[OWASP-Switzerland] OWASP Switzerland Meeting - June 17th 2014

Schnüriger Marco marco.schnueriger at protect7.com
Tue Jun 17 12:50:46 UTC 2014

Hi everyone

To those of you that signed up for today's OWASP meeting - here's an update about the exact location:

The entrance to CS at Europaallee is right next to the old Sihlpost building (which is currently under heavy construction). There is a yellow PostFinance ATM right next to the CS entrance. Here's a link to the exact location: https://maps.google.com/maps?q=47.377974,8.535433&num=1&t=m&z=18

See you later


-----Original Message-----
From: owasp-switzerland-bounces at lists.owasp.org [mailto:owasp-switzerland-bounces at lists.owasp.org] On Behalf Of Sven Vetsch
Sent: Mittwoch, 4. Juni 2014 11:24
To: owasp-switzerland at lists.owasp.org
Subject: [OWASP-Switzerland] OWASP Switzerland Meeting - June 17th 2014

Hi everyone,
I'd like to invite you to the OWASP Switzerland meeting on June 17th 2014. If you want to attend, please make sure to register for the event (http://doodle.com/f4affysew6upxa8c) as the space is *limited* to 30 attendees.

* When:
Tuesday, June 17th 2014
Starting at 18:00
Doors at 17:30

* What:
"XSS and beyond" by René Freingruber of SEC Consult Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it's possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it's possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn't crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.

* Where:
Credit Suisse
Europaallee 1
8004 Zürich

* Who:
As usual, all of our meetings are open to everyone and free of charge.

* Agenda
18:00 - 18:15 | Update on OWASP by Sven Vetsch, OWASP Switzerland
18:20 - 19:30 | "XSS and beyond" by René Freingruber, SEC Consult
20:00 - **:** | Dinner

Best regards,

Sven Vetsch
Leader OWASP Switzerland

Owasp-Switzerland mailing list
Owasp-Switzerland at lists.owasp.org

More information about the Owasp-Switzerland mailing list