OWASP Stockholm meeting, October 29
2024: OWASP OWASP Stockholm - Secure Software Development Evening
Principles for Secure Development In this session Johan will provide a 45min overview of how a development team should think and work around security throughout the entire life cycle of system development. The presentation will go through things like security connected to development environments, code repos, pipelines, etc.
Johan will be followed by Fredrik Klasén from Snyk discussing:
Commonly Observed AI Security Issues While Using GenAI Tools in Software Development Fredrik will spend around 30 minutes discussing how AI-assisted coding increases your delivery speed and efficiency, but also bring risks. Fredrik will present an overview of AI in software development and commonly observed AI security issues while using GenAI tools to produce code and then exploit it. You’ll also get an insight into strategies for mitigation of AI introduced threats.
OWASP Stockholm meeting, September 24
2024: OWASP Autumn OWASP meet up and after-work near Odenplan
Now that summer is over and autumn has come it’s time for us to hang out and have a beer. This is the perfect opportunity for all of us app-sec interested folks to get together and meet up in real life for a relaxed chat and maybe a beer or some other refreshments.
OWASP Stockholm meeting, May 21
2024: OWASP OWASP Stockholm - The EU Cyber Resilience Act and why the SBOM is so important
EU is about to become a market leader in software cybersecurity regulation. With a large set of proposed and active laws, software development will be regulated like never before.
With the coming EU Cyber Resilience Act (CRA) all software and embedded systems will have to get a CE mark, which is now expanded to include cybersecurity aspects. It’s going to be a huge change and will mean that the manufacturers (and in some cases importers) will get responsibility for the user’s security and will have to provide free security patches for the lifetime of the product. Software developers will have to learn secure coding and the need for cyber security professionals will be very high.
One of the focus areas is vulnerability management. To keep a product secure during its lifetime, all 3rd party components will have to be monitored and up to date. At the heart of this process is the Software Bill of Materials, SBOM, which is used to monitor for known vulnerabilities in both Open Source and commercial components. The OWASP CycloneDX project fits right in and have been working with various kinds of bill-of-materials for a long time. CycloneDX is in the process of becoming an ECMA standard and thus fits better in to the EU regulation.
In this talk Olle E. Johansson will introduce the proposed EU CRA legislation and talk about the SBOM with a focus on the toolchain needed to manage vulnerabilities.
We will start the evening with a mingle at 17:30 followed by a presentation that will start at 18:00. The talk will be around 1 hour long followed by a further mingle/time for questions and answers.
Olle E. Johansson Olle E. Johansson is a consultant in the area of realtime communication and in embedded system security. He has been active in Open Source for many years as a developer, evangelist, trainer and speaker in many conferences worldwide. Olle is a member of the OWASP SBOM Forum and the OWASP CycloneDX industry working group. He is currently working on the CycloneDX Transparency Exchange API standard. Olle is currently a project leader for the Swedish DNS TAPIR project that is building Open Source software for analysing DNS resolver logs and finding bad actors.
OWASP Stockholm meeting, Apr 24
2024: OWASP OWASP Stockholm - TruffleHog Disclosure @ Omegapoint
TruffleHog Security Issue Disclosure - Helena Rosenzweig This presentation covers a set of security issues in TruffleHog, an open source, automated security tool that scans code repositories and configuration files for active secrets. The session provides a detailed walkthrough with several live demos, showing how the tool can be exploited to remotely harvest credentials from anyone running a default installation of TruffleHog v3. This presentation is part of a coordinated disclosure together with Truffle Security, the team behind TruffleHog.
Helena Rosenzweig Helena Rosenzweig is a security researcher and software engineer at Omegapoint, focusing on application security for client projects. She has a keen interest in building secure and scalable software but is equally intrigued by all the things that can go wrong.
OWASP Stockholm meeting, Mar 20
2024: OWASP OWASP Stockholm - March Event @ Kivra
Spring is quickly aproaching and OWASP Stockholm is hosting a meetup at Kivra featuring Mathias Karlsson, who will delve into the intriguing world of subdomain takeover within the Google Cloud Platform.
The meetup will start with a mingle with food and drinks at 17:30 and the main presentation will begin at 18:00.
Mathias “avlidienbrunn” Karlsson Your subdomain is on my bucket list Some say subdomain takeover doesn’t exist in GCP. To no one’s surprise, the real answer is “it depends™”.
