OWASP Switzerland |
Highlights
At our recent
chapter meeting (including beer and addictive crisps*), which was kindly hosted by Credit Suisse in Zürich, we had an
interesting discussion about application security and OWASP. Obviously
no definitive conclusion was reached - but then that is not the point.
Topics included whether OWASP is obsessed with XSS at the
expense of other issues. If your application does not have an audit trail, is this as as big a risk as an XSS vulnerability. This could be generalized to ask if there
is too much emphasis on the purely technical and not enough on more
esoteric issues such as risk etc. It was noted that the OWASP Top 10 is
now based on risk and also that the new OWASP CISO project attempts to address
more management type concerns.
2014 Plans
For 2014 the OWASP Swiss chapter is planning 6 meetings beginning in February and every two months after that. Keep an eye on the mailing list and on the OWASP Switzerland website etc. for more details.
As usual if
any of you would like to give a talk on any particular topic then don't
be shy.
A few ideas:
- Agile development and security
- Risk and application security
- Demos of OWASP products
- Agile development and security
- Risk and application security
- Demos of OWASP products
Useful Links
- OWASP Switzerland
- OWASP Switzerland Twitter: @OWASP_ch
- OWASP Application Security Guide For CISOs Project
- OWASP Top 10
* Americans call them chips - but they're wrong.
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot