Chaos Computer Club - recent events feed

0 Likes     1 Followers     3 Subscribers

Sign up / Log in to like, follow, recommend and subscribe!

Recommendations


Episodes

Date Title & Description Contributors
2024-11-13

  Closing (god2024)

Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de
  OWASP German Chapter author
2024-11-13

  Modern solutions against Cross-Site Attacks (god2024)

Web security is increasingly an opt-in approach, leaving developers with both the opportunity and the responsibility to protect their applications. This talk will explore why and how developers can secure their sites against evolving threats. We'll de...
  Frederik Braun author
2024-11-13

  Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike (god2024)

Browser extensions are powerful tools that enhance the web browsing experience, offering their users a wide range of functionalities. However, these features can also introduce security and privacy issues for their users, mainly through a technique kno...
  Shubham Agarwal author
2024-11-13

  Protecting Web Applications with Project Foxhound (god2024)

Recent developments in web technologies have seen a paradigm shift from monolithic server-based applications to REST-based microservices with feature-rich browser-based frontends. This progression has brought with it novel classes of security flaws. In...
  Thomas Barber author
2024-11-13

  SSRF: Attacks, Defense and Status Quo (god2024)

Web apps use Server-Side Requests to request data from other servers, e.g., for link previews. However, they are exploited by attackers who might request internal resources or non-public services. This attack is called Server-Side Request Forgery (SSRF...
  Malte Wessels author
2024-11-13

  „Well, What Would You Say if I Said That You Could?” – Scanning for Vulnerabilities Without Getting Into Trouble (god2024)

The need for comprehensive measurements of security and privacy risks on the Web is undeniable as it helps developers in focusing on emerging trends in security. However, large-scale scans for server-side vulnerabilities remains a sensitive topic, due ...
  Florian Hantke, Sebastian Roth author
2024-11-13

  SAP from an Attacker's Perspective – Common Vulnerabilities and Pitfalls (god2024)

As organizations increasingly rely on SAP systems to manage critical business processes, the security of these environments is an increasing challenge for companies and has also been recognized by the OWASP Core Business Application Security (CBAS) pro...
  Nicolas Schickert, Tobias Hamann author
2024-11-13

  Network Fingerprinting for Securing User Accounts - Opportunities and Challenges (god2024)

Network fingerprinting exists for a while and some methods such as JA3 have achieved wide adoption across the industry. Introducing network fingerprinting into login flows can help you stave off attackers. However, there are various challenges that you...
  Stephan Pinto Spindler author
2024-11-13

  The Debian OpenSSL bug and other Public Private Keys (god2024)

In early 2024, hundreds of DKIM setups still used cryptographic keys vulnerable to a bug from 2008 in Debian's OpenSSL package. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github. In 2022, it was discovered that printers g...
  Hanno Böck author
2024-11-13

  GenAI im Threat Modeling (god2024)

Viele Teams stehen vor der Herausforderung, beim Threat Modeling relevante Bedrohungen zu identifizieren, insbesondere wenn nur wenig Security-Expertise vorhanden ist. Die Auswahl und Bewertung von potenziellen Risiken kann für Nicht-Experten schwierig...
  Clemens Hübner author