OWASP Stockholm meeting, Feb 13
2024: OWASP Resilience, APIs and Web Security @ Akamai
Welcome to an evening with focus on resilience, APIs, and web security! The meetup will start with a mingle (wraps/drinks) at 17:30, the main presentations begins at 18:00. The talks will also be streamed online from 18:00.
Architecting web applications to achieve DDoS resiliency - Johan Aldor In this session, Johan Aldor, Senior Solutions Engineer from Akamai will cover how to architect web applications to achieve DDoS resiliency. DDoS attacks are getting more common and also bigger, if you don’t architecture your web application correctly, coping with attacks can be a hassle. Akamai has over 25 years of experience in running distributed systems and overlay networks. Join us in this session where we share the benefits of using a distributed architecture for DNS, Web Application Firewalls and datacenter protection that will make you ready for any attack.
API Security is NOT Appsec - Alexander Cedergren API Security has become a hot topic and this is what you need to know about it. OWASP recently released the updated OWASP Top 10 API Security Risks, and to be secure you need to rethink your normal security strategy. Join Alexander Cedergren, Senior Solutions Engineer at Akamai to learn more about why API Security is NOT AppSec, and what needs to be done different now when APIs is dominating the modern world.
OWASP Stockholm meeting, Jan 17
2024: OWASP OWASP Top 10 for LLM:s
Artificial Intelligence is reshaping nearly every sector and will influence our society in ways that we are only now starting to comprehend. Rapid evolvement of tools, methods, and novel approaches is prompting businesses to swiftly adopt fresh solutions to harness the potential of this emerging paradigm. However, as new technologies, methodologies, and work practices are introduced, hackers also adapt and innovate, always staying one step ahead. This session led by cybersecurity specialist Krister Hedfors will explore the techniques that hackers use to leverage, manipulate, and exploit GenAI systems, such as ChatGPT and Code Llama. He will also give an introduction to OWASP top 10 list for Large Language Models (LLM).
OWASP Stockholm meeting, Dec 13
2023: OWASP Pub evening - Lucia OWASP meet up and after-work near Odenplan
Time for a Lucia/near xmas get together. This is the perfect opportunity for all of us app-sec interested folks to get together and meet up in real life for a relaxed chat and maybe a beer or some other refreshments.
OWASP Stockholm meeting, Sep 28
2023: OWASP Pub evening - OWASP meet up and after-work near Odenplan
While the summer holidays may be behind us, there’s no reason to stop the fun. This is the perfect opportunity for all of us app-sec interested folks to get together and meet up in real life for a relaxed chat and maybe a beer or some other refreshments.
OWASP Stockholm meeting, Mar 2
2023: OWASP DDoS attacks against Sweden- what happened and what we can do about it
During the month of February social media accounts have repeatedly threatened Sweden with cyberattacks. The threats realized in the form of Distributed Denial-of-service attacks, a type of attack aiming at disrupting normal operations and availability of online services and websites. As a result, several Swedish websites were affected, but thankfully not nation-critical services.
DDoS attacks are on the rise on a global scale. They are used by organized crime to blackmail organizations, as well as nation state actors to attack infrastructure of other countries, often opportunistically under the cover of political events.
For this event we get together to discuss what happened, but more importantly what we can do to protect the organizations we work for against DDoS attacks.
The event will be held using huddle in Slack so make sure to join the channel “#chapter-stockholm”.
OWASP Stockholm meeting, Dec 6
2022: OWASP DevSecOps with GitHub Advanced Security
Developers are expected to build secure code, but traditional security tools have been difficult to integrate into the development process. Recent studies show that 85% of applications still contain known vulnerabilities. (https://codesentry.grammatech.com/wp-form-osterman-research)
With GitHub Advanced Security we have the possibility to natively embed security directly into the development workflow. This allows for detection of vulnerabilities early in the development cycle.
Join us on December 6th where we will go through the different GitHub Advanced Security features like Code scanning using CodeQL, Secret scanning and Dependecy scanning with Dependabot.
About Presenter: Sanjin Medic, Principal Architect and Head of Development at Solidify
We are hosted by Micrsosoft Reactor @ Regeringsgatan 59, Stockholm
EDIT: By popular demand we are also going to stream this session on our YouTube Channel. https://youtu.be/4tBLl-KAG0A
OWASP Stockholm meeting, Nov 29
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, Sep 27
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, Sep 7
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, Aug 30
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, May 25
2022: OWASP DevSecOps with GitLab Security
Welcome to another live OWASP Stockholm event and get together sponsored by Sentor
Cyber attacks have never been more in the news. From Twitter hacks to identity theft, vulnerabilities are exposing gaps in the application development process. Application security is difficult, especially when security is a separate process from your DevOps workflow. Security has traditionally been the final hurdle to conquer in the development lifecycle.
