BSides Vienna took place last Saturday (21/01/2012) and it was only 3 weeks away from BerlinSides (where I gave the same talk and the same workshop) so the materials I used where almost identical. I decided it was more important to release an OWTF “Vienna” version instead.
However, to keep it simple for the attendants that asked for the slides here are the links:
– “Silent web app testing by example” – 50 minutes: Slides
– “Introducing OWTF workshop” – 2 hours and 40 minutes: Slides, Video demos, Live demo (The live part is what discussed the improvements in the Vienna version, etc). The OWTF project page contains links to everything else. If you have any ideas or feedback of any kind (positive or negative) on this project please do get in touch.
I would like to thank the audience and organisers for their kind words and special thanks to those that made it until the end of my almost 4 hours talking: I never met anybody able to do that until Vienna :).
I think the venue was really nice and the room size was just perfect for the audience. Also nice food and some interesting multi-purpose local sugary beverage “like metasploit” :).
The organisers asked for a contest so I came up with the following trivia questions (btw nobody got the 2nd one right):
Question 1: What is the OWASP Testing Guide item (name and/or code) to review HTML comments?
Answer 1: Testing for application configuration management (OWASP-CM-004).
Link: https://www.owasp.org/index.php/Testing_for_application_configuration_management_(OWASP-CM-004)
Question 2: Name three technologies that allow developers to relax the Same Origin Policy security model
Answer 2: HTML 5 Cross Origin Resource Sharing (CORS), Flash (via crossdomain.xml) and Silverlight (via crossdomain.xml and clientaccesspolicy.xml)