Past Events

OWASP Stockholm meeting, Apr 13 2022: OWASP Threat Modeling

Welcome to another OWASP Stockholm event! The topic for this evening will be threat modeling and we will hear Adam Shostack and Irene Michlin talk about the topic.

This meeting will be both physical and virtual. Therefore it is important that you register on the correct event.

Speaker Bio:

Adam Shostack is a leading expert on threat modeling, and a consultant, expert witness, author and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.

His accomplishments include:

Helped create the CVE. Now an Emeritus member of the Advisory Board. Fixing Autorun for hundreds of millions of systems Lead the design and delivery of the Microsoft SDL Threat Modeling Tool (v3) Created the Elevation of Privilege threat modeling game Wrote Threat Modeling: Designing for Security Co-authored The New School of Information Security While not consulting or training, Shostack serves as an advisor to a variety of companies and academic institutions.

Irene Michlin is an application security specialist at Neo4j. Before going into application security, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures. Irene believes that innovative software and secure development practices are not a contradiction, and Lean and Agile practices are actually friends of security. After years of AppSec consultancy, she is now back to in-house role, where she can apply all that she’s learned.

Location: Zoom (link) Time: April 13, 17.00 – 20.00 The talks will begin at 17.30. The meeting will also be made available online for those who cannot make it in person.

The recorded session is available on our Youtube channel

OWASP Stockholm meeting, Mar 22 2022: OWASP Planning

Weekly chapter meeting open to everyone.

OWASP Stockholm meeting, Mar 15 2022: OWASP Planning

Weekly chapter meeting open to everyone.

OWASP Stockholm meeting, Mar 8 2022: OWASP Planning

Weekly chapter meeting open to everyone.

OWASP Stockholm meeting, Feb 17 2022: OWASP PIM Fraud

Welcome to our first digital event for 2022 where we will be hosting two talks!

Talk 1: Priviledged Identity Management (PIM) – Closing the door after you are done with work

Description: How do you make sure that while you are sleeping, no-one is using a priviledged account to access important resources within the organisation? In this session i share the approch i use to handle such scenarios and how to limit access to resources just-in-time as they are needed. Some of the technologies covered are Azure AD, Azure AD PIM.

Presenter: Taavi Koosaar, VP Engineering at Chinsay AB MS MVP - Developer Technologies and passionate about development technologies, architecture, DevSecOps, processes and engineering practices in general to deliver software and value continuously in a cloud native world.

Talk 2: Stop the looters: a method to detect and stop digital skimming attacks

Description: In 2019 British Airways was fined a remarkable £183 million for a data breach that affected more than 380.000 of its customers. Magecart, the hacking group behind the attack, specializes in credit card theft using a technique called digital skimming and British Airways has not been their solo victim. How can we detect these attacks? Is there a method to detect and stop digital skimmers? In this talk we present a technique to do this.

Presenter: Nikolaos (Nikos) Alexiou has worked with application security since 2017 in finance and healthcare. He has a software engineering background and he is currently a member of the leadership team for the Stockholm OWASP local chapter. Nikos holds an MSc in Information Systems from the Aristotle University of Thessaloniki, Greece.

OWASP Stockholm meeting, Oct 21 2021: OWASP DevOps

DevOps and security & Benefits of Cloud Thinking, Oct 21th, 2021

Finally we can meet IRL again and we will fire off with a Secure Development event hosted by Omegapoint at their new office site.

Session 1. DevOps and security A presentation of a development lifecycle inspired by the DevOps loop with activities related to modern development and security with a discussion at the end.

Bio Mats Persson, Consultant @ Omegapoint, passionate about Secure Development, Modern Ways of Working and Security in the Cloud

DevOps and Security

Session 2. Benefits of Cloud Thinking Are Advanced Persistent Threats (APT) becoming the new normal? Should we get used to businesses getting pawned and having sensitive data leaked? Absolutely not! In this talk, we will present how designs often used in the cloud not only reduces risk of APTs, but also improve overall quality of your application – regardless if you’re running in the cloud or not.

