OWASP Switzerland Community Meetup, February 2025

Join us at the OWASP Switzerland Community Meetup to kick off the year 2025! This meetup will feature two exciting talks on application security. It’s a fantastic opportunity to network with like-minded professionals, exchange ideas, and expand your knowledge in a friendly and collaborative environment.

Program:
17:10 - Doors open: Grab a drink, meet old and new friends from the OWASP Switzerland community

17:35 - Uninstallable by Design: The Role of Pre-installed Apps in Android’s Security Landscape - (Thomas Sutter, PhD Student @ University of Bern)

18:30 - Coffee Break

18:45 - Continuous Security with DevSecOps: How Platform Engineering Transforms Modern Application Security​ - (Romano Roth, Chief of DevOps / Partner @ Zühlke)

19:40 - 20:10 - Drinks, Fingerfood and Networking: Grab a bite and chat with old and new friends

Talk details:

• Uninstallable by Design - by Thomas Sutter: The competitive smartphone market is keen to prevent its intellectual property from being analysed by competitors and the public. As a result, most smartphones are locked when distributed, and anti-reversing techniques are widely used. Consequently, millions of users use smartphones daily without a clear understanding of the software’s functionality and purpose. To lower the bar for security researcher to analyze Android firmware, we developed a novel framework, called FirmwareDroid. In this talk, we discuss the challenges to automate the process of analyzing Android firmware and showcase how we use FirmwareDroid to analyse pre-installed Android apps in academia.
• Continuous Security with DevSecOps - by Romano Roth: Security must be seamlessly integrated into every stage of the software development lifecycle. This talk explores how combining DevSecOps principles with Platform Engineering empowers teams through automation, standardized environments, and reduced complexity. Learn how these approaches transform application security into a proactive, scalable, and collaborative enabler for delivering secure, high-quality software at speed.