OWASP Switzerland - Node Security

Hi everyone, I'd like to invite you to the next OWASP Switzerland Meeting. We'll have two presentations, one about Node security and one is still open (see below). The meeting will take place on Tuesday, October 22th 2013 at the Colab (http://colab-zurich.ch/) in Zurich. We're very happy, that the people at Colab offered their space for the meeting and we think this will help us to further extend our outreach to developers and make Swiss and of course global applications more secure - thanks very much. The exact location is Zentralstrasse 37, 8003 Zurich and as usual the event is completely free and everyone's invited to join, so bring your friends and colleagues.

To know how many people we can expect, please fill in the Doodle poll we've created (http://doodle.com/kym5fuvhvdmba8ru). If you'd also like to join the dinner after the meeting (most likely Italian food), it's mandatory to register through the poll till October 21th.

Node.js Security - Old vulnerabilities in new dresses (by Sven Vetsch - OWASP Switzerland / Redguard AG)

New technologies are a good thing as they drive innovation. Especially in the web world, innovation is what leads to todays popularity of sites like Google, Twitter and Facebook. Regarding security, new technologies also come with the possibility to avoid known security issues already in the design of a technology or for example a new programming language. Unfortunately most of the time, security is not a main focus and therefor also known faults are done over and over again. In addition to this, new technologies also tend to invent new vulnerability classes or at least open new ways to exploit known security issues. In this talk I’ll take as a practical example the Node (Node.js) project which allows server side non-blocking JavaScript development. It’s great to have the same language for the frontend as for the backend as it makes things much easier to connect and also the frontend and backend developers can better understand each others work. Many people still think about JavaScript as static *.js files somewhere in a web accessible directory which is not security relevant as it’s static. This is simply not the case. In the past there where already a lot of reported security problems in JavaScript so the question is: Will those problems also affect Node? I will answer this and more questions during the talk but be assured, we’ll end up with a reverse shell.

Advances in secure (ASP).NET development – break the hackers’ spirit (by Alexandre Herzog - Compass Security)

The aim of this talk is to give the audience a full overview of the current and upcoming key points to respect in (ASP).NET development. The focus of the talk will mainly reside on ASP.NET web application while still being generalizable for the whole ASP.NET framework:

  • Short introduction to .NET
  • Features of .NET
  • Overview of a few cryptographic keypoints of the framework
  • Configuration of (ASP).NET applications
  • Details about the configuration tree model
  • Important points in configuration files
  • Key security points of application lifecycle
  • Development
  • Third party component review
  • Deployment
  • Operations
  • New cryptographic features of (ASP).NET 4.5
  • General security advices for .NET applications

Best regards, Sven (http://www.owasp.ch)

8 people are attending this meetup

Open in Google Maps