[OWASP-Switzerland] OWASP Switzerland Meeting - October 22th, 2013

Sven Vetsch sven.vetsch at owasp.org
Wed Oct 2 13:14:11 UTC 2013


Hi everyone,
I'd like to invite you to the next OWASP Switzerland Meeting. We'll have two presentations, one about Node security and one is still open (see below). The meeting will take place on Tuesday, October 22th 2013 at the Colab (http://colab-zurich.ch/) in Zurich. We're very happy, that the people at Colab offered their space for the meeting and we think this will help us to further extend our outreach to developers and make Swiss and of course global applications more secure - thanks very much. The exact location is Zentralstrasse 37, 8003 Zurich and as usual the event is completely free and everyone's invited to join, so bring your friends and colleagues.

To know how many people we can expect, please fill in the Doodle poll we've created (http://doodle.com/kym5fuvhvdmba8ru). If you'd also like to join the dinner after the meeting (most likely Italian food), it's *mandatory* to register through the poll till October 21th.

### YOUR TALK ###

Unfortunately, a speaker had to cancel his presentation and we're looking for a replacement. If you have something related (AppSec) to present or know someone, please contact me as soon as possible.

### Node.js Security - Old vulnerabilities in new dresses (by Sven Vetsch - OWASP Switzerland / Redguard AG) ###
New technologies are a good thing as they drive innovation. Especially in the web world, innovation is what leads to todays popularity of sites like Google, Twitter and Facebook. Regarding security, new technologies also come with the possibility to avoid known security issues already in the design of a technology or for example a new programming language. Unfortunately most of the time, security is not a main focus and therefor also known faults are done over and over again. In addition to this, new technologies also tend to invent new vulnerability classes or at least open new ways to exploit known security issues. In this talk I’ll take as a practical example the Node (Node.js) project which allows server side non-blocking JavaScript development. It’s great to have the same language for the frontend as for the backend as it makes things much easier to connect and also the frontend and backend developers can better understand each others work. Many people still think about JavaScript as static *.js files somewhere in a web accessible directory which is not security relevant as it’s static. This is simply not the case. In the past there where already a lot of reported security problems in JavaScript so the question is: Will those problems also affect Node? I will answer this and more questions during the talk but be assured, we’ll end up with a reverse shell.

Best regards,
Sven

--
Sven Vetsch
Leader OWASP Switzerland
http://www.owasp.ch
https://www.twitter.com/OWASP_ch




More information about the Owasp-Switzerland mailing list