Bio Daniel Deogun & Dan Bergh Johnsson are authors of the book Secure by Design and have collectively been working with security and development for several decades. They are developers at heart and understand that security is often a side-concern. They’ve also evolved work habits that enable them to develop systems in a way that promotes security while focusing on high-quality design habits – something that’s easier for developers to keep in mind during their daily work. Both are established international speakers and often present at conferences on topics regarding high-quality development and security.

Benefits of Cloud Thinking

OWASP Stockholm meeting, Apr 28 2021: OWASP Reboot

Stockholm chapter reboot, Apr 28th, 2021

Welcome to an OWASP Stockholm reboot to reactivate the chapter. We will discuss the past and the future for the chapter and set the ambition for different event formats and number of events.

OWASP Stockholm meeting, May 28 2019: Cyber Range Competition

Cyber range practice and competition with Jeremy Wasser, May 28th, 2019

Owasp Stockholm, together with our sponsors Security Innovation Europe and Nasdaq, invites you to an real time CTF evening. Train your skills in application security by attacking real applications and compete with other participants for honor, glory and prices!

Do note that without registering you will not be able to attend the event and please ensure your laptop has been fully charged as charging capabilities are limited.

Security innovation Cyber Range

The CMD+CTRL Cyber Range is part of Security innovation Europe’s Attack and Defend approach to AppSec and is a real life business application platform that helps people learn to think like an attacker and exploit application vulnerabilities. The Cyber Range effectively assesses existing skills and fills any knowledge gaps by teaching real life skills as well as recommending additional training if needed. The Range experience is designed to speed up learning and greatly improve application security knowledge retention.

To further coach participants who are struggling within certain areas there will be breakout sessions on specific topics, so this is both a competition as well as a great learning experience on how to improve your AppSec posture!

Light food and drinks will be available at the event, but dont forget to bring a charged laptop!

Please register for the event here.

OWASP Stockholm meeting, December 12 2018: BSIMM SAMM SDLC

Secure development: BSIMM, SAMM and Sugar! with Nick Murison, Sebastian Åkerman and Hugo Hirsh, December 12th, 2018

Since its cold and dark outside OWASP Stockholm invites you to a Secure development event on the 12th of December. Together with our sponsor Nordnet we will host talks on BSIMM, SAMM as well and how to get people engaged in security using sugar. The event will be in Nordnets office at Alströmmersatan 39.

Agenda ~17:30 - Event entrance opens 18:00 Nick Murison - BSIMM 18:45 Sebastian Åkerman - Running a Security Program like a Champion 19:15 Hugo Hirsh - Trust and Sugar

Register and get more information here: https://www.eventbrite.com/e/secure-development-bsimm-samm-and-sugar-tickets-53024648150

OWASP Stockholm meeting, November 13 2018: XSS Defense Jim Manico

The last XSS Defense talk with Jim Manico, November 13th, 2018

[Owasp-Sweden] OWASP Stockholm proudly presents, long time OWASP hero, Jim Manico in a talk about the hard to beat XSS risks.

The event will take place at the Omegapoint office in Stockholm city on Nov 13th at 6 PM. Seats are limited so grab a ticket quickly by registering using the link below. You find details and talk description in the event info at Eventbrite.

https://www.eventbrite.com/e/owasp-stockholm-jim-manico-the-last-xss-defense-talk-tickets-51186364795?aff=ebdssbdestsearch

OWASP Stockholm meeting, October 2 2018: Bug Bounty Frans Rosén Mattias Karlsson

Eliminating False Assumptions in Bug Bounties with Mattias Karlsson and Frans Rosén, October 2nd, 2018

OWASP Stockholm, Klarna, HackerOne, Mathias & Frans will during this event focus on bug bounty. HackerOne and Klarna will speak from an organisation perspective and Mathias and Frans will talk from a security researcher perspective. Klarna has started their journey and will speak about their experience. The good stuff that came out, but also lessons learned.

[Mattias Karlsson & Frans Rosén presentation]

Eliminating False Assumptions in Bug Bounties

There are a lot of illusions and misconceptions around the bug bounty industry. Is it too late to join? Are all the vulnerabilities already found? Is everything automated nowadays so there’s no way to be late to the party?

