Worum es bei uns geht

SBA Research is a research and consulting center for Information Security based in Vienna, and calls itself a “Home of Nerds”. We thus have started hosting Meetups spotlighting all aspects of Security in 2018. By doing so we intend to establish and foster a community of people interested in IT & Information Security and related areas. As soon as things return to normal, we very much look forward to welcoming you to beer, snacks and lively discussions among likeminded on-site. Since we want to give you the chance to join from wherever you are, we will however continue to live stream all of our MeetUps in the future as well.

Our Security Meetup Group is part of the SBA Academy. Check out our Website (https://www.sba-research.org/sba-academy/), SBA Research offers a wide range of ways to transfer knowledge, ranging from freely available talks to specialized on-site trainings.

You missed one of our Meetups? Visit our YouTube channel for directly applicable security knowledge: https://www.youtube.com/c/SBAResearch-IT-Se... (https://www.youtube.com/c/SBAResearch-IT-Security );

SBA Research:
Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.

Bevorstehende Events (1)

SBA Security Meetup hosted by Dynatrace!

Dynatrace Austria GmbH - Lab Vienna

This meeting is organized as an on-site event only! This event will be hosted by Dynatrace, find the information on how to get there down below!

----- WHAT TO EXPECT -----
Talk 1: Vulnerable by Design: Why We Built Unguard, Our Own Insecure Cloud-Native Twitter Clone
By: Christoph Wedenig & Simon Ammer

Talk 2: Boosting your Supply Chain Security with SBOM and VEX
By: Johannes Feichtner

-----Event & Details-----

Talk 1:
Vulnerable by Design: Why We Built Unguard, Our Own Insecure Cloud-Native Twitter Clone

Join us at Vulnerable by Design, where we explore the open-source project, Unguard - an intentionally insecure microservice application crafted for vulnerability testing and educational purposes. Designed to replicate a web-based Twitter clone, this platform boasts standard features such as user management, text, and image posting, alongside “hidden features” (aka. vulnerabilities) that facilitate cross-site scripting (XSS), server-side request forgery (SSRF), and comprehensive remote code execution (RCE). In contrast to other demo applications, Unguard features built-in vulnerabilities, creating the ideal learning atmosphere for security enthusiasts and serving as an excellent testing ground for cybersecurity companies like Dynatrace to evaluate their products. We will dissect Unguard’s microservices, explore their deployment across different platforms using Kubernetes, and learn how to take advantage of these embedded vulnerabilities.

Speaker & Details:

  • Simon Ammer: Software Engineer, Dynatrace
  • Christoph Wedenig: Senior Software Engineer, Dynatrace
  • Talk language: English

Talk 2:
Boosting your Supply Chain Security with SBOM and VEX

Modern software development exposes the supply chain to infinite sources of known and unknown vulnerabilities. Ranging from insecure open-source dependencies to zero-day exploits, software vendors are constantly on the lookout for vulnerabilities in used third-party dependencies and wondering if they themselves are affected. SBOM and VEX are standardized representations to explain what components make up software and can provide transparency into the affected status of vulnerabilities. This talk explains why we need SBOMs and VEX files to ensure product integrity, highlights ways to generate them, and exemplifies practical use-cases.

Speaker & Details:

  • Johannes Feichtner, Senior Security Engineer, Dynatrace
  • Talk language: English


  • 18:00 – 18:15: Gathering
  • 18:15 – 18:20: Welcome & Intro
  • 18:20 – 18:50: Vulnerable by Design: Why We Built Unguard, Our Own Insecure Cloud-Native Twitter Clone (Simon Ammer and Christoph Wedenig, Dynatrace)
  • 18:50 – 19:00: Q&A for the first talk
  • 19:00 – 19:30: Boosting your Supply Chain Security with SBOM and VEX (Johannes Feichtner, Dynatrace)
  • 19:30 – 19:40: Q&A for the second talk

Dynatrace Austria GmbH
Tower 24 - 22nd Floor
Wiedner Gürtel 13, 1100 Vienna

How to get up:

  • When you arrive in the ICON tower, walk straight to the info point and ask for a visitor's card for Dynatrace (22nd floor). They will explain your way to tower 24.
  • Walk through the 1st glass door. At the 2nd glass door, you will need your visitor's card (left side) and hold it against the card reader to open.
  • At the turnstiles, hold your visitor card against the card reader, walk through and look at the screen on your slide (while entering).
  • The screen will display a letter (A-D) about which elevator you need to take.
  • At the elevator, entrance is a small display showing you the floor where it is going. Enter if you see the number 22. You can also hold your card against the bottom of the display to get the elevator letter.

Looking forward to see you!