{"id":1202,"date":"2011-02-13T17:12:47","date_gmt":"2011-02-13T17:12:47","guid":{"rendered":"http:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/"},"modified":"2011-02-13T17:12:47","modified_gmt":"2011-02-13T17:12:47","slug":"owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka","status":"publish","type":"post","link":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/","title":{"rendered":"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka"},"content":{"rendered":"

V piatok 11.2.2011 skon\u010dil druh\u00fd svetov\u00fd OWASP Summit 2011<\/a>. Podobne ako prv\u00fd OWASP Summit 2008 aj tento sa konal v Portugalsku, nie v\u0161ak vo Fare ale asi 50 km od Lisabonu v pr\u00edjemnom letovisku\u00a0CampoReal<\/a>. OWASP Summitu sa z\u00fa\u010dastnilo mno\u017estvo WebAppSec \u0161pi\u010diek z cel\u00e9ho sveta,\u00a0kompletn\u00fd zoznam \u00fa\u010dastn\u00edkov k dispoz\u00edcii\u00a0<\/span>tu<\/a>.<\/span><\/p>\n

\"\u00da\u010dastn\u00edci<\/a><\/p>\n

\u00da\u010dastn\u00edkov Summitu bolo mo\u017en\u00e9 rozdeli\u0165 do nasleduj\u00facich kateg\u00f3ri\u00ed:<\/span><\/p>\n

1. OWASP board<\/strong> (Dinis Cruz, Tom Brennan, Dave Wichers, Jeff Wiliams, … )<\/p>\n

2. Ved\u00faci OWASP pobo\u010diek po celom svete <\/strong>(z najv\u00e4\u010d\u0161ej dia\u013eky\u00a0pricestoval asi Zaki Akhmad z Indon\u00e9zie, zo slovansk\u00fdch kraj\u00edn sme mali zast\u00fapenie len traja – Wojciech Dworakovski z Krakova, Vlatko Kosturjak zo Zagrebu a ja zo Slovenska)<\/span><\/p>\n

3.<\/strong> Svetov\u00e1 elita WebApsec v\u00fdskumn\u00edkov<\/strong>\u00a0(Mario Heiderich, David Lindsay, Gareth Heyes, David Campbell, Eduardo Vela, Stefano Di Paola, Ryan Barnett, Robert Hansen (Rsnake) a mno\u017estvo \u010fal\u0161\u00edch)<\/p>\n

4. V\u00fdvoj\u00e1ri Firefoxu\/Mozilly<\/strong>\u00a0(Michael Coates, Chris Lyon, Lucas Adamski, Justin Fitzhugh, Brandon Sterne, Chris Hofmann)<\/p>\n

5. V\u00fdvoj\u00e1ri Chrome\/Chromium a Google bezpe\u010dnostn\u00ed experti<\/strong> (Jasvir Nagra, Eduardo Vela, Justin Schuh, Ian Fette)<\/p>\n

6.<\/strong> Mno\u017estvo \u010fal\u0161\u00edch WebAppSec \u0161pecialistov z r\u00f4znych spolo\u010dnost\u00ed<\/strong>\u00a0(Microsoft, Paypal, Facebook, ..) zodpovedn\u00ed za WebAppSec.<\/p>\n

V prvom rade je dobr\u00e9 zd\u00f4razni\u0165, \u017ee ne\u0161lo o „klasick\u00fa“ konferenciu, ale o ve\u013ek\u00e9 mno\u017estvo osobn\u00fdch interakt\u00edvnych stretnut\u00ed „worksessions“ \u0161pecialistov v danej oblasti. Programy stretnut\u00ed boli dva – jeden statick\u00fd<\/a>\u00a0definovan\u00fd dopredu hne\u010f na za\u010diatku konferencie, druh\u00fd dynamick\u00fd<\/a>, ktor\u00fd sa vytv\u00e1ral interekt\u00edvne jeden de\u0148 pred samotn\u00fdmi stretnutiami.<\/span><\/p>\n

