[OWASP-Switzerland] OWASP Switzerland Meeting - June 17th 2014

Sven Vetsch sven.vetsch at owasp.org
Wed Jun 4 09:23:43 UTC 2014

Hi everyone,
I'd like to invite you to the OWASP Switzerland meeting on June 17th 2014. If you want to attend, please make sure to register for the event (http://doodle.com/f4affysew6upxa8c) as the space is *limited* to 30 attendees.

* When:
Tuesday, June 17th 2014
Starting at 18:00
Doors at 17:30

* What:
"XSS and beyond" by René Freingruber of SEC Consult
Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it’s possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it’s possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn’t crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.

* Where:
Credit Suisse
Europaallee 1
8004 Zürich

* Who:
As usual, all of our meetings are open to everyone and free of charge.

* Agenda
18:00 – 18:15 | Update on OWASP by Sven Vetsch, OWASP Switzerland
18:20 – 19:30 | "XSS and beyond" by René Freingruber, SEC Consult
20:00 - **:** | Dinner

Best regards,

Sven Vetsch
Leader OWASP Switzerland

More information about the Owasp-Switzerland mailing list