Difference between revisions of “Gothenburg” From OWASP Let’s talk defense. Offense might be a bit more fun (admit it – there is a small evil mini-me inside all of us that wants nothing but wielding the mighty power of the hack that ruled them all) but let’s face it, there are only so many wrongdoing organisations with world domination aspirations that will hire you to develop attacks on company time. For most of us that wants a paycheck within security, defence is on the menu. So, how should we effectively use our company’s sparse resources to make it harder for an attacker to breach our defenses and when that inevitably happens anyway; how do we find the bad code and remove it? Offense might be a bit more fun (admit it – there is a small evil mini-me inside all of us that wants nothing but wielding the mighty power of the hack that ruled them all) but let’s face it, there are only so many wrongdoing organisations with world domination aspirations that will hire you to develop attacks on company time. For most of us that wants a paycheck within security, defence is on the menu. So, how should we effectively use our company’s sparse resources to make it harder for an attacker to breach our defenses and when that inevitably happens anyway; how do we find the bad code and remove it? Line 497: In a heterogeneous system like the web, information is exchanged between components in versatile formats.
A new breed of attacks is on the rise that exploit the mismatch between the expected and provided content.
This paper focuses on the root cause of a large class of attacks: polyglots. A polyglot is a program that is valid in multiple programming languages. Polyglots allow multiple interpretation of the content, providing a new space of attack vectors.
We characterize what constitutes a dangerous format in the web setting and identify particularly dangerous formats, with PDF as the prime example. We demonstrate that polyglot-based attacks on the web open up for insecure communication across Internet origins. The paper presents novel attack vectors that infiltrate the trusted origin by syntax injection across multiple languages and by content smuggling of malicious payload that appears formatted as benign content. The attacks lead to both cross-domain leakage and cross-site request forgery.
We perform a systematic study of PDF-based injection and content smuggling attacks. We evaluate the current practice in client/server content filtering and PDF readers for polyglot-based attacks, and report on vulnerabilities in the top 100 Alexa web sites.
We identify five web sites to be vulnerable to syntax injection attacks. Further, we have found two major enterprise cloud storage services to be susceptible to content smuggling attacks. Our recommendations for protective measures on server side, in browsers, and in content interpreters (in particular, PDF readers) show how to mitigate the attacks. In a heterogeneous system like the web, information is exchanged between components in versatile formats.
A new breed of attacks is on the rise that exploit the mismatch between the expected and provided content.
This paper focuses on the root cause of a large class of attacks: polyglots. A polyglot is a program that is valid in multiple programming languages. Polyglots allow multiple interpretation of the content, providing a new space of attack vectors. We characterize what constitutes a dangerous format in the web setting and identify particularly dangerous formats, with PDF as the prime example.
We demonstrate that polyglot-based attacks on the web open up for insecure communication across Internet origins. The paper presents novel attack vectors that infiltrate the trusted origin by syntax injection across multiple languages and by content smuggling of malicious payload that appears formatted as benign content. The attacks lead to both cross-domain leakage and cross-site request forgery. We perform a systematic study of PDF-based injection and content smuggling attacks. We evaluate the current practice in client/server content filtering and PDF readers for polyglot-based attacks, and report on vulnerabilities in the top 100 Alexa web sites.
We identify five web sites to be vulnerable to syntax injection attacks. Further, we have found two major enterprise cloud storage services to be susceptible to content smuggling attacks.
Our recommendations for protective measures on server side, in browsers, and in content interpreters (in particular, PDF readers) show how to mitigate the attacks. − ”’2013-04-29 – OWASP Göteborg – An evening with Mario Heiderich”’ ”’2013-04-29 – OWASP Göteborg – An evening with Mario Heiderich”’ Line 534: The InnerHTML Apocalypse – How mXSS Attacks change everything we believed we knew so far The InnerHTML Apocalypse – How mXSS Attacks change everything we believed we knew so far − This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities – every single f one of them.
We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further. The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem – with a strong focus on feasibility and scalability. + This talk introduces and discusses a novel, mostly unpublished technique to successfully attack websites that are applied with state-of-the-art XSS protection. This attack labeled Mutation-XSS (mXSS) is capable of bypassing high-end filter systems by utilizing the browser and its unknown capabilities – every single f one of them.
We analyzed the type and number of high-profile websites and applications that are affected by this kind of attack. Several live demos during the presentation will share these impressions and help understanding, what mXSS is, why mXSS is possible and why it is of importance for defenders as well as professional attackers to understand and examine mXSS even further.
