[germany-chapter] DD.MM.YYY 18:00 OWASP Stammtisch Stuttgart: From Protocol to Practice: Secure and Responsible MCP Server Operations
8 views
Skip to first unread message
Sven Strittmatter
Nov 6, 2025, 10:56:08 AMNov 6
to germany...@owasp.org
Hello 👋
Nothing planned for 19.11.25 evening? It's OWASP Stammtich Stuttgart
again from
18:00 in the premises of iteratec GmbH (Zettachring 6, 70567 Stuttgart).
Topic: From Protocol to Practice: Secure and Responsible MCP Server
Operations
The Model Context Protocol (MCP) enables AI systems to interact with
external
resources, creating powerful extensibility alongside significant
security risks.
This live demonstration dissects MCP architectures from attack and defense
perspectives.
The session opens with manual MCP client-server interaction, demonstrating
communication protocols and trust boundaries. We then examine a hardened
local
MCP deployment implementing sandboxing, capability restrictions, and
least-privilege controls.
Through live coding, we build a custom MCP server extending AI
capabilities with
external system accessrevealing common pitfalls in permission models and
data
flow controls. The demonstration then weaponizes this server, letting the AI
perform malicious MCP interactions.
The session concludes with collaborative discussion on defense-in-depth
strategies and practical hardening techniques.
Speaker: Jan Kaupe
Jan is a Senior Software Engineer at iteratec. His focus is on developing
accessible and secure web applications. He enjoys experimenting with
security
concepts in his spare time. Jan's goal is to bridge the gap between
theoretical
security and practical, everyday engineering.
Details:
https://www.meetup.com/de-DE/owasp-stuttgart-chapter/events/305584793/
CU
--sven
Nothing planned for 19.11.25 evening? It's OWASP Stammtich Stuttgart
again from
18:00 in the premises of iteratec GmbH (Zettachring 6, 70567 Stuttgart).
Topic: From Protocol to Practice: Secure and Responsible MCP Server
Operations
The Model Context Protocol (MCP) enables AI systems to interact with
external
resources, creating powerful extensibility alongside significant
security risks.
This live demonstration dissects MCP architectures from attack and defense
perspectives.
The session opens with manual MCP client-server interaction, demonstrating
communication protocols and trust boundaries. We then examine a hardened
local
MCP deployment implementing sandboxing, capability restrictions, and
least-privilege controls.
Through live coding, we build a custom MCP server extending AI
capabilities with
external system accessrevealing common pitfalls in permission models and
data
flow controls. The demonstration then weaponizes this server, letting the AI
perform malicious MCP interactions.
The session concludes with collaborative discussion on defense-in-depth
strategies and practical hardening techniques.
Speaker: Jan Kaupe
Jan is a Senior Software Engineer at iteratec. His focus is on developing
accessible and secure web applications. He enjoys experimenting with
security
concepts in his spare time. Jan's goal is to bridge the gap between
theoretical
security and practical, everyday engineering.
Details:
https://www.meetup.com/de-DE/owasp-stuttgart-chapter/events/305584793/
CU
--sven
Reply all
Reply to author
Forward
0 new messages