Oblas\u0165 prezent\u00e1ci\u00ed bola skuto\u010dne \u0161irok\u00e1, osobne som uprednost\u0148oval technick\u00e9 stretnutia – XSS and the Frameworks, WAF mitigations for XSS, DOM Sandboxing, EcmaScript 5 Security, HTML 5 Security, Mobile Security a in\u00e9.<\/span><\/p>\n

Asi najzauj\u00edmavej\u0161ie bolo sledova\u0165 panelov\u00e9 diskusie, kedy WebAppSec v\u00fdskumn\u00edci na jednej strane (Mario Heiderich, David Lindsay, Gareth Heyes, Stefano Di Paola, \u010di Robert Hansen) vysvet\u013eovali bezpe\u010dnostn\u00e9 probl\u00e9my s\u00fa\u010dasn\u00fdch prehliada\u010dov, \u010di potrebu DOM Sandboxingu samotn\u00fdm v\u00fdvoj\u00e1rom prehliada\u010dov – Firefoxu, \u010di Chrome, ktor\u00ed ich pripomienky upravovali, akceptovali, pr\u00edpadne aj zamietali ako ve\u013emi n\u00e1ro\u010dn\u00e9 na implement\u00e1ciu. Niektor\u00e9 tak\u00e9to v\u00fdmeny n\u00e1zorov boli skuto\u010dne vysoko-technick\u00e9 a bez detailn\u00fdch znalost\u00ed zdrojov\u00fdch k\u00f3dov prehliada\u010dov, h\u013abkov\u00fdch znalost\u00ed EcmaScriptu 5\/HTML5 pre be\u017en\u00e9ho smrte\u013en\u00edka dos\u0165 \u0165a\u017eko pochopite\u013en\u00e9. Po\u010das t\u00fdchto stretnut\u00ed bolo zauj\u00edmav\u00e9 sledova\u0165 diverzitu s\u00fa\u010dasn\u00fdch prehliada\u010dov a ich r\u00f4zne pr\u00edstupy k rie\u0161enie bezpe\u010dnosti (Same-Origin-Policy, \u010di Sandboxing).<\/span><\/p>\n

\u0160peci\u00e1lne ve\u013ek\u00fa rados\u0165 som mal z pr\u00edtomnosti \u013eud\u00ed ako Mario Heiderich, Eduardo Vela, Gareth Heyes, \u010di David Lindsay, ktor\u00ed v\u0161etci \u0161tyria s\u00fa spoluautori novej knihy Web Application Obfuscation<\/a>, ktor\u00e1 predstavovala moju hlavn\u00fa in\u0161pir\u00e1ciu pre nov\u00fa prezent\u00e1ciu t\u00fdkaj\u00facu sa mo\u017enosti obch\u00e1dza\u0165 s\u00fa\u010dasn\u00e9 webov\u00e9 aplika\u010dn\u00e9 firewally (WAFs). Mal som tak skvel\u00fa pr\u00edle\u017eitos\u0165 prakticky konzultova\u0165 v\u0161etky nejasnosti a r\u00f4zne odch\u00fdlky v bezpe\u010dnostn\u00fdch pr\u00edstupoch s\u00fa\u010dasn\u00fdch prehliada\u010dov. Mario Heiderich (autor PHPIDS) na moju ot\u00e1zku, pre\u010do v knihe nepublikovali, ktor\u00e9 konkr\u00e9tne „obfuskovan\u00e9“ vektory je mo\u017en\u00e9 pou\u017ei\u0165 na ob\u00eddenie konkr\u00e9tnej implement\u00e1cie\/verzie webov\u00e9ho aplika\u010dn\u00e9ho firewallu, mi odpovedal, \u017ee aj napriek tomu, \u017ee p\u00f4vodne nad t\u00fdm uva\u017eovali, tak vzh\u013eadom na rozporupln\u00fa „leg\u00e1lnos\u0165“ a siln\u00fd tlak v\u00fdrobcov s\u00fa\u010dasn\u00fdch WAF rie\u0161en\u00ed to nakoniec nespravili.<\/span><\/p>\n

