Die Compass Security AG unternimmt die nächsten Wachstumsschritte auf europäischer Ebene. Unter der Firmierung Compass Security Deutschland GmbH (www.csnc.de) hat das Team rund um Marco Di Filippo (bisher Regional Director Germany) am 01. Januar 2013 ihre Arbeit in Berlin aufgenommen. Die hohe Nachfrage aus dem Raum Deutschland veranlasste die Compass Security AG, ihre Aktivitäten sowie […]
Secure web communications using HTTPS isn’t anything fancy anymore these days. It ensures traffic from a user to your web application cannot be eavesdropped or tampered with, given it has been set up securely using SSL/TLS. But, do you trust your web application’s code to entirely disregard unencrypted requests? Are you sure your Apache/IIS is […]
This post will briefly introduce the major aspects and goals of smart grids. For those not familiar with electrical grids, have a look at the former post for a quick intro. This article aims to describe the challenges and requirements smart grids are dealing with. Moreover, the need for an intelligent measurement network – the […]
Introduction It can be very tricky to analyze the relevant service account and its file system permissions in order to evaluate if a compromised ASP.NET application can access sensitive resources (file system / network / processes) on the web server. Especially from IIS 6 to IIS 7.5 there is quite a big change in how […]
When it comes to industrial control systems (ICS) specifically to supervisory control and data acquisition (SCADA) then a basic unterstanding of the business is crucial. In the curse of my master thesis I am currently digging into parts of the electrical grid and try to examine the issues and security level of some specific protocols. […]
Introduction Several native JavaScript functions or properties like .eval() and .innerHTML as well as several jQuery functions like .html() and .append() are considered as “unsafe”, but why? The reason is that they allow DOM manipulation using strings containing HTML code (e.g.”<b>This text is bold</b>“), which can lead to DOM Based Cross-Site Scripting vulnerabilities. To be […]
Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-raoul_chiesa-ioan_landry-infowar_and_infoops.pdf Raoul Chiesa & Loan Landry had the last words of AppSec Forum Western Switzerland for the concluding presentation. Let’s be honest, trying to resume Raoul and Loan’s presentation within a few lines is a hard task. And this task gets more complicated or even impossible as they explicitly asked us not […]
Due to a canceled presentation, a slot became available Thursday afternoon and Dominique Bongard used this time for an improvised talk about SuisseID. Without any slides but by dynamically switching between different websites and documents, he started an interesting and interactive discussion with his public around the goals, limitations and risks linked to a SuisseID, […]
Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-maxime_feroul-oauth_un_protocole_qui_authentifie.pdf Maxime Feroul started his presentation with the fact that we all currently have many different identities on the Internet. Federating a common solution is far from being easy, as it must be secure and easy for all stakeholders. Ideally, you would want to use your LinkedIn, Xing or SalesForce profile to […]
Slides available on http://asfws12.files.wordpress.com/2012/11/node_security_presentation_v3_asfws.pdf In a similar way than the previous day’s OPA presentation of Alok, Sven Vetsch guided us through Node.js, a high performance JavaScript web server based on Google’s V8 engine. Node.js (abbreviated Node afterwards) features a full API with no blocking actions. With a simple “Hello World!” example in JavaScript we got […]
© 2025 Compass Security Blog