The talk wraps up several years of research on this field, shows the abhorrent findings, discusses the consequences and delivers a step-by-step guide on how to protect against this kind of mayhem – with a strong focus on feasibility and scalability. − XSS from 1999 to 2013: The “Doctrine Classique” of Websecurity XSS from 1999 to 2013: The “Doctrine Classique” of Websecurity Line 556: Mortens slides: [[Media:Morten schionning OWASPGPG 20130228.odp|Incidents and forensics]] Mortens slides: [[Media:Morten schionning OWASPGPG 20130228.odp|Incidents and forensics]] − ”’2013-01-31 – OWASP Göteborg – IT-forensik, 28e februari”’ ”’2013-01-31 – OWASP Göteborg – IT-forensik, 28e februari”’ Line 739: In the first part of the talk, Mikko will take a quick look at various hybrid environments available for ‘mobile’ app developers – showing how the ‘desktop web’ and ‘mobile web’ are converging and what kind of fundamental security mechanisms do or do not exist in them to protect the user. The second part will take a look at recent developments in the web standards bridging these two worlds even closer to each other than ever before – perhaps even making native apps … redundant at some point? Finally, switching to something completely different, Mikko will share his experiences working with an agile team and helping them build more secure products. The talks are accompanied with small demos and use cases to show some of the discussed topics in real life.
In the first part of the talk, Mikko will take a quick look at various hybrid environments available for ‘mobile’ app developers – showing how the ‘desktop web’ and ‘mobile web’ are converging and what kind of fundamental security mechanisms do or do not exist in them to protect the user. The second part will take a look at recent developments in the web standards bridging these two worlds even closer to each other than ever before – perhaps even making native apps … redundant at some point? Finally, switching to something completely different, Mikko will share his experiences working with an agile team and helping them build more secure products.
The talks are accompanied with small demos and use cases to show some of the discussed topics in real life. − ”’2012-06-01 – Slides från OWASP Göteborg 2012-04-26 nu tillgängliga”’ ”’2012-06-01 – Slides från OWASP Göteborg 2012-04-26 nu tillgängliga”’ Line 936: Mötet kommer denna gång att sponsras av Adecco IT & Engineering och hållas på Götgatan 11, 41105 Göteborg (mitt i Nordstan). Mötet startar 17:00 och slutar runt 20:00, följt av öl och mingel. För att anmäla dig till mötet ber vi dig besöka/To sign up for the event, please visit [http://owaspgbg-nov2011.eventbrite.
com/ Eventbrite]. − ”’2011-09-17 – OWASP Göteborg den 3e november”’ ”’2011-09-17 – OWASP Göteborg den 3e november”’ Line 993: − [http://www.omegapoint.se Omegapoint] are sponsors and there will be lighter food and beers.
Omegapoint is located at Rosenlundsgatan 3, Göteborg. The event will start at 5 pm and end around 8 pm. To sign up for the event, please visit [http://owaspgbg-aug2011.
eventbrite.com/ this] site. + [http://owaspgbg-aug2011.eventbrite.
com/ this] site.
− ”’July 4th, 2011 – OWASP-Gothenburg opens!”’ ”’July 4th, 2011 – OWASP-Gothenburg opens!”’ Latest revision as of 13:51, 16 February 2019 Welcome to the Gothenburg chapter homepage
The chapter leaders are: Mikael Wecksten Daniel Hedemalm
OWASP Göteborgs vision är att väcka intresse för och sprida kunskap om hur man bygger säkra mjukvarusystem. Den är att tillhandahålla en balanserad mix av de senaste rönen inom akademisk säkerhetsforskning (spets och framkant), etablerade säkerhetstekniker och designprinciper för direkt tillämpning (bredd och mogenhet). De viktigaste elementen i konstruktionen av säkra applikationer är design och utvecklingsmetodik.
OWASP Göteborg skall därför bidra till att öka säkerhetstänkandet hos programvaruutvecklare.
OWASP Göteborg når ut till utvecklare, projektledare och säkerhetspersoner genom att erbjuda intressanta föredrag och demonstrationer kring säkerhet – både i stort och i smått. Communityhack-dagar, mingel, inhemska och utländska talare profilerar oss som en seriös aktör som erbjuder intresserade en mötesplats där de kan träffa likasinnade, utbyta idéer samt diskutera de senaste inom området.
Vem som helst är varmt välkommen till våra möten!
För att delta i mötena måste du gå med i våran: OWASP Sweden-mailinglistan .
Är du intresserad av att hjälpa till eller har förslag på spännande och intressanta föredrag och/eller talare är du välkommen att kontakta oss.
Tidigare presentationer hittar du i våran YouTube-kanal: owaspgbg .
Följ oss på Twitter https://twitter.com/owaspgbg
och vi finns också på Facebook: https://eclipse.org/downloads/packages/release/helios/sr2 Download and install OWASP LAPSE+ LAPSE+ can be found here https://www.
owasp.org/index.
php/OWASP_Gothenburg_Day_2015
2015-10-20 – Security Tapas
While preparing for OWASP Gothenburg Day we realised we need something that is quite the opposite of a giant all-day event with international speakers. We need a small and cosy down-to-earth session with local speakers. Like a hackathon but with some kind of agenda. Small demonstrations, primers on a subject or technology, a lightning talk or even a small hands on workshop.