Po\u010das Summitu som sa najviac skamar\u00e1til s talianmi zo spolo\u010dnosti Minded Security<\/a>, mo\u017eno preto lebo som s nimi kv\u00f4li tvorbe novej OWASP Testing Guide v4 tr\u00e1vil najviac \u010dasu.<\/span><\/p>\n

\"S<\/p>\n

S Matteom Meuccim (project leader projektu OWASP Testing Guide a \u0161\u00e9f Talianskej OWASP chapter) sme str\u00e1vili nieko\u013eko hod\u00edn prezentovan\u00edm na\u0161ich pripomienok k novej OWASP Testing Guide v4. K mojim p\u00f4vodn\u00fdm pripomienkam:<\/span><\/p>\n

1. doplnenie nov\u00fdch opensource testovac\u00edch n\u00e1strojov, ktor\u00e9 sa behom posledn\u00fdch 3 rokov objavili, s\u00fa d\u00f4le\u017eit\u00e9 a v OWASP Testing Guide v3 ch\u00fdbaj\u00fa<\/p>\n

2. detailnej\u0161ie rozvies\u0165 kapitolu „Business Logic Testing“ \u0161peci\u00e1lne o konkr\u00e9tne pr\u00edklady typick\u00fdch bezpe\u010dnostn\u00fdch ch\u00fdb v biznis logike aplik\u00e1cie s ktor\u00fdmi sme sa v na\u0161ich detailn\u00fdch bezpe\u010dnostn\u00fdch auditoch stretli<\/span><\/p>\n