Join this session to gain a better understanding of how to successfully shift security left to find and fix security flaws during development - and to do so more easily and with greater visibility and control than typical approaches can provide.
Stefania will explore:
This meeting will be both physical and virtual, therefore it is important that you register for the correct event. Choose the physical event if you will be attending in person to see Stefania’s presentation or choose the virtual event if you will be watching the presentation online through a zoom meeting.
Speaker Bio: Stefania’s experience as a Solutions Architect within Cybersecurity, DevSecOps and OSS governance means she’s helped countless organisations understand and implement security throughout their SDLC. As a python developer at heart, Stefania enjoys optimising and improving operational efficiency by scripting & automating processes and creating integrations. She is an active member of OWASP DevSlop, hosting their technical shows. When not at a computer, Stefania enjoys surfing, yoga and looking after all her tropical plants
Location: Zoom (link) Time: May 25, 17.00 – 20.00 Stefania’s talk will begin at 17.30.
Light refreshments, food and drinks will be provided by Sentor who are sponsoring the event.
The meeting will also be made available online for those who cannot make it in person.
OWASP Stockholm meeting, Apr 13
2022: OWASP Threat Modeling
Welcome to another OWASP Stockholm event! The topic for this evening will be threat modeling and we will hear Adam Shostack and Irene Michlin talk about the topic.
This meeting will be both physical and virtual. Therefore it is important that you register on the correct event.
Speaker Bio:
Adam Shostack is a leading expert on threat modeling, and a consultant, expert witness, author and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.
His accomplishments include:
Helped create the CVE. Now an Emeritus member of the Advisory Board. Fixing Autorun for hundreds of millions of systems Lead the design and delivery of the Microsoft SDL Threat Modeling Tool (v3) Created the Elevation of Privilege threat modeling game Wrote Threat Modeling: Designing for Security Co-authored The New School of Information Security While not consulting or training, Shostack serves as an advisor to a variety of companies and academic institutions.
Irene Michlin is an application security specialist at Neo4j. Before going into application security, Irene worked as software engineer, architect, and technical lead at companies ranging from startups to corporate giants. Her professional interests include securing development life-cycles and architectures. Irene believes that innovative software and secure development practices are not a contradiction, and Lean and Agile practices are actually friends of security. After years of AppSec consultancy, she is now back to in-house role, where she can apply all that she’s learned.
Location: Zoom (link) Time: April 13, 17.00 – 20.00 The talks will begin at 17.30. The meeting will also be made available online for those who cannot make it in person.
The recorded session is available on our Youtube channel
OWASP Stockholm meeting, Mar 22
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, Mar 15
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, Mar 8
2022: OWASP Planning
Weekly chapter meeting open to everyone.
OWASP Stockholm meeting, Feb 17
2022: OWASP PIM Fraud
Welcome to our first digital event for 2022 where we will be hosting two talks!
Talk 1: Priviledged Identity Management (PIM) – Closing the door after you are done with work
Description: How do you make sure that while you are sleeping, no-one is using a priviledged account to access important resources within the organisation? In this session i share the approch i use to handle such scenarios and how to limit access to resources just-in-time as they are needed. Some of the technologies covered are Azure AD, Azure AD PIM.
Presenter: Taavi Koosaar, VP Engineering at Chinsay AB MS MVP - Developer Technologies and passionate about development technologies, architecture, DevSecOps, processes and engineering practices in general to deliver software and value continuously in a cloud native world.
Talk 2: Stop the looters: a method to detect and stop digital skimming attacks
Description: In 2019 British Airways was fined a remarkable £183 million for a data breach that affected more than 380.000 of its customers. Magecart, the hacking group behind the attack, specializes in credit card theft using a technique called digital skimming and British Airways has not been their solo victim. How can we detect these attacks? Is there a method to detect and stop digital skimmers? In this talk we present a technique to do this.
Presenter: Nikolaos (Nikos) Alexiou has worked with application security since 2017 in finance and healthcare. He has a software engineering background and he is currently a member of the leadership team for the Stockholm OWASP local chapter. Nikos holds an MSc in Information Systems from the Aristotle University of Thessaloniki, Greece.