Frans and Mathias have been in the mythical world of bounties for a few years and will share their thoughts and ideas on how to actually approach it technically, methodologically and mentally. And also, how to use bug bounties for your own advantage, to improve your career and to increase your pentesting and vulnerability hunting skills.

OWASP Stockholm meeting, May 28 2018: OWASP top 10 XXE Ìnsecure Deserialization Lack of Logging and Monitoring

New risks in OWASP Top 10, with Sebastian Åkerman, Henrik Åmark and Tomas Karlsson, May 28th 2018

OWASP Stockholm bjuder in till årets första evenemang. Den 28 Maj kommer vi, tillsammans med vår sponsor Omegapoint att gå igenom nyheterna på OWASP Top 10 som publicerades sent förra året.

Evenemanget sker i Omegapoints lokaler på Regeringsgatan 56.

Agenda

17:30 Lättare mat och dryck serveras 18:00 Vår sponsor Omegapoint har ordet ~18:15 Henrik Åmark - A10 Lack of logging and Monitoring ~18:45 Sebastian Åkerman - XEE ~19:15 Tomas Karlsson - Insecure Deserialization ~20:00 End of the event

The event will be at the office of Omegapoint, Regeringsgatan 56.

Henrik Åmark

Henrik Åmark är co-lead för OWASP Stockholm och konsult som arbetar med logging, säkerhetsövervakning och incident response. Med över 10 års erfarenhet har fokus till stor del varit att förese organisationer med ökad insyn i deras miljöer, förse dem med rätt verktyg att detektera hot och mitigera dessa.

Tomas Karlsson Tomas har över 20 års erfarenhet av system- och verksamhetsutveckling och har jobbat i många olika projektroller. Med den erfarenheten har han en stor förståelse för varför projekt fortsätter att leverera osäker kod. Intresset för säkerhet vaknade för några år sedan när Tomas upptäckte att han själv hade skrivit kod som, på fel ställe, hade kunna vara ett allvarligt säkerhetshål.

Sebastian Åkerman

Sebastian Åkerman är utvecklare och mjukvaruarkitekt och har jobbat som konsult med säkerhetskririsk systemutveckling i drygt 20 år. Sebastian har ett särskilt intresse för säkerhet i utvecklingsprocessen och är även co-lead för OWASP Stockholm.

Beskrivning av OWASP top 10

The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications minimize these risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Presentationerna hålls på svenska.

OWASP Stockholm meeting, September 18 2017: JuiceShop Bjoern Kimminich projects

OWASP juice shop workshop with Bjoern Kimminich, September 18th 2017

Bjoern Kimminich will present his project Juice Shop and then we will all participate in a CTF competition using Juice Shop.

OWASP Stockholm meeting, February 15 2017: Ethereum and OWASP top 10 projects

First OWASP Stockholm event in 2017, with Marcus Örebrand, Magnus Hultin and Martin Swende Holst. Eventbrite.

OWASP Sweden Meeting, Stockholm, November 20, 2012: OWASP Top 10 for JavaScript + RESTful Security

Welcome to an OWASP Sweden seminar November 20, with Erlend Oftedal. Book your seat at Eventbrite.

OWASP Sweden Meeting, Stockholm, May 14, 2012: Secure Mashups, IT Sec in Cars, Buffer Overflow Prevention, "How We Won the Deutche Post Security Cup", and Multi-Step, Semi-Blind CSRF

Welcome to an OWASP Sweden seminar May 14, with Jonas Magazinius, Mattias Jidhage, and John Wilander. Book your seat at Eventbrite.

Slides from the OWASP Sweden Meeting, Stockholm, March 20, 2012

Here are the slides (.ppt.zip) from Jim Manico’s presentation on “Web Application Access Control Design Excellence”.

OWASP Sweden Meeting, Stockholm, March 20, 2012: "Web Application Access Control Design Excellence"

Welcome to an OWASP Sweden seminar March 20, with Jim Manico. Book your seat at Eventbrite.

This event will be in English.