3. do sekcie „Session Management Testing“ dop\u00edsa\u0165 kapitolu „Brute force testing“ (ktor\u00e1 sa bude zaobera\u0165 \u00fatokmi a ochranou na session ID hrubou silou) a „Session ID entropy analysis“, kde bud\u00fa detailne rozobrat\u00e9 met\u00f3dy na d\u00f4kladn\u00fa anal\u00fdzu Session ID<\/span><\/div>\n
<\/div>\n
4. do sekcie „Data Validation Testing“ dop\u00edsa\u0165 kapitolu o mo\u017enosti obfuskova\u0165 injektovan\u00fd k\u00f3d, \u010do je ve\u013emi d\u00f4le\u017eit\u00e9 na detailn\u00e9 otestovanie aplik\u00e1cie<\/span><\/div>\n
<\/div>\n
5. oddeli\u0165 f\u00e1zu „Logout and Browser Cache Management“ na samostatn\u00e9 dve kapitoly (nako\u013eko ide o 2 odli\u0161n\u00e9 veci)<\/div>\n
<\/div>\n
som pridal a prezentoval \u010fal\u0161ie 2 body t\u00fdkaj\u00facich sa CSS-related \u00fatokov, ktor\u00e9 je potrebn\u00e9 zahrn\u00fa\u0165 do OWASP Testing Guide v4.0:<\/div>\n
<\/div>\n
6. „Redressing“ \u00fatoky na pou\u017e\u00edvate\u013esk\u00e9 rozhranie ako Clickjacking<\/strong> – s jednoduch\u00fdm popisom ako na \u00farovni javascriptu znemo\u017e\u0148i\u0165 „framing“, teda obsluhu str\u00e1nky, ktorej obsah je „frameovan\u00fd“<\/div>\n
<\/div>\n
7. CSS History hack – toto je s\u00edce prim\u00e1rne probl\u00e9m prehliada\u010dov, ale je mo\u017en\u00e9 sa do istej miery chr\u00e1ni\u0165 aj na \u00farovni aplik\u00e1ci\u00ed, napr\u00edklad neposielan\u00edm citliv\u00fdch \u00fadajov cez GET \u017eiadosti, ktor\u00e9 sa ukladaj\u00fa v hist\u00f3rii prehliada\u010da a s\u00fa teda predmetom CSS History \u00fatokov.<\/div>\n
<\/div>\n
V\u0161etky uveden\u00e9 pripomienky boli \u00faspe\u0161ne prijat\u00e9, Stefano Di Paola podporil my\u0161lienku rozp\u00edsa\u0165 tvorbu obfuscovan\u00fdch \u00fatokov v sekcii „Data validation testing“. Sekcia „Brute force testing“ bude zjednoten\u00e1 (ako pre loginy\/hesl\u00e1, tak pre session ID).
\nPri tejto pr\u00edle\u017eitosti mi Stefano uk\u00e1zal svoj nov\u00fd n\u00e1stroj DOMIntruder, ktor\u00fd pl\u00e1nuje o p\u00e1r mesiacov zverejni\u0165. Je to zrejme prv\u00fd prakticky pou\u017eite\u013en\u00fd n\u00e1stroj na „taint“ dynamick\u00fa anal\u00fdzu vstupov (konkr\u00e9tne re\u0165azcov) v javascripte a h\u013eadanie DOM-XSS zranite\u013enost\u00ed. DOMIntruder „on-the-fly“ overridne p\u00e1r javascriptov\u00fdch funkci\u00ed a dok\u00e1\u017ee presne zanalyzova\u0165 ak\u00fdm sp\u00f4sobom sa v aplik\u00e1ci\u00ed roz\u0161iruj\u00fa zne\u010disten\u00e9 („tainted“) pou\u017e\u00edvate\u013esk\u00e9 vstupy. T\u00fdm p\u00e1dom odpad\u00e1 potreba pri detailnom audite analyzova\u0165 stovky, \u010di tis\u00edcky riadkov javascriptu\/AJAXu, nako\u013eko DOMIntruder automaticky odhal\u00ed, ktor\u00e9 presn\u00e9 vstupy s\u00fa zauj\u00edmav\u00e9 na injektovanie nebezpe\u010dn\u00e9ho obsahu. Stefano pomocou uveden\u00e9ho n\u00e1stroja objavil obrovsk\u00e9 mno\u017estvo DOM-based XSS zranite\u013enost\u00ed na svetov\u00fdch weboch. Jeho DOM XSS Wiki<\/a>\u00a0stoj\u00ed ur\u010dite za pre\u010d\u00edtanie.<\/div>\n
<\/div>\n
Nemenej zauj\u00edmav\u00e9 bolo stretnutie l\u00eddrov OWASP pobo\u010diek z cel\u00e9ho sveta, kde sa rie\u0161ili hlavne odli\u0161nosti fungovania jednotliv\u00fdch pobo\u010diek v r\u00f4znych \u0161t\u00e1toch sveta ako aj odli\u0161n\u00e9 sp\u00f4soby financovania hlavne medzi USA a krajinami EU. Uveden\u00e9 stretnutie ma definit\u00edvne nabudilo na spustenie pravideln\u00fdch WebAppSec stretnut\u00ed v Bratislave.<\/div>\n
<\/div>\n
Nako\u013eko n\u00e1\u0161 nov\u00fd priestor v Progressbare<\/a> na Cukrovej ulici v Bratislave je u\u017e plne funk\u010dn\u00fd, 3.3.2011 o 19:00 \u0161tartujeme pravideln\u00e9 (mesa\u010dn\u00e9) OWASP WebAppSec stretnutia. Hne\u010f prv\u00e1 prezent\u00e1cia bude ve\u013emi technick\u00e1 \u00a0a bude sa t\u00fdka\u0165 \u00a0mo\u017enosti obch\u00e1dzania webov\u00fdch aplika\u010dn\u00fdch firewallov, viac inform\u00e1cii o predn\u00e1\u0161ke –\u00a0Bypassing Web Application Firewalls (WAFs)<\/a>.<\/div>\n
<\/div>\n
U\u017e teraz sa na to ve\u013emi te\u0161\u00edm a pevne ver\u00edm, \u017ee o bezpe\u010dnos\u0165 webov\u00fdch aplik\u00e1ci\u00ed bude na Slovensku minim\u00e1lne tak\u00fd z\u00e1ujem ako je teraz v zahrani\u010d\u00ed.<\/div>\n","protected":false},"excerpt":{"rendered":"

