[OWASP-Switzerland] OWASP Switzerland Meeting - June 17th 2015

Sven Vetsch sven.vetsch at owasp.org
Fri May 29 15:35:22 UTC 2015


Hi everyone,

I’d like to invite you to our next OWASP Switzerland meeting on June 17th 2015. Please be aware that this is our first ever OWASP meeting in *Bern*. If you want to attend, please make sure to register for the event with your *full name* through http://doodle.com/uh6ddr55nn7cywdg
Space is limited to 30 attendees.


* When:
Wednesday, June 17th 2015
Starting at 18:00
Doors at 17:30


* What (presentation):
"XSLT Processing Security and Server Side Request Forgeries" by Roland Bischofberger and Emanuel Duss


Abstract:
An XSLT processor is a piece of software for manipulating XML files or
transforming them into other file formats. These XSLT processors are
very feature rich, which makes them interessting in the context of
information security. For example it is possible to include other files
or even run commands. These processors enable you also to perform so
called Server Side Request Forgeries (SSRF). SSRF is a technique which
triggers a request on the vulnerable host. So it is possible for an
attacker to access remote machines which are not directly available for
the attacker.
In a student project at the Hochschule für Technik Rapperswil (HSR), we
did some testing on vulnerabilities of XSLT processors and the ability
to use them for SSRF. In our talk we will present the test results and
show a live demonstration. You will see which processor is vulerable
against which vulnerabilities and what a developer can do to use them
safely.


* Where:
Compass Security Schweiz AG
Ahornweg 2
3012 Bern


* Who:
As usual, all of our meetings are open to everyone and free of charge.


* Agenda
17:30         | Doors will open
18:00 – 18:15 | Update on OWASP by Sven Vetsch, OWASP Switzerland
18:20 – 19:00 | "XSLT Processing Security and Server Side Request Forgeries" by Roland Bischofberger and Emanuel Duss
19:15 - **:** | Dinner


regards,
Sven


--
Sven Vetsch
Leader OWASP Switzerland
https://www.owasp.ch
https://www.twitter.com/OWASP_ch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-switzerland/attachments/20150529/54acb5d9/attachment.html>


More information about the Owasp-Switzerland mailing list