Sponsors for this event are:

The Speaker Jim Manico is a profile in the OWASP community working with the OWASP podcasts and ESAPI amongst other things. During march he is doing a nordic tour and will be visiting the chapters in Finland, Sweden, Norway and Denmark and we have the pleasure of welcoming him to Stockholm on March 20. Read more on the OWASP webpage https://www.owasp.org/index.php/User:Jmanico

Abstract for Jim´s talk:

Web Application Access Control Design Excellence

Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and “fail open” access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.

OWASP Sweden SSL Day, Stockholm, November 23 2011

OWASP Sweden, Stockholm branch is happy to announce a full-day on the topic of SSL in cooperation with Internetdagarna http://www.internetdagarna.se/ind11/program/seminarium/92

The speakers are

OWASP Sweden Meeting March 7 2011, "Security impact of SVG" + ""ECMA Script 5, a frozen DOM and the eradication of XSS

Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft while finishing his PhD thesis.

We’re very happy to invite Mario to OWASP Sweden in March. His two talks will be given in English at Royal Institute of Technology (KTH).

Get your ticket now at Eventbrite.

Mario’s slides: Media:Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf “The Image That Called Me” on SVG security /www-pdf-archive/Mario_Heiderich_OWASP_Sweden_Locking_the_throneroom.pdf “Locking the Throneroom” on locking the DOM to eradicate XSS

OWASP Sweden Meeting, Jan 31 2011, "HTTP-säkerhet"

Daniel Stenberg, Martin Holst Swende, and John Wilander will give talks for OWASP Sweden on Jan 31, 5:30 pm - 21 pm. The topics are Websockets, the new Cookie RFC, Content Security Policy, HTTP Strict Transport Security, and X-Frame-Options. We will be in lecture hall “New York”, World Trade Center, Stockholm (map).

Omegapoint are sponsors and there will be lighter food and beers.

OWASP Sweden reaches 500 members ... and gets three leaders

OWASP Sweden now has a stunning 500 members on the mailing list. From now the chapter will be lead by three co-leaders: John Wilander, Mattias Bergling, and Robert Malmgren.

OWASP Sweden invites Samy Kamkar, October 4, 2010

Samy Kamkar, famous for the Samy XSS attack on MySpace in 2005 will be giving a talk for OWASP Sweden on October 4, 5:30 pm - 22 pm. We will be in Ljusgården, Årstaängsvägen 19, Marievik/Liljeholmen, Stockholm (map).

Nexus Safe and Data@UrService are sponsors and there will be lighter food and beers.

/www-pdf-archive/OWASP_Sweden_Samy_Kamkar_oktober_2010.pdf

Go to EventBrite and register for free now!

OWASP-Sweden + FOSS Sthlm "Community Hack" September 4-5 2010

The first weekend of September OWASP Sweden together with FOSS Sthlm invite our members to Community Hack II in Stockholm. A full weekend of hacking on open projects, testing new security hacks, trying out tools (for instance the favorite OWASP tool you’ve always wanted to learn), or writing new, open guidelines.

Go to EventBrite and register for free now!

OWASP AppSec Research 2010 in Stockholm, June 21-24 2010

June 21-24, 2010 appsec people will meet in beautiful Stockholm, Sweden. The OWASP chapters in Sweden, Norway, and Denmark together with Stockholm University host the OWASP AppSec Research 2010.

OWASP-Sweden Meeting January 21st 2010 -- The Big Protocols

Stiftelsen för Internetinfrastruktur (.SE) and Swedish Network Users’ Society (SNUS) invite us to three seminars on the big protocols: BGP, DNSSEC, and SSL/TLS.

Program and invitation (in Swedish): ![](OWASP_Sweden_-_De_stora_protokollen_2010-01-21.pdf "File:OWASP_Sweden_-_De_stora_protokollen_2010-01-21.pdf")

OWASP-Sweden Meeting December 2nd 2009 -- OWASP Top 10 2010 (rc1)

Omegapoint invites us to discuss the release candidate of OWASP Top 10 2010 that was presented at OWASP AppSec DC November 13th. The invitation in Swedish is found here. Don’t forget to send an email to John Wilander (john.wilander@owasp.org) no later than November 23rd to say you’re coming. Seats usually fill up fast.