OWASP Stockholm meeting, Oct 21
2021: OWASP DevOps
DevOps and security & Benefits of Cloud Thinking, Oct 21th, 2021
Finally we can meet IRL again and we will fire off with a Secure Development event hosted by Omegapoint at their new office site.
Session 1. DevOps and security A presentation of a development lifecycle inspired by the DevOps loop with activities related to modern development and security with a discussion at the end.
Bio Mats Persson, Consultant @ Omegapoint, passionate about Secure Development, Modern Ways of Working and Security in the Cloud
Session 2. Benefits of Cloud Thinking Are Advanced Persistent Threats (APT) becoming the new normal? Should we get used to businesses getting pawned and having sensitive data leaked? Absolutely not! In this talk, we will present how designs often used in the cloud not only reduces risk of APTs, but also improve overall quality of your application – regardless if you’re running in the cloud or not.
Bio Daniel Deogun & Dan Bergh Johnsson are authors of the book Secure by Design and have collectively been working with security and development for several decades. They are developers at heart and understand that security is often a side-concern. They’ve also evolved work habits that enable them to develop systems in a way that promotes security while focusing on high-quality design habits – something that’s easier for developers to keep in mind during their daily work. Both are established international speakers and often present at conferences on topics regarding high-quality development and security.
OWASP Stockholm meeting, Apr 28
2021: OWASP Reboot
Stockholm chapter reboot, Apr 28th, 2021
Welcome to an OWASP Stockholm reboot to reactivate the chapter. We will discuss the past and the future for the chapter and set the ambition for different event formats and number of events.
OWASP Stockholm meeting, May 28
2019: Cyber Range Competition
Cyber range practice and competition with Jeremy Wasser, May 28th, 2019
Owasp Stockholm, together with our sponsors Security Innovation Europe and Nasdaq, invites you to an real time CTF evening. Train your skills in application security by attacking real applications and compete with other participants for honor, glory and prices!
Do note that without registering you will not be able to attend the event and please ensure your laptop has been fully charged as charging capabilities are limited.
Security innovation Cyber Range
The CMD+CTRL Cyber Range is part of Security innovation Europe’s Attack and Defend approach to AppSec and is a real life business application platform that helps people learn to think like an attacker and exploit application vulnerabilities. The Cyber Range effectively assesses existing skills and fills any knowledge gaps by teaching real life skills as well as recommending additional training if needed. The Range experience is designed to speed up learning and greatly improve application security knowledge retention.
To further coach participants who are struggling within certain areas there will be breakout sessions on specific topics, so this is both a competition as well as a great learning experience on how to improve your AppSec posture!
Light food and drinks will be available at the event, but dont forget to bring a charged laptop!
Please register for the event here.
OWASP Stockholm meeting, December 12
2018: BSIMM SAMM SDLC
Secure development: BSIMM, SAMM and Sugar! with Nick Murison, Sebastian Åkerman and Hugo Hirsh, December 12th, 2018
Since its cold and dark outside OWASP Stockholm invites you to a Secure development event on the 12th of December. Together with our sponsor Nordnet we will host talks on BSIMM, SAMM as well and how to get people engaged in security using sugar. The event will be in Nordnets office at Alströmmersatan 39.
Agenda ~17:30 - Event entrance opens 18:00 Nick Murison - BSIMM 18:45 Sebastian Åkerman - Running a Security Program like a Champion 19:15 Hugo Hirsh - Trust and Sugar
Register and get more information here: https://www.eventbrite.com/e/secure-development-bsimm-samm-and-sugar-tickets-53024648150
OWASP Stockholm meeting, November 13
2018: XSS Defense Jim Manico
The last XSS Defense talk with Jim Manico, November 13th, 2018
[Owasp-Sweden] OWASP Stockholm proudly presents, long time OWASP hero, Jim Manico in a talk about the hard to beat XSS risks.
The event will take place at the Omegapoint office in Stockholm city on Nov 13th at 6 PM. Seats are limited so grab a ticket quickly by registering using the link below. You find details and talk description in the event info at Eventbrite.
https://www.eventbrite.com/e/owasp-stockholm-jim-manico-the-last-xss-defense-talk-tickets-51186364795?aff=ebdssbdestsearch
OWASP Stockholm meeting, October 2
2018: Bug Bounty Frans Rosén Mattias Karlsson
Eliminating False Assumptions in Bug Bounties with Mattias Karlsson and Frans Rosén, October 2nd, 2018
OWASP Stockholm, Klarna, HackerOne, Mathias & Frans will during this event focus on bug bounty. HackerOne and Klarna will speak from an organisation perspective and Mathias and Frans will talk from a security researcher perspective. Klarna has started their journey and will speak about their experience. The good stuff that came out, but also lessons learned.
[Mattias Karlsson & Frans Rosén presentation]
Eliminating False Assumptions in Bug Bounties
There are a lot of illusions and misconceptions around the bug bounty industry. Is it too late to join? Are all the vulnerabilities already found? Is everything automated nowadays so there’s no way to be late to the party?
Frans and Mathias have been in the mythical world of bounties for a few years and will share their thoughts and ideas on how to actually approach it technically, methodologically and mentally. And also, how to use bug bounties for your own advantage, to improve your career and to increase your pentesting and vulnerability hunting skills.
OWASP Stockholm meeting, May 28
2018: OWASP top 10 XXE Ìnsecure Deserialization Lack of Logging and Monitoring
New risks in OWASP Top 10, with Sebastian Åkerman, Henrik Åmark and Tomas Karlsson, May 28th 2018
OWASP Stockholm bjuder in till årets första evenemang. Den 28 Maj kommer vi, tillsammans med vår sponsor Omegapoint att gå igenom nyheterna på OWASP Top 10 som publicerades sent förra året.
Evenemanget sker i Omegapoints lokaler på Regeringsgatan 56.
Agenda
17:30 Lättare mat och dryck serveras 18:00 Vår sponsor Omegapoint har ordet ~18:15 Henrik Åmark - A10 Lack of logging and Monitoring ~18:45 Sebastian Åkerman - XEE ~19:15 Tomas Karlsson - Insecure Deserialization ~20:00 End of the event
The event will be at the office of Omegapoint, Regeringsgatan 56.
Henrik Åmark
Henrik Åmark är co-lead för OWASP Stockholm och konsult som arbetar med logging, säkerhetsövervakning och incident response. Med över 10 års erfarenhet har fokus till stor del varit att förese organisationer med ökad insyn i deras miljöer, förse dem med rätt verktyg att detektera hot och mitigera dessa.
Tomas Karlsson Tomas har över 20 års erfarenhet av system- och verksamhetsutveckling och har jobbat i många olika projektroller. Med den erfarenheten har han en stor förståelse för varför projekt fortsätter att leverera osäker kod. Intresset för säkerhet vaknade för några år sedan när Tomas upptäckte att han själv hade skrivit kod som, på fel ställe, hade kunna vara ett allvarligt säkerhetshål.
Sebastian Åkerman
Sebastian Åkerman är utvecklare och mjukvaruarkitekt och har jobbat som konsult med säkerhetskririsk systemutveckling i drygt 20 år. Sebastian har ett särskilt intresse för säkerhet i utvecklingsprocessen och är även co-lead för OWASP Stockholm.
Beskrivning av OWASP top 10
The OWASP Top 10 is a powerful awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications minimize these risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
Presentationerna hålls på svenska.
OWASP Stockholm meeting, September 18
2017: JuiceShop Bjoern Kimminich projects
OWASP juice shop workshop with Bjoern Kimminich, September 18th 2017
Bjoern Kimminich will present his project Juice Shop and then we will all participate in a CTF competition using Juice Shop.
OWASP Stockholm meeting, February 15
2017: Ethereum and OWASP top 10
projects
First OWASP Stockholm event in 2017, with Marcus Örebrand, Magnus Hultin and Martin Swende Holst. Eventbrite.
OWASP Sweden Meeting, Stockholm, November
20, 2012: OWASP Top 10 for
JavaScript + RESTful Security
Welcome to an OWASP Sweden seminar November 20, with Erlend Oftedal. Book your seat at Eventbrite.
OWASP Sweden Meeting, Stockholm, May
14, 2012: Secure Mashups, IT Sec
in Cars, Buffer Overflow Prevention,
"How We Won the Deutche Post
Security Cup", and Multi-Step, Semi-Blind
CSRF
Welcome to an OWASP Sweden seminar May 14, with Jonas Magazinius, Mattias Jidhage, and John Wilander. Book your seat at Eventbrite.
