))
Der Chaos Computer Club ist die größte europäische Hackervereinigung, und seit über 25 Jahren Vermittler im Spannungsfeld technischer und sozialer Entwicklungen.
…
continue reading
1
ARRtist on AIR - Meaningful conversations with Software & AI leaders
Jannis Bandorski, Julius Göllner and Matthias Ernst (Founder of B2B SaaS network ARRtist)
2
271
We talk about building software companies in Europe. In the ARRtist on AIR podcast, successful B2B SaaS founders, top investors, leading industry partners and experts provide their hard learnings, valuable tips and insights beyond the obvious. In the interviews, we talk to them about how software founders can increase ARR, how to scale an organisation, and which go-to-market strategies lead to success in the DACH market. How to improve the most important KPIs in SaaS and for B2B software? Wh ...
…
continue reading
In diesem Podcast zeige ich euch wie ihr das Maximum aus der Affiliate Blackbox herausholt und euch damit ein fettes passives Einkommen aufbaut. Du kennst die Blackbox noch nicht? Besuche unser kostenloses Webinar: http://bit.ly/2wKzrEV
…
continue reading
Der Chaos Computer Club ist die größte europäische Hackervereinigung, und seit über 25 Jahren Vermittler im Spannungsfeld technischer und sozialer Entwicklungen.
…
continue reading
All about Multi Touch: How to build your on Multi Touch Table and how to improve it. Advancements in HCI offer opportunities for the construction of low cost multi-touch displays. These display, capable of sensing fingers, hands, and whole arms, can be constructed from readily available components. Although this work has been presented in an academic setting, the steps involved in building a high quality FTIR enabled surface, on a software and hardware level, are not trivial. contact: j.scho ...
…
continue reading
Der Chaos Computer Club ist die größte europäische Hackervereinigung, und seit über 25 Jahren Vermittler im Spannungsfeld technischer und sozialer Entwicklungen.
…
continue reading
1
271: Pennylane vs. DATEV? How a French unicorn wants to shake up the German accounting market
47:55
Mit Pennylane - Deutschlandchef Tobias Janiesch Tobias Janiesch, Deutschland-Geschäftsführer von Pennylane, erklärt im Gespräch mit Jannis Bandorski, wie der französische Milliarden-Fintech-Player den deutschen Markt erobern will. Wir sprechen über Internationalisierung, den Kampf um Flagship-Kanzleien, KI-gestützte Buchhaltung, Remote-Kultur mit ü…
…
continue reading
1
Barrierefreiheit: Das Internet ist für alle da (dgna)
1:17:48
1:17:48
در پخش در آینده
در پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
1:17:48
Digitale Dienstleistungen und Angebote sind aus dem Alltag nicht mehr wegzudenken. Von reiner Informationsvermittlung bis zur KI-Interaktion: Das Web ist unser ständiger Begleiter. Was aber tun all jene Menschen, die aufgrund von körperlichen oder geistigen Beeinträchtigungen nur bedingt oder im schlimmsten Fall gar nicht am Netz teilhaben können?D…
…
continue reading
1
Barrierefreiheit: Das Internet ist für alle da (dgna)
1:17:48
1:17:48
در پخش در آینده
در پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
1:17:48
Digitale Dienstleistungen und Angebote sind aus dem Alltag nicht mehr wegzudenken. Von reiner Informationsvermittlung bis zur KI-Interaktion: Das Web ist unser ständiger Begleiter. Was aber tun all jene Menschen, die aufgrund von körperlichen oder geistigen Beeinträchtigungen nur bedingt oder im schlimmsten Fall gar nicht am Netz teilhaben können?D…
…
continue reading
1
Barrierefreiheit: Das Internet ist für alle da (dgna)
1:17:48
1:17:48
در پخش در آینده
در پخش در آینده
لیست ها
پسندیدن
دوست داشته شد
1:17:48
Digitale Dienstleistungen und Angebote sind aus dem Alltag nicht mehr wegzudenken. Von reiner Informationsvermittlung bis zur KI-Interaktion: Das Web ist unser ständiger Begleiter. Was aber tun all jene Menschen, die aufgrund von körperlichen oder geistigen Beeinträchtigungen nur bedingt oder im schlimmsten Fall gar nicht am Netz teilhaben können?D…
…
continue reading
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deتوسط OWASP German Chapter
…
continue reading
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deتوسط OWASP German Chapter
…
continue reading
Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deتوسط OWASP German Chapter
…
continue reading
OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…
…
continue reading
OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…
…
continue reading
OWASP Juice Shop went through some significant renovation and enhancements over the last year in order to keep current with the underlying Node.js and Angular frameworks. MultiJuicer was entirely rewritten in GoLang and is now faster and more reliable than ever before. All Juice Shop side-projects have been migrated to TypeScript and brought to a c…
…
continue reading
Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deتوسط Torsten Gigler
…
continue reading
Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deتوسط Torsten Gigler
…
continue reading
Der Kurzvortrag stellt den aktuellen Stand der OWASP Top 10:2025 vor, mit etwas Glück haben wir bis dahin schon mehr...Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/about this event: https://c3voc.deتوسط Torsten Gigler
…
continue reading
Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…
…
continue reading
1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025)
21:12
Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…
…
continue reading
1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025)
21:12
Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…
…
continue reading
Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…
…
continue reading
Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresse…
…
continue reading
1
Der Cyber Resilience Act: Wie OWASP für die Software-Hersteller eine entscheidende Rolle spielen kann (god2025)
