This event has ended

OWASP Göteborg: OWASP Top 10 2013, October 10th

OWASP Göteborg

Thursday, October 10, 2013 from 5:30 PM to 9:00 PM (CEST)

Gothenburg, Sweden

OWASP Göteborg: OWASP Top 10 2013, October 10th

Ticket Information

Type End Quantity
OWASP Member   more info Ended Free  

Who's Going

Loading your connections...

Share OWASP Göteborg: OWASP Top 10 2013, October 10th

Event Details

OWASP Göteborg invites to an evening focused on the OWASP top 10 list that were released earlier this year. We will cover the largest security issues that developers and their companies need to handle. The event will be held in English.

It will be an evening where we can learn about xss, injection, broken authentication and more. We want to thank our sponsor Star Republic for the food, drinks and venue. The seats are limited so please make sure to book your seat today!


Become member!

Everyone is welcome to attend and register for the event - you need to be a member in OWASP Gothenburg. It's easy to become a member; all you need to do is to add yourself to the OWASP mailing list.

 

Abstracts:

 
OWASP TOP 10 - 2013

We present the OWASP top ten list for 2013. The top ten list contains the top serious application security risks. In the very top of the list we find SQL injection. Well known, but still going strong, due to the potentielly disastrous consequences a successful attack may have. In the upper half of the list, we also find broken authentication and, of course, Cross-Site Scripting. Among the newcomers to the list, we find sensitive data exposure, and the use of components with known vulnerabilities. In addition to presenting the list, we also demonstrate some simple attacks.


Polyglots

In a heterogeneous system like the web, information is exchanged between components in versatile formats. A new breed of attacks is on the rise that exploit the mismatch between the expected and provided content. This paper focuses on the root cause of a large class of attacks: polyglots. A polyglot is a program that is valid in multiple programming languages. Polyglots allow multiple interpretation of the content, providing a new space of attack vectors. We characterize what constitutes a dangerous format in the web setting and identify particularly dangerous formats, with PDF as the prime example. We demonstrate that polyglot-based attacks on the web open up for insecure communication across Internet origins. The paper presents novel attack vectors that infiltrate the trusted origin by syntax injection across multiple languages and by content smuggling of malicious payload that appears formatted as benign content. The attacks lead to both cross-domain leakage and cross-site request forgery. We perform a systematic study of PDF-based injection and content smuggling attacks. We evaluate the current practice in client/server content filtering and PDF readers for polyglot-based attacks, and report on vulnerabilities in the top 100 Alexa web sites. We identify five web sites to be vulnerable to syntax injection attacks. Further, we have found two major enterprise cloud storage services to be susceptible to content smuggling attacks. Our recommendations for protective measures on server side, in browsers, and in content interpreters (in particular, PDF readers) show how to mitigate the attacks.


Agenda [ENGLISH]

17:30 Event starts with a light snack and drink. A word from our sponsor Star Republic.

18:00 Community update + This is OWASP Göteborg

18:10 Ulf and Erik - OWASP Top 10 2013 + Demo

19.10 Pause

19:20 Jonas - Polyglot

20:00 Beer, snacks and some serious security live chat

approx. 21:00 Event ends

 

Have questions about OWASP Göteborg: OWASP Top 10 2013, October 10th? Contact OWASP Göteborg

When & Where


Star Republic
1 Otterhällegatan
41118 Gothenburg
Sweden

Thursday, October 10, 2013 from 5:30 PM to 9:00 PM (CEST)


  Add to my calendar

Organizer

OWASP Göteborg

Det lokala chaptret i Göteborg inom Open Web Application Security Project (OWASP)

Att bli medlem är enkelt och gratis - du behöver du bara gå med i mailinglistan.

  Contact the Organizer

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.