Slides from the OWASP Sweden
Meeting, Stockholm, March 20, 2012
Here are the slides (.ppt.zip) from Jim Manico’s presentation on “Web Application Access Control Design Excellence”.
OWASP Sweden Meeting, Stockholm, March
20, 2012: "Web Application Access
Control Design Excellence"
Welcome to an OWASP Sweden seminar March 20, with Jim Manico. Book your seat at Eventbrite.
This event will be in English.
Sponsors for this event are:
The Speaker Jim Manico is a profile in the OWASP community working with the OWASP podcasts and ESAPI amongst other things. During march he is doing a nordic tour and will be visiting the chapters in Finland, Sweden, Norway and Denmark and we have the pleasure of welcoming him to Stockholm on March 20. Read more on the OWASP webpage https://www.owasp.org/index.php/User:Jmanico
Abstract for Jim´s talk:
Web Application Access Control Design Excellence
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and “fail open” access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
OWASP Sweden SSL Day, Stockholm,
November 23 2011
OWASP Sweden, Stockholm branch is happy to announce a full-day on the topic of SSL in cooperation with Internetdagarna http://www.internetdagarna.se/ind11/program/seminarium/92
The speakers are
OWASP Sweden Meeting March 7 2011,
"Security impact of SVG" + ""ECMA
Script 5, a frozen DOM and the
eradication of XSS
Mario Heiderich works as a researcher for the Ruhr-University in Bochum, Germany and currently focuses on HTML5, SVG security and security implications of the ES5 specification draft while finishing his PhD thesis.
We’re very happy to invite Mario to OWASP Sweden in March. His two talks will be given in English at Royal Institute of Technology (KTH).
Get your ticket now at Eventbrite.
Mario’s slides: Media:Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf “The Image That Called Me” on SVG security /www-pdf-archive/Mario_Heiderich_OWASP_Sweden_Locking_the_throneroom.pdf “Locking the Throneroom” on locking the DOM to eradicate XSS
OWASP Sweden Meeting, Jan 31 2011,
"HTTP-säkerhet"
Daniel Stenberg, Martin Holst Swende, and John Wilander will give talks for OWASP Sweden on Jan 31, 5:30 pm - 21 pm. The topics are Websockets, the new Cookie RFC, Content Security Policy, HTTP Strict Transport Security, and X-Frame-Options. We will be in lecture hall “New York”, World Trade Center, Stockholm (map).
Omegapoint are sponsors and there will be lighter food and beers.
OWASP Sweden reaches 500 members ...
and gets three leaders
OWASP Sweden now has a stunning 500 members on the mailing list. From now the chapter will be lead by three co-leaders: John Wilander, Mattias Bergling, and Robert Malmgren.
OWASP Sweden invites Samy Kamkar,
October 4, 2010
Samy Kamkar, famous for the Samy XSS attack on MySpace in 2005 will be giving a talk for OWASP Sweden on October 4, 5:30 pm - 22 pm. We will be in Ljusgården, Årstaängsvägen 19, Marievik/Liljeholmen, Stockholm (map).
Nexus Safe and Data@UrService are sponsors and there will be lighter food and beers.
/www-pdf-archive/OWASP_Sweden_Samy_Kamkar_oktober_2010.pdf
Go to EventBrite and register for free now!
OWASP-Sweden + FOSS Sthlm "Community
Hack" September 4-5 2010
The first weekend of September OWASP Sweden together with FOSS Sthlm invite our members to Community Hack II in Stockholm. A full weekend of hacking on open projects, testing new security hacks, trying out tools (for instance the favorite OWASP tool you’ve always wanted to learn), or writing new, open guidelines.
Go to EventBrite and register for free now!
OWASP AppSec Research 2010 in
Stockholm, June 21-24 2010
June 21-24, 2010 appsec people will meet in beautiful Stockholm, Sweden. The OWASP chapters in Sweden, Norway, and Denmark together with Stockholm University host the OWASP AppSec Research 2010.
OWASP-Sweden Meeting January 21st 2010
-- The Big Protocols
Stiftelsen för Internetinfrastruktur (.SE) and Swedish Network Users’ Society (SNUS) invite us to three seminars on the big protocols: BGP, DNSSEC, and SSL/TLS.
