OWASP Switzerland Summit: Recharge & Reconnect

After more than two years with only online talks, we are going physical again.
To celebrate this reboot, we are organizing an summit with four captivating talks and lots of opportunity for you to reconnect with your local application security community and recharge with know-how.

As this is a physical event, please be sure to only register, if you will really be there, so that we get the amount of drinks right!

But now for the program:
Startup:

• 13:15 Doors open: Grab a drink, meet old and new friends from the OWASP Switzerland community
• 13:50 Welcome words (OWASP Switzerland Leader-Team)

Talks: Recharge your know-how

• 14:00 OWASP Mobile Application Security for Developers and Penetration Testers (Stefan Bernhardsgrütter, Lead Security Tester @ Redguard AG)
• 15:00 Beyond the Top 10: Limits of a finite Checklist (Marco Schnüriger, Security Consultant @ Protect7 GmbH)

Break:

• 16:00 Break. Reconnect with peers and refill your drinks.

Talks: Recharge with even more know-how

• 16:30 Cloud Security Building Blocks to Support Web Application Security (Andrew Hutchison, Technical Program Manager @ Google)
• 17:30 Confidential Computing (Thomas Bossard, Security Consultant @ Zühlke Engineering)

On the move: Join DEFCON / OWASP Switzerland warm-up beer

18:45 Relocate and join the warm-up beer with our friends from Area41/DEFCON Switzerland at 4. Akt - Heinrichstrasse 262, 8005 Zurich . Enjoy the community.

Talk details:

• OWASP Mobile Application Security for Developers and Penetration Testers: Mobile applications are central to digital life today. To ensure that mobile e-banking, door controls, health data, personal messages and photos are secure, mobile applications should also be developed securely. As the threat model for a mobile app can differ from other kinds of applications, frameworks such as the OWASP Application Security Verification Standard (ASVS) may not cover all the relevant IT security topics.
• Beyond the Top 10: Limits of a Finite Checklist: In his talk, Marco will share insights from almost two decades of experience with the OWASP Top 10. He will discuss how this checklist has advanced web application security and brought critical issues to the forefront and also to the attention of non-technical people.
  Marco will provide real-world project anecdotes to highlight the limits of the Top 10, particularly in stakeholder communication. He will explore how broader resources like OWASP ASVS and SAMM provide additional guidance and fit into the bigger picture of establishing security practices.
  The talk will conclude with an outlook on integrating practical checklists with detailed frameworks to enhance security strategies and stakeholder understanding. This session is a must for those seeking to bridge the gap between vulnerabilities and effective communication..
• Cloud Security: This presentation will review opportunities to address OWASP challenges using security elements of a cloud platform. Example elements will be discussed to show how platform features can help to mitigate web application threats. The emerging OWASP Cloud-Native Application Security Top 10 will also be reviewed and discussed, with insights also being given into how cloud platform provider and customer can work together in a Security by Design, Security by Default and Security in Deployment approach.
• Confidential Computing: Encryption of data at rest and in transit are two well-established and generally advisable best practices for protecting IT environments. They can be implemented leveraging a plethora of tested and proven technologies such as disk encryption and network security. But what happens when data is processed, therefore not being at rest or in transit? At this point data becomes available in memory, usually in unencrypted to allow processing. This provides a window of opportunity for attackers to gain unallowed access to the data or perform various actions on it. Mitigating some of these attack vectors is what confidential computing aims to do. In this talk I will provide a brief overview over the concepts and outline use cases and limitations. There might after all be some caveats to it...