This post will briefly introduce the major aspects and goals of smart grids. For those not familiar with electrical grids, have a look at the former post for a quick intro. This article aims to describe the challenges and requirements smart grids are dealing with. Moreover, the need for an intelligent measurement network – the […]
Introduction It can be very tricky to analyze the relevant service account and its file system permissions in order to evaluate if a compromised ASP.NET application can access sensitive resources (file system / network / processes) on the web server. Especially from IIS 6 to IIS 7.5 there is quite a big change in how […]
When it comes to industrial control systems (ICS) specifically to supervisory control and data acquisition (SCADA) then a basic unterstanding of the business is crucial. In the curse of my master thesis I am currently digging into parts of the electrical grid and try to examine the issues and security level of some specific protocols. […]
Introduction Several native JavaScript functions or properties like .eval() and .innerHTML as well as several jQuery functions like .html() and .append() are considered as “unsafe”, but why? The reason is that they allow DOM manipulation using strings containing HTML code (e.g.”<b>This text is bold</b>“), which can lead to DOM Based Cross-Site Scripting vulnerabilities. To be […]
Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-raoul_chiesa-ioan_landry-infowar_and_infoops.pdf Raoul Chiesa & Loan Landry had the last words of AppSec Forum Western Switzerland for the concluding presentation. Let’s be honest, trying to resume Raoul and Loan’s presentation within a few lines is a hard task. And this task gets more complicated or even impossible as they explicitly asked us not […]
Due to a canceled presentation, a slot became available Thursday afternoon and Dominique Bongard used this time for an improvised talk about SuisseID. Without any slides but by dynamically switching between different websites and documents, he started an interesting and interactive discussion with his public around the goals, limitations and risks linked to a SuisseID, […]
Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-maxime_feroul-oauth_un_protocole_qui_authentifie.pdf Maxime Feroul started his presentation with the fact that we all currently have many different identities on the Internet. Federating a common solution is far from being easy, as it must be secure and easy for all stakeholders. Ideally, you would want to use your LinkedIn, Xing or SalesForce profile to […]
Slides available on http://asfws12.files.wordpress.com/2012/11/node_security_presentation_v3_asfws.pdf In a similar way than the previous day’s OPA presentation of Alok, Sven Vetsch guided us through Node.js, a high performance JavaScript web server based on Google’s V8 engine. Node.js (abbreviated Node afterwards) features a full API with no blocking actions. With a simple “Hello World!” example in JavaScript we got […]
Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf As denial of service attacks based on hash-flooding are not a new topic, Jean-Philippe Aumasson and Martin Boßlet started with an introduction about this topic. Storage of data in hash tables is usually done for any array-based information, such as data sent for a GET or a POST request towards a […]
Original Prezi presentation available on http://prezi.com/qhv0ra2qhxoz/asfws-2012-keynote-2/. Prezi converted slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012_keynote2.pdf Olivier Brique, VP Cybersecurity Technology of Swiss company Kudelski offered us an insightful and dynamic dive into the history of his company, initially producing high quality microphone before developing Pay-TV solution and finally announcing, on the 21st of last month, a new cyber […]
© 2025 Compass Security Blog