21:12
Der Cyber Resilience Act, kurz CRA, ist eine neue Verordnung der EU und tritt im Dezember 2027 vollständig in Kraft. Das Kernelement der Verordnung ist die Softwaresicherheit für alle so genannten „Produkte mit digitalen Elementen“, die auf dem EU-Markt kommerziell angeboten werden. Diese umfassen sowohl vernetzte Hardware-Produkte, in denen Firmwa…
…
continue reading
Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…
…
continue reading
As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…
…
continue reading
Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…
…
continue reading
Coding Assistants wie Github Copilot, Cursor oder Claude versprechen einen Effizienzboost für die Softwareentwicklung. Doch welchen Einfluss hat die Nutzung dieser Tools auf die Software Security?Dieser Vortrag analysiert die Vor- und Nachteile von Coding Assistants in Hinblick auf die Sicherheit des entstehenden Codes. Er gibt einen Überblick über…
…
continue reading
As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…
…
continue reading
As a CISO (or any other security expert) in the area of AI, you can find yourself in increasingly challenging and sometimes bizarre AI-related situations not unlike Alice's adventures in Wonderland.Depending on whom you speak to, people either have high (inflated?) expectations about the (magic?) benefits of AI for security efforts, or try to expla…
…
continue reading
We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …
…
continue reading
1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025)
24:42
Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…
…
continue reading
We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …
…
continue reading
1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025)
24:42
Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…
…
continue reading
We hacked 7 of the16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk.Licensed …
…
continue reading
1
"I have no idea how to make it safer": Security and Privacy Mindsets of Browser Extension Developers (god2025)
24:42
Browser extensions are a powerful part of the Web ecosystem as they extend browser functionality and let users personalize their online experience. But with higher privileges than regular web apps, extensions bring unique security and privacy risks. Much like web applications, vulnerabilities often creep in, not just through poor implementation, bu…
…
continue reading
Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…
…
continue reading
Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…
…
continue reading
1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025)
24:38
Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…
…
continue reading
Do you always read the documentation before using a function in your languages' standard library? This talk explores the attack surface of a special feature in PHP which is easy to misuse with unforseen consequences. The `extract` function allows to replace the value of local variables named after the keys in an array. Calling it with user-controll…
…
continue reading
1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025)
24:38
Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…
…
continue reading
1
MCP security hot potato: how to stay secure integrating external tools to your LLM (god2025)
24:38
Model Context Protocol (MCP) is the latest hot topic in cybersecurity. Business wants it (AI is the new mantra), developers are excited (new toys, new code), and security teams are left to make it safe—often with already packed schedules. Let's treat it like just another Tuesday. Like many shiny new technologies (remember the early days of cloud?),…
…
continue reading
Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…
…
continue reading
Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…
…
continue reading
Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…
…
continue reading
Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…
…
continue reading
Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe. In our talk, we will share how we managed to exploit all devices running CarPlay using a singl…
…
continue reading
Threat modeling stands at a critical juncture. While essential for creating secure systems, it remains mostly manual, handcrafted, and often too slow for today's development cycles. At the same time, automation and AI offer new levels of speed and scalability— but how much can we rely on them?This talk explores the tension between automation and hu…
…
continue reading
WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…
…
continue reading
WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…
…
continue reading
In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…
…
continue reading
WebAuthn was supposed to replace swords on the web: uniform, secure, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When passkeys were introduced, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach…
…
continue reading
In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…
…
continue reading
In this presentation, we will highlight how threat modeling, as a proactive measure, can increase security in DevOps projects.We will introduce OWASP Cumulus, a threat modeling card game designed for threat modeling the Ops part of DevOps processes. This game (in combination with similar games like Elevation of Privilege or OWASP Cornucopia) enable…
…
continue reading
The OWASP secureCodeBox project aims to provide a unified way to run and automate open-source scanning tools like nmap, nuclei, zap, ssh-audit, and sslyze to continuously scan the code and infrastructure of entire organizations.This allows setting up automated scans that will regularly scan internal networks and internet-facing systems for vulnerab…
…
continue reading
