Compass Security Blog

Offensive Defense

Month: December 2012

ASFWS – Cybercrime to Information Warfare & “Cyberwar”: a hacker’s perspective

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-raoul_chiesa-ioan_landry-infowar_and_infoops.pdf Raoul Chiesa & Loan Landry had the last words of AppSec Forum Western Switzerland for the concluding presentation. Let’s be honest, trying to resume Raoul and Loan’s presentation within a few lines is a hard task. And this task gets more complicated or even impossible as they explicitly asked us not […]

Continue reading

ASFWS – SuisseID talk

Due to a canceled presentation, a slot became available Thursday afternoon and Dominique Bongard used this time for an improvised talk about SuisseID. Without any slides but by dynamically switching between different websites and documents, he started an interesting and interactive discussion with his public around the goals, limitations and risks linked to a SuisseID, […]

Continue reading

ASFWS – OAuth: un protocole d’autorisation qui authentifie?

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-maxime_feroul-oauth_un_protocole_qui_authentifie.pdf Maxime Feroul started his presentation with the fact that we all currently have many different identities on the Internet. Federating a common solution is far from being easy, as it must be secure and easy for all stakeholders. Ideally, you would want to use your LinkedIn, Xing or SalesForce profile to […]

Continue reading

ASFWS – Node.js Security – Old vulnerabilities in new dresses

Slides available on http://asfws12.files.wordpress.com/2012/11/node_security_presentation_v3_asfws.pdf In a similar way than the previous day’s OPA presentation of Alok, Sven Vetsch guided us through Node.js, a high performance JavaScript web server based on Google’s V8 engine. Node.js (abbreviated Node afterwards) features a full API with no blocking actions. With a simple “Hello World!” example in JavaScript we got […]

Continue reading

ASFWS – Hash-flooding DoS reloaded: attacks and defenses

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf As denial of service attacks based on hash-flooding are not a new topic, Jean-Philippe Aumasson and Martin Boßlet started with an introduction about this topic. Storage of data in hash tables is usually done for any array-based information, such as data sent for a GET or a POST request towards a […]

Continue reading

ASFWS – Keynote 2 – From Pay-TV to cyber security

Original Prezi presentation available on http://prezi.com/qhv0ra2qhxoz/asfws-2012-keynote-2/. Prezi converted slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012_keynote2.pdf Olivier Brique, VP Cybersecurity Technology of Swiss company Kudelski offered us an insightful and dynamic dive into the history of his company, initially producing high quality microphone before developing Pay-TV solution and finally announcing, on the 21st of last month, a new cyber […]

Continue reading

ASFWS – A critical analysis of Dropbox software security

Slides available on http://asfws12.files.wordpress.com/2012/11/dropbox-asfws-version.pdf It was a full (or even an overfilled) room, in which several people did not find a seat, which listened to Nicolas Ruff and Florian Ledoux’s presentation. The topic is certainly appealing but the reputation of Nicolas Ruff aka newsoft (“Security researcher, hacker, blogger, serial speaker, troll herder, happy father & […]

Continue reading

ASFWS – Bee Ware WAF

Slides available on http://asfws12.files.wordpress.com/2012/11/yverdon-2012-secweb-analyse-tech-vs-contextuelle.pdf This talk from Matthieu Estrade (CTO of Bee Ware), entitled officially “Sécurité des application web, analyse technique versus analyse contextuelle” was in fact a kind of sales pitch for Bee Ware, a special kind of Web Application Firewall (WAF). Compass Security has an extensive knowledge about leading WAF products in the […]

Continue reading