Thursday, 26 December 2013

OWASP Switzerland Chapter Meeting December 2013

OWASP Switzerland

Highlights

At our recent chapter meeting (including beer and addictive crisps*), which was kindly hosted by Credit Suisse in Zürich, we had an interesting discussion about application security and OWASP. Obviously no definitive conclusion was reached - but then that is not the point.

Topics included whether OWASP is obsessed with XSS at the expense of other issues. If your application does not have an audit trail, is this as as big a risk as an XSS vulnerability. This could be generalized to ask if there is too much emphasis on the purely technical and not enough on more esoteric issues such as risk etc. It was noted that the OWASP Top 10 is now based on risk and also that the new OWASP CISO project attempts to address more management type concerns.

Discussion was also had about the open/closed source debate and what advantages each had. The consensus seems to be that both are here to stay. Development houses should have programs in place to handle both.

2014  Plans

For 2014 the OWASP Swiss chapter is planning 6 meetings beginning in February and every two months after that. Keep an eye on the mailing list and on the OWASP Switzerland website etc. for more details.
 
As usual if any of you would like to give a talk on any particular topic then don't be shy.

A few ideas:
- Agile development and security
- Risk and application security
- Demos of OWASP products

Useful Links


* Americans call them chips - but they're wrong.


Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot