BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//hacksw/handcal//NONSGML v1.0//EN
CALSCALE:GREGORIAN
BEGIN:VEVENT
DTSTART:20260622T000000
DTEND:20260626T000000
LOCATION:Wien
DESCRIPTION:Die OWASP Global AppSec EU ist eine der bedeutendsten europäischen Fachkonferenzen für Anwendungssicherheit (Application Security). Sie wird von der Non-Profit-Organisation OWASP Foundation veranstaltet\, die weltweit Standards für Softwaresicherheit setzt. Im Jahr 2026 feiert die Konferenz das 25-jährige Jubiläum von OWASP.
Unser Kollege Michael Kuckuk ist mit seinem Vortrag Phishing for Passkeys - An Analysis of WebAuthn and CTAP dabei.
Abstract:
WebAuthn was supposed to replace passwords on the web: uniform\, secure\, manageable authentication for everyone! One of its unique selling points was supposed to be the impossibility of phishing attacks. When Passkeys were introduced\, some of WebAuthn's security principles were watered down in order to achieve some usability improvements and thus reach more widespread adoption.

This presentation discusses the security of Passkeys against phishing attacks. It explains the possibilities for an attacker to gain access to accounts secured with Passkeys using spear phishing\, and what conditions must be met for this to happen. It also practically demonstrates such an attack and discusses countermeasures.

Participants will learn which WebAuthn security principles still apply to Passkeys and which do not. They will learn why Passkeys are no longer completely phishing-proof and how they can evaluate this consideration for their own use of Passkeys.
URL;VALUE=URI:https://www.inovex.de/de/news-events/events/owasp-global-appsec-eu-2026/
SUMMARY:OWASP Global AppSec EU 2026
DTSTAMP:20260525T181315
UID:6a14913bba2c3
END:VEVENT
END:VCALENDAR