To make room for a lot of people we keep them short, aiming for 15-20 minutes for presentations with some additional room for workshops. OWASP will open up the floor, while you, our community, sets the agenda and take place on stage. Thanks to our sponsor ÅF we’ll have a cool venue on the 16th floor and something to eat and drink. Pls, send us a short title, your suggested time slot size in minutes and whether this is a workshop or not (defined by the fact that participants will require to bring some kind of equipment and will be expected to perform some kind of activity) to [email protected] OR let us know through the ticket registration form.
You are of course very welcome to attend even if you don’t have something to present.
Going dark – Mattias Jidhage
Mac Hack Backup Attack – Jonas Magazinius
Livepatching the linux kernel – Mikael Falkvidd
An introduction to QubesOS – Fredrik Strömberg
Hands on with wifi security – Anders Rosdahl
OWASP Security Shepherd – Viktor Hedberg
Introduction to Android app security review – Mikael Wecksten
TrustZone, TEE and mobile security – Peter Gullberg
2015-04-15 – D-FENS Let’s talk defense. Offense might be a bit more fun (admit it – there is a small evil mini-me inside all of us that wants nothing but wielding the mighty power of the hack that ruled them all) but let’s face it, there are only so many wrongdoing organisations with world domination aspirations that will hire you to develop attacks on company time. For most of us that wants a paycheck within security, defence is on the menu. So, how should we effectively use our company’s sparse resources to make it harder for an attacker to breach our defenses and when that inevitably happens anyway; how do we find the bad code and remove it? The event is sponsored by Omegapoint, so we wish to thank them in advance for food, drinks and the venue! The event will be held in English!
Agenda
17:30 Event starts with a light snack and drink.
18:00 A word from our sponsor Omegapoint and a Community update
18:15 Defender economics
20:00 Beer, snacks and some serious security live chat
Approx.
21:00 Event ends
Speaker bios and abstracts
Andreas Lindh – Defender Economics
There are a lot of preconceptions about defense, the most prevalent one probably the “defenders dilemma” in which it is stated that an attacker only needs to find one weakness to compromise a network while a defender needs to defend all of them. While this may be true in a technical sense, things become a lot more complicated once you apply real world considerations. Preconceptions like this are often the foundation on which risk management and ultimately defense strategies are based, something that has led to a number of false but generally accepted assumptions about attackers and their capabilities, and how to defend against them. This talk will discuss the capabilities, and more importantly the limitations, of different types of attackers.
Using the ancient wisdom of the Teenage Mutant Ninja Turtles, the speaker will explain how knowledge of an attacker’s limitations can be leveraged to raise the cost of attack, something that will tip the scale in the defenders favor.
The speaker will also explain how different defensive measures will affect different types of attackers, how they are likely to react to them, and in the end how to get them to hopefully move on to another target.
Andreas Lindh (@addelindh) is a security analyst and engineer working for I Secure Sweden in Gothenburg, Sweden. He specializes in threat & vulnerability analysis, intrusion detection and generally making his clients more secure. When he’s not dissecting threats or kicking some intruder off a network somewhere, he likes to write crappy Python code and make bad puns on Twitter.
Andreas has previously presented his work at, among others, Black Hat USA, Virus Bulletin and 44Con.
Michael Boman – Search and Destroy the unknown
What do you do after realizing that you have been infected by a previously unknown sample that your antimalware vendor failed to detect, or you are unsure that you have up-to-date antimalware products on all systems in your environment? Perhaps you are not able to install antimalware on some endpoints due to regulatory restrictions. So how do you go about to detect malware that hasn’t been detected by your antimalware software? Learn how you can make use of the sources of detection you already have, like your firewall logs, to detect unknown threats on your network and help you locate and extract the malicious software causing the issue.
Once you got your hands on a sample you can analyze it for artifacts the malware creates. Those artifacts, called Indicators of Compromise (IOC), can be used to detect additional malware infections on your SMB or Enterprise network using tools you might already have or can easily be acquired freely from the internet.
Michael Boman (@mboman) is a senior malware analyst at the Malware Research Institute and has been presenting at several large security conferences including 44CON and DEEPSEC in the recent years about malware research, everything from finding malware samples to analyze suspected files at speed and on budget. Michael has been interested in malicious software since he got his own machine infected even though he followed all the best practices having his computer up-to-date with both patches and antimalware software.
The fact that the only thing that notified him about the infection was the built-in Windows firewall asking if it was OK to open a port for a piece of executable. And the rest, as they say, is history. Malware Research Institute is an organization that promotes malware research, tools and techniques for aspiring and seasoned malware analysts. Malware Research Institute has a blog where they publish interesting resources for malware researchers over at
Leave a Reply
You must be logged in to post a comment.