit, but it would be great if
someone else can try to organize something. Just get in contact with
Sven about this if you're interested.

+--------------------------------+
| Presentations / Demonstrations |
+--------------------------------+

This time we had three presentations or to be more exact, two
presentations and one demonstration. I think it's enough to just
copy&paste the information about the talks out of the invitation I've
sent to this mailinglist before the meeting
(http://lists.owasp.org/pipermail/owasp-switzerland/2007-July/000094.html).

- - OWASP - An Overview (Sven Vetsch)
  We are the OWASP Switzerland Local Chapter but it seems that most of
  the attending people on the meetings don't really know what
  sub-projects the OWASP has, how it's organized or also how successful
  the OWASP already is, so for example that in the commercial market,
  the Payment Card Industry (PCI) standard has adopted the OWASP Top 10,
  and requires (among other things) that all merchants get a security
  code review for all their custom code. Sven Vetsch will give you just
  a small overview what the OWASP really is about.

- - Security for Java Mobile Code (Pierre Parrend)
  Pierre Parrend from the INSA Lyon (Institut National des Sciences
  Appliquées de Lyon) will come from France to present a talk he calls
  "Security for Java Mobile Code: a pragmatic research view". Here
  you've got the table of content for his 50 minutes talk:

  - The Vision                                              ) 2 min.
  - Java and the OWASP                                      ) 3 min.
  - From static client-server infrastructures
    to dynamic mobile applications                          ) 10 min.
  - From Security to Dependability                          ) 5 min.
  - Security for Java Mobile Code: State of the Art         ) 10 min.
  - Engineering dependable applications: a life cycle view  ) 5 min.
  - Toward a Hardened OSGi Platform - some research work    ) 10 min.
  - Conclusions and perspectives                            ) 5 min.

- - OWASP Top 10 (Hans-Peter Waldegger and Pascal Buchbinder)
  Last but for sure not least we will have a live demonstration of the
  OWASP Top 10 by Hans-Peter Waldegger and Pascal Buchbinder from United
  Security Providers. These two guys have already presented this
  demonstration at the Tweakfest this year and people there enjoyed to
  see this Top 10 in a "real life" example. Stay curious about it.

+--------+
| Thanks |
+--------+

As usual I'd like to thank all the speakers we had and especially I'd
like to thank Pierre Parrend who came from Lyon to us, just for his
presentation.

Last but not least, special thanks goes of course also to the Zurich
Financial Services and Rowan Price for offering us the great location.

- ----------------------------------------------------------------------

Now I'm looking forward to see you at the next OWASP Meeting or at the
Security-Zone 2007 here in Switzerland :)

Regards,
Sven

- --

sent by Sven Vetsch / Disenchant

http://disenchant.ch

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGqLSO8luv3I4ijh0RAgkDAJ9R3jfaubtajcA5oa7lfvE5iY4NCwCgx8sM
QWRvDSOtKTwVvfjAidnE/VU=
=UGS+
-----END PGP SIGNATURE-----


More information about the Owasp-switzerland mailing list