Program and invitation (in Swedish):
![
OWASP-Sweden Meeting December 2nd 2009
-- OWASP Top 10 2010 (rc1)
Omegapoint invites us to discuss the release candidate of OWASP Top 10
2010 that was presented at OWASP AppSec DC November 13th. The invitation
in Swedish is found . Don’t forget to send an email to John Wilander
(john.wilander@owasp.org) no later than November 23rd to say you’re
coming. Seats usually fill up fast.
OWASP AppSec Research 2010, June
21-24 in Stockholm, Sweden
OWASP Sweden, Norway, and Denmark invite you to OWASP AppSec Research 2010, June 21-24 in Stockholm. Read more on the conference wiki page.
OWASP-Sweden Meeting April 28th 2009
-- Code Analysis and Review
The second chapter meeting of 2009 will be held on Tuesday April 28th at Clarion Hotel Stockholm. The focus is code analysis and code review. Fortify sponsors the event and welcome the chapter members to refreshments, starting at 17.30.
The program:
Don’t forget to send an email to John Wilander (john.wilander@omegapoint.se) no later than April 23rd to say you’re coming. We need to know how many will turn up.
OWASP-Sweden Meeting March 26th 2009
-- XSS & CSRF
The first meeting of 2009 will be held Thursday March 26th at LabCenter, Oxtorgsgränd 2, Stockholm. The focus is cross-site scripting and cross-site request forgery, attacks and countermeasures. Inspect it and LabCenter sponsor the event and welcome the chapter members to refreshments, starting at 17.00.
The program:
Don’t forget to send an email to Mattias Bergling (mattias.bergling@inspectit.se) no later than March 23rd to say you’re coming. We need to know how many will turn up.
OWASP-Sweden Meeting November 19th 2008
-- PCI DSS
The next chapter meeting is Wednesday November 19th. The focus of the seminars is on PCI-DSS, i.e. security in payment card handling on the Internet. The program:
The meeting is fully booked. But do send an email to John Wilander (john.wilander@omegapoint.se) to say you’re interested and we’ll let you know if seats become available.
OWASP Sweden Hosts the OWASP AppSec
Europe Conference 2010
We’re hosting the European OWASP AppSec conference in 2010! Please read the announcement.
OWASP-Sweden Meeting October 6th 2008
-- Security in the Open Source
Process
The next chapter meeting is Monday October 6th at Clarion Hotel Stockholm (Skanstull). The focus of the seminars will be on “Security in the Open Source Process”. Refreshments will be served from 16:30 and the seminars will commence at 17:30. Except for a closing panel discussion the program contains the following:
Don’t forget to send an email to Robert Malmgren (anmalan@romab.com) no later than September 29th to say you’re coming. We need to know how many will turn up.
OWASP-Sweden Meeting May 27th 2008 -
SQL Injection, Web Scarab
OWASP-Sweden welcomes its members to the next chapter meeting - Tuesday May 27th at Clarion Hotel Stockholm. Refreshments will be served from 17:00, demos will be shown from 17:30, and the seminars will commence at 18:00. The main attractions are:
Don’t forget to send an email to Mattias Bergling (mattias.bergling@inspectit.se) no later than May 21st to say you’re coming. We need to know how many will turn up.
Kick-Off Meeting for OWASP-Sweden April
1st 2008
The OWASP-Sweden kick-off will be held at WTC in Stockholm on April 1st. Yeah, it’s April Fool’s Day but we go under the tagline “Application Security is Not a Joke”. The presentation program includes:
Don’t forget to send an email to John Wilander (john.wilander@omegapoint.se) no later than March 27 to say you’re coming. We need to know how many will turn up.
We’re kicking off!
OWASP-Sweden in Computer Sweden -
08:44, 19 Dec 2007 (EDT)
Today the Swedish national IT newspaper ‘Computer Sweden’ published an article on the new OWASP-Sweden chapter - Mecka för säker programmering till Sverige, or A Mecka for Secure Programming Reaches Sweden in English. While OWASP is more than a programmer’s guide, Mattias Bergling and I are very happy to get the news out to a large part of Sweden’s IT industry.
To become a member of Owasp-Sweden just join the mailing list.
OWASP-Sweden opens! - 22:25, 01 Oct
2007 (EDT)
Finally, Sweden has joined the OWASP movement and John Wilander, the local chapter leader, welcomes members to the Stockholm-based OWASP-Sweden. Please, join our mailing list. Plans for meetings and seminars will be made.
Are you interested in helping out? Do you have ideas for great invited speakers or workshop meetings? Feel free to contact the chapter.