OWASP AppSec Research 2010, June 21-24 in Stockholm, Sweden

OWASP Sweden, Norway, and Denmark invite you to OWASP AppSec Research 2010, June 21-24 in Stockholm. Read more on the conference wiki page.

OWASP-Sweden Meeting April 28th 2009 -- Code Analysis and Review

The second chapter meeting of 2009 will be held on Tuesday April 28th at Clarion Hotel Stockholm. The focus is code analysis and code review. Fortify sponsors the event and welcome the chapter members to refreshments, starting at 17.30.

The program:

Don’t forget to send an email to John Wilander (john.wilander@omegapoint.se) no later than April 23rd to say you’re coming. We need to know how many will turn up.

OWASP-Sweden Meeting March 26th 2009 -- XSS & CSRF

The first meeting of 2009 will be held Thursday March 26th at LabCenter, Oxtorgsgränd 2, Stockholm. The focus is cross-site scripting and cross-site request forgery, attacks and countermeasures. Inspect it and LabCenter sponsor the event and welcome the chapter members to refreshments, starting at 17.00.

The program:

Don’t forget to send an email to Mattias Bergling (mattias.bergling@inspectit.se) no later than March 23rd to say you’re coming. We need to know how many will turn up.

OWASP-Sweden Meeting November 19th 2008 -- PCI DSS

The next chapter meeting is Wednesday November 19th. The focus of the seminars is on PCI-DSS, i.e. security in payment card handling on the Internet. The program:

The meeting is fully booked. But do send an email to John Wilander (john.wilander@omegapoint.se) to say you’re interested and we’ll let you know if seats become available.

OWASP Sweden Hosts the OWASP AppSec Europe Conference 2010

We’re hosting the European OWASP AppSec conference in 2010! Please read the announcement.

OWASP-Sweden Meeting October 6th 2008 -- Security in the Open Source Process

The next chapter meeting is Monday October 6th at Clarion Hotel Stockholm (Skanstull). The focus of the seminars will be on “Security in the Open Source Process”. Refreshments will be served from 16:30 and the seminars will commence at 17:30. Except for a closing panel discussion the program contains the following:

Don’t forget to send an email to Robert Malmgren (anmalan@romab.com) no later than September 29th to say you’re coming. We need to know how many will turn up.

OWASP-Sweden Meeting May 27th 2008 - SQL Injection, Web Scarab

OWASP-Sweden welcomes its members to the next chapter meeting - Tuesday May 27th at Clarion Hotel Stockholm. Refreshments will be served from 17:00, demos will be shown from 17:30, and the seminars will commence at 18:00. The main attractions are:

Don’t forget to send an email to Mattias Bergling (mattias.bergling@inspectit.se) no later than May 21st to say you’re coming. We need to know how many will turn up.

Kick-Off Meeting for OWASP-Sweden April 1st 2008

The OWASP-Sweden kick-off will be held at WTC in Stockholm on April 1st. Yeah, it’s April Fool’s Day but we go under the tagline “Application Security is Not a Joke”. The presentation program includes:

Don’t forget to send an email to John Wilander (john.wilander@omegapoint.se) no later than March 27 to say you’re coming. We need to know how many will turn up.

We’re kicking off!

OWASP-Sweden in Computer Sweden - 08:44, 19 Dec 2007 (EDT)

Today the Swedish national IT newspaper ‘Computer Sweden’ published an article on the new OWASP-Sweden chapter - Mecka för säker programmering till Sverige, or A Mecka for Secure Programming Reaches Sweden in English. While OWASP is more than a programmer’s guide, Mattias Bergling and I are very happy to get the news out to a large part of Sweden’s IT industry.

To become a member of Owasp-Sweden just join the mailing list.

OWASP-Sweden opens! - 22:25, 01 Oct 2007 (EDT)

Finally, Sweden has joined the OWASP movement and John Wilander, the local chapter leader, welcomes members to the Stockholm-based OWASP-Sweden. Please, join our mailing list. Plans for meetings and seminars will be made.

Are you interested in helping out? Do you have ideas for great invited speakers or workshop meetings? Feel free to contact the chapter.

Category:Sweden Category:Europe