[OWASP-Switzerland] OWASP Switzerland Meeting - June 17th 2014

a.l.e ale.comp_06 at xox.ch
Tue Jun 17 13:27:34 UTC 2014


hi,

because of short term tasks, i can't attend this evening's meeting.

since the doodle is anonymous, i can't remove myself from there...

have a nice evening
a.l.e
> Hi everyone
>
> To those of you that signed up for today's OWASP meeting - here's an update about the exact location:
>
> The entrance to CS at Europaallee is right next to the old Sihlpost building (which is currently under heavy construction). There is a yellow PostFinance ATM right next to the CS entrance. Here's a link to the exact location: https://maps.google.com/maps?q=47.377974,8.535433&num=1&t=m&z=18
>
> See you later
>
> Marco
>
> -----Original Message-----
> From: owasp-switzerland-bounces at lists.owasp.org [mailto:owasp-switzerland-bounces at lists.owasp.org] On Behalf Of Sven Vetsch
> Sent: Mittwoch, 4. Juni 2014 11:24
> To: owasp-switzerland at lists.owasp.org
> Subject: [OWASP-Switzerland] OWASP Switzerland Meeting - June 17th 2014
>
> Hi everyone,
> I'd like to invite you to the OWASP Switzerland meeting on June 17th 2014. If you want to attend, please make sure to register for the event (http://doodle.com/f4affysew6upxa8c) as the space is *limited* to 30 attendees.
>
> * When:
> Tuesday, June 17th 2014
> Starting at 18:00
> Doors at 17:30
>
> * What:
> "XSS and beyond" by René Freingruber of SEC Consult Cross-Site Scripting (XSS) vulnerabilities are one of the most seen vulnerability categories nowadays. Unfortunately, these vulnerabilities are often underestimated, e.g. because an attacker cannot directly compromise the database or webserver by exploiting them. Instead it's possible to execute JavaScript code in the context of a user session allowing to steal session cookies, start key-logging, and so on. This talk goes beyond these basic attacks and shows the audience how it's possible for attackers to completely compromise client systems by exploiting vulnerabilities in browsers. On the basis of real world vulnerabilities, attacks against browsers running on an older operating system (e.g. Windows XP) will be demonstrated. Current operating systems (like Windows 8.1) have implemented lots of mitigation techniques in order to prevent attackers from exploiting such vulnerabilities. During the talk the most important mitigation techniques will be explained. In addition, possible bypasses will be given. At the end of the presentation a real world Firefox exploit, which works reliable against all major Windows versions (including Windows 8.1 and Windows Server 2012), fully bypasses ASLR/DEP (without depending on java6), does not use heapspray and doesn't crash the browser will be shown to demonstrate that such attacks are still possible and mitigation techniques can be bypassed.
>
> * Where:
> Credit Suisse
> Europaallee 1
> 8004 Zürich
>
> * Who:
> As usual, all of our meetings are open to everyone and free of charge.
>
> * Agenda
> 18:00 - 18:15 | Update on OWASP by Sven Vetsch, OWASP Switzerland
> 18:20 - 19:30 | "XSS and beyond" by René Freingruber, SEC Consult
> 20:00 - **:** | Dinner
>
> Best regards,
> Sven
>
> --
> Sven Vetsch
> Leader OWASP Switzerland
> http://www.owasp.ch
> https://www.twitter.com/OWASP_ch
>
>
>
>
> _______________________________________________
> Owasp-Switzerland mailing list
> Owasp-Switzerland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-switzerland
> _______________________________________________
> Owasp-Switzerland mailing list
> Owasp-Switzerland at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-switzerland




More information about the Owasp-Switzerland mailing list