Compass Security Blog

Offensive Defense

Compass Security at CYBSEC15 in Yverdon-les-Bains

As in past years, Compass Security will participate in the upcoming CyberSec Conference in Yverdon-les-Bains (formerly Application Security Forum – Western Switzerland). This year, we will contribute in two events: First, Antoine Neuenschwander and Alexandre Herzog will conduct a day long training session on Tuesday, November 3rd. Participants will be able to exercise their skills […]

Continue reading

ASFWS slides and OWASP meeting tomorrow

As announced a while ago, I had the chance to organize both a workshop about our hacking-lab.com and present my talk “Advances in secure (ASP).NET development – break the hackers’ spirit” at the AppSec Forum Western Switzerland in Yverdon-les-Bains last week. I hope to soon summarize the conferences I attended in an upcoming blog article. […]

Continue reading

Compass Security at ASFWS in Yverdon-les-Bains

Compass Security is proud to be part and sponsor of the Application Security Forum – Western Switzerland (ASFWS), a conference about application, identity and cyber security which will be take place in a week’s time in Yverdon-les-Bains (15-16 October 2013). I will run the AppSec Lab 1 (featuring the Hacking-Lab), on Wednesday 16 October in the […]

Continue reading

ASFWS – Cybercrime to Information Warfare & “Cyberwar”: a hacker’s perspective

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-raoul_chiesa-ioan_landry-infowar_and_infoops.pdf Raoul Chiesa & Loan Landry had the last words of AppSec Forum Western Switzerland for the concluding presentation. Let’s be honest, trying to resume Raoul and Loan’s presentation within a few lines is a hard task. And this task gets more complicated or even impossible as they explicitly asked us not […]

Continue reading

ASFWS – SuisseID talk

Due to a canceled presentation, a slot became available Thursday afternoon and Dominique Bongard used this time for an improvised talk about SuisseID. Without any slides but by dynamically switching between different websites and documents, he started an interesting and interactive discussion with his public around the goals, limitations and risks linked to a SuisseID, […]

Continue reading

ASFWS – OAuth: un protocole d’autorisation qui authentifie?

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-maxime_feroul-oauth_un_protocole_qui_authentifie.pdf Maxime Feroul started his presentation with the fact that we all currently have many different identities on the Internet. Federating a common solution is far from being easy, as it must be secure and easy for all stakeholders. Ideally, you would want to use your LinkedIn, Xing or SalesForce profile to […]

Continue reading

ASFWS – Node.js Security – Old vulnerabilities in new dresses

Slides available on http://asfws12.files.wordpress.com/2012/11/node_security_presentation_v3_asfws.pdf In a similar way than the previous day’s OPA presentation of Alok, Sven Vetsch guided us through Node.js, a high performance JavaScript web server based on Google’s V8 engine. Node.js (abbreviated Node afterwards) features a full API with no blocking actions. With a simple “Hello World!” example in JavaScript we got […]

Continue reading

ASFWS – Hash-flooding DoS reloaded: attacks and defenses

Slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf As denial of service attacks based on hash-flooding are not a new topic, Jean-Philippe Aumasson and Martin Boßlet started with an introduction about this topic. Storage of data in hash tables is usually done for any array-based information, such as data sent for a GET or a POST request towards a […]

Continue reading

ASFWS – Keynote 2 – From Pay-TV to cyber security

Original Prezi presentation available on http://prezi.com/qhv0ra2qhxoz/asfws-2012-keynote-2/. Prezi converted slides available on http://asfws12.files.wordpress.com/2012/11/asfws2012_keynote2.pdf Olivier Brique, VP Cybersecurity Technology of Swiss company Kudelski offered us an insightful and dynamic dive into the history of his company, initially producing high quality microphone before developing Pay-TV solution and finally announcing, on the 21st of last month, a new cyber […]

Continue reading

ASFWS – A critical analysis of Dropbox software security

Slides available on http://asfws12.files.wordpress.com/2012/11/dropbox-asfws-version.pdf It was a full (or even an overfilled) room, in which several people did not find a seat, which listened to Nicolas Ruff and Florian Ledoux’s presentation. The topic is certainly appealing but the reputation of Nicolas Ruff aka newsoft (“Security researcher, hacker, blogger, serial speaker, troll herder, happy father & […]

Continue reading

« Older posts