V piatok 11.2.2011 skon\u010dil druh\u00fd svetov\u00fd OWASP Summit 2011. Podobne ako prv\u00fd OWASP Summit 2008 aj tento sa konal v Portugalsku, nie v\u0161ak vo Fare ale asi 50 km od Lisabonu v pr\u00edjemnom letovisku\u00a0CampoReal. OWASP Summitu sa z\u00fa\u010dastnilo mno\u017estvo WebAppSec \u0161pi\u010diek z cel\u00e9ho sveta,\u00a0kompletn\u00fd zoznam \u00fa\u010dastn\u00edkov k dispoz\u00edcii\u00a0tu. \u00da\u010dastn\u00edkov Summitu bolo mo\u017en\u00e9 rozdeli\u0165 do nasleduj\u00facich […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13],"tags":[560,561,40,562,563],"class_list":["post-1202","post","type-post","status-publish","format-standard","hentry","category-uncategorized-sk","tag-mario-heiderich-sk","tag-matteo-meucci-sk","tag-owasp","tag-owasp-summit-sk","tag-stefano-di-paola-sk"],"yoast_head":"\nOWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka - Nethemba<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka - Nethemba\" \/>\n<meta property=\"og:description\" content=\"V piatok 11.2.2011 skon\u010dil druh\u00fd svetov\u00fd OWASP Summit 2011. Podobne ako prv\u00fd OWASP Summit 2008 aj tento sa konal v Portugalsku, nie v\u0161ak vo Fare ale asi 50 km od Lisabonu v pr\u00edjemnom letovisku\u00a0CampoReal. OWASP Summitu sa z\u00fa\u010dastnilo mno\u017estvo WebAppSec \u0161pi\u010diek z cel\u00e9ho sveta,\u00a0kompletn\u00fd zoznam \u00fa\u010dastn\u00edkov k dispoz\u00edcii\u00a0tu. \u00da\u010dastn\u00edkov Summitu bolo mo\u017en\u00e9 rozdeli\u0165 do nasleduj\u00facich […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:published_time\" content=\"2011-02-13T17:12:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lh4.googleusercontent.com\/_35IkfpcPSFE\/TVQepKF3JQI\/AAAAAAAAARI\/IE2wptlP-XM\/s720\/IMG_5677_DM.jpg\" \/>\n<meta name=\"author\" content=\"Pavol Lupt\u00e1k\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@nethemba\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pavol Lupt\u00e1k\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 min\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/\"},\"author\":{\"name\":\"Pavol Lupt\u00e1k\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"headline\":\"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka\",\"datePublished\":\"2011-02-13T17:12:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/\"},\"wordCount\":1267,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/_35IkfpcPSFE\\\/TVQepKF3JQI\\\/AAAAAAAAARI\\\/IE2wptlP-XM\\\/s720\\\/IMG_5677_DM.jpg\",\"keywords\":[\"mario heiderich\",\"matteo meucci\",\"OWASP\",\"owasp summit\",\"stefano di paola\"],\"articleSection\":[\"Uncategorized @sk\"],\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/\",\"name\":\"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/_35IkfpcPSFE\\\/TVQepKF3JQI\\\/AAAAAAAAARI\\\/IE2wptlP-XM\\\/s720\\\/IMG_5677_DM.jpg\",\"datePublished\":\"2011-02-13T17:12:47+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#primaryimage\",\"url\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/_35IkfpcPSFE\\\/TVQepKF3JQI\\\/AAAAAAAAARI\\\/IE2wptlP-XM\\\/s720\\\/IMG_5677_DM.jpg\",\"contentUrl\":\"https:\\\/\\\/lh4.googleusercontent.com\\\/_35IkfpcPSFE\\\/TVQepKF3JQI\\\/AAAAAAAAARI\\\/IE2wptlP-XM\\\/s720\\\/IMG_5677_DM.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/domov\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#\\\/schema\\\/person\\\/5f4ba68c8e1a2013d30e0804245b8234\",\"name\":\"Pavol Lupt\u00e1k\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g\",\"caption\":\"Pavol Lupt\u00e1k\"},\"sameAs\":[\"https:\\\/\\\/www.nethemba.com\\\/\"],\"url\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/author\\\/nethemba-admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka - Nethemba","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/","og_locale":"sk_SK","og_type":"article","og_title":"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka - Nethemba","og_description":"V piatok 11.2.2011 skon\u010dil druh\u00fd svetov\u00fd OWASP Summit 2011. Podobne ako prv\u00fd OWASP Summit 2008 aj tento sa konal v Portugalsku, nie v\u0161ak vo Fare ale asi 50 km od Lisabonu v pr\u00edjemnom letovisku\u00a0CampoReal. OWASP Summitu sa z\u00fa\u010dastnilo mno\u017estvo WebAppSec \u0161pi\u010diek z cel\u00e9ho sveta,\u00a0kompletn\u00fd zoznam \u00fa\u010dastn\u00edkov k dispoz\u00edcii\u00a0tu. \u00da\u010dastn\u00edkov Summitu bolo mo\u017en\u00e9 rozdeli\u0165 do nasleduj\u00facich […]","og_url":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_published_time":"2011-02-13T17:12:47+00:00","og_image":[{"url":"https:\/\/lh4.googleusercontent.com\/_35IkfpcPSFE\/TVQepKF3JQI\/AAAAAAAAARI\/IE2wptlP-XM\/s720\/IMG_5677_DM.jpg","type":"","width":"","height":""}],"author":"Pavol Lupt\u00e1k","twitter_card":"summary_large_image","twitter_creator":"@nethemba","twitter_site":"@nethemba","twitter_misc":{"Autor":"Pavol Lupt\u00e1k","Predpokladan\u00fd \u010das \u010d\u00edtania":"6 min\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#article","isPartOf":{"@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/"},"author":{"name":"Pavol Lupt\u00e1k","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"headline":"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka","datePublished":"2011-02-13T17:12:47+00:00","mainEntityOfPage":{"@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/"},"wordCount":1267,"commentCount":0,"image":{"@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#primaryimage"},"thumbnailUrl":"https:\/\/lh4.googleusercontent.com\/_35IkfpcPSFE\/TVQepKF3JQI\/AAAAAAAAARI\/IE2wptlP-XM\/s720\/IMG_5677_DM.jpg","keywords":["mario heiderich","matteo meucci","OWASP","owasp summit","stefano di paola"],"articleSection":["Uncategorized @sk"],"inLanguage":"sk-SK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/","url":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/","name":"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#primaryimage"},"image":{"@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#primaryimage"},"thumbnailUrl":"https:\/\/lh4.googleusercontent.com\/_35IkfpcPSFE\/TVQepKF3JQI\/AAAAAAAAARI\/IE2wptlP-XM\/s720\/IMG_5677_DM.jpg","datePublished":"2011-02-13T17:12:47+00:00","author":{"@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234"},"breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#primaryimage","url":"https:\/\/lh4.googleusercontent.com\/_35IkfpcPSFE\/TVQepKF3JQI\/AAAAAAAAARI\/IE2wptlP-XM\/s720\/IMG_5677_DM.jpg","contentUrl":"https:\/\/lh4.googleusercontent.com\/_35IkfpcPSFE\/TVQepKF3JQI\/AAAAAAAAARI\/IE2wptlP-XM\/s720\/IMG_5677_DM.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/owasp-summit-2011-alebo-ked-sa-stretne-svetova-webappsec-spicka\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"OWASP Summit 2011 alebo ke\u010f sa stretne svetov\u00e1 WebAppSec \u0161pi\u010dka"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Person","@id":"https:\/\/nethemba.com\/de\/#\/schema\/person\/5f4ba68c8e1a2013d30e0804245b8234","name":"Pavol Lupt\u00e1k","image":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/978b23022518d076eaa243b375d2e0272af4f00dd502ce79cc357276d9bc2495?s=96&d=mm&r=g","caption":"Pavol Lupt\u00e1k"},"sameAs":["https:\/\/www.nethemba.com\/"],"url":"https:\/\/nethemba.com\/sk\/author\/nethemba-admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/1202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=1202"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/posts\/1202\/revisions"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=1202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/categories?post=1202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/tags?post=1202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}