OWASP Innsbruck
Welcome
Welcome to the OWASP Innsbruck Chapter, your regional chapter in Tyrol, Austria.
What is OWASP?
It is a global community that has provided knowledge, tools and standards as open source for over 20 years to help develop more secure software and applications. The spectrum ranges from web and mobile apps to generative AI and secure software development in general.
Whether you are a developer, a cybersecurity professional or someone who is simply interested in software and application security, OWASP Innsbruck provides a platform for learning, knowledge sharing and networking. Through a variety of events and initiatives, we strive to create an inclusive environment where everyone can contribute, learn and grow.
Next Meeting
Our next event is happening on Thursday 5th February 2026. Please register here: http://veranstaltung.wktirol.at/28037
The venue is at:
Wirtschaftskammer Tirol Wilhelm-Greil-Str 7, 6020 Innsbruck
Note: This time, the entire meet-up will be in English.
Here is the agenda for our next meeting:
- 17:00 - Welcome to the OWASP Chapter Innsbruck and updates - Sven Schleier
- 17:15 - Talk: Semgrep: An introduction to custom rule writing by Will Douglas
- 18:00 - Talk: A Whirlwind Tour of Software Vulnerabilities (a gentle introduction) by Matthias Gander
- 18:20 - Networking - Snacks and Drinks
Details to talks
Talk: Semgrep: An introduction to custom rule writing by Will Douglas
Abstract:
Semgrep is a static analysis tool used for scanning source code to identify potential vulnerabilities but also can be used for other cases that might be of interest to a developer such as code correctness. There is both an enterprise and a free and open-source version of Semgrep but this presentation will focus on custom rule writing for the free version. The custom rules afforded by Semgrep allows practitioners to identify bugs and continually adapt those rules based their tested reliability through triaging reported results along with information gleaned from other security activities.
Bio Will Douglas:
Will Douglas is the Team Leader for Product Security Engineering at MED-EL focusing on the security of both medical and non-medical products throughout their development lifecycle prior to release. He initially started out working in different IT and web development positions before transitioning to cybersecurity in early 2015. His introduction to the professional cybersecurity space was focused primarily on offensive security as a Security Consultant for Cigital, a company which was later acquired by Synopsys. In 2021 he moved from the United States to Austria to join MED-EL’s Product Security team where he holds his current position.
Talk: A Whirlwind Tour of Software Vulnerabilities (a gentle introduction) by Matthias Gander
Abstract:
Software is the foundation of everything from critical infrastructure to daily conveniences. But what happens when that foundation has cracks? This lightning talk provides a high-level introduction to the world of software vulnerabilities. We will move quickly to establish the core concepts and motivations behind vulnerabilities, explore common types of weaknesses that plague modern systems, and demystify how we find, enumerate (like CVE), and rate (like CVSS) these critical flaws. This session is perfect for those new to the field or seasoned experts looking for a concise refresher on the fundamentals.
Bio Matthias Gander:
Matthias Gander is a senior Information Security Manager for Swarovski with a background in computer science. He brings a diverse perspective from his past roles, which include penetration testing, security consulting, and lecturing at the university of Innsbruck. Today, he focuses on the strategic side of security, e.g., building security programs, writing policies, and having endless discussions about managing risk.
OWASP Innsbruck Chapter
OWASP Innsbruck was formed in September 2025 by Bettina and Sven Schleier.
Support - WKO Tyrol
We would like to sincerely thank the Wirtschaftskammer (WKO) Tyrol for kindly providing their facilities and support, as well as Peter Stelzhammer, speaker of the IT Security Experts Group Tyrol of the WKO for his support.
Past Events
2nd OWASP Chapter Innsbruck meeting - 2nd December 2025
Talk (will be in German): How To Breach: From Unconventional Initial Access Vectors To Modern Lateral Movement - by Benjamin Floriani - Slides
Abstract: The perpetual cat-and-mouse game between attackers and defenders has pushed offensive security operators to innovate. While enterprise security teams have become adept at identifying and blocking malicious Office documents, suspicious executables, and known phishing URLs, a significant blind spot often remains: the gray area of “benign” file formats that are implicitly trusted by both users and security tools. This talk will arm attendees with the knowledge to identify and leverage these blind spots in red team engagements.
About Benjamin Floriani:
My fascination about complex systems began early on - with hacking computer games. While studying computer science at the University of Innsbruck, I discovered the Austrian Cyber Security Challenge, a capture-the-flag competition that promotes IT security talents in Austria.
My successful participation in this competition opened my way into professional IT security at the end of 2017. Since then, I have been pursuing my passion as a penetration tester. I have specialized in the field of red teaming and attack simulations through numerous further education and training courses - a field that continues to fascinate me.
I am currently deepening my knowledge in the areas of internal infrastructures and malware development. This enables me not only to increase the precision of our penetration tests, but also to implement techniques such as lateral movement, local privilege escalation and full domain compromise in red team engagements even more effectively.
1st OWASP Chapter Innsbruck meeting - 30th October 2025
Our first event happened on 30th October 2025!
Talk: What is OWASP? - Slides
Talk and Demo: Secrets in Source Code - how to identify them, what are the risks and how to detect with open source tools. Slides
The talks were delivered by Sven Schleier who is actively supporting and advocating for OWASP since 2016 as project leader for the OWASP Mobile Application Security project.