https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Connor+CarrOWASP - User contributions [en]2026-05-06T12:55:43ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Newcastle&diff=254917Newcastle2019-09-24T10:48:21Z<p>Connor Carr: Added Cian's slides</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr], [mailto:robin.fewster@owasp.org Robin Fewster] and [mailto:andrew.pannell@owasp.org Andi Pannell]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
= Upcoming Events =<br />
'''Next Event:'''<br />
<br />
03/12/2019<br />
<br />
Keep updated and in touch using the [https://groups.google.com/a/owasp.org/forum/#!forum/newcastle-chapter chapter mailing list] and/or Twitter [https://twitter.com/OWASP_Newcastle @OWASP_Newcastle] and/or [https://owasp.slack.com/messages/C0CLHS45S Slack].<br />
<br />
= Past Events =<br />
'''2019 Dates'''<br />
----<br />
<br />
23/09/2019 from 18:00 to 21:00 at Northumbria University, City Campus East<br />
<br />
'''Talk 1'''<br />
<br />
Title: Stalk Awareness - [https://www.owasp.org/images/2/25/OWASP-Newcastle.pdf Slides]<br />
<br />
Speaker: Cian (@nscrutables)<br />
<br />
Description: We often focus on nation states and corporation's role in eroding our privacy and expanding omnipresent surveillance worldwide, meanwhile an entire niche industry that caters to regular consumers who want similar spying capabilities has slipped largely under the radar. Mobile apps that are designed to enable toxic and abusive behavior are being openly sold on the internet, marketed directly to abusers, these apps have come to be termed "stalkerware".<br />
<br />
This talk will present analysis of the stalkerware industry, its products, marketing and the scope of the problem it represents, as well as potential solutions. I'll be examining these topics from both<br />
<br />
a technical and non-technical standpoint, based on many months of personal research.<br />
<br />
'''Talk 2'''<br />
<br />
Title: Rethinking Threat Intelligence - a quick glance at intelligence led risk management - [https://www.owasp.org/images/c/cc/IntelligenceLedRiskManagement.pptx Slides]<br />
<br />
Speaker: Adam Pickering (<nowiki>https://twitter.com/Adam_P81</nowiki>)<br />
<br />
Description: 45 min chat about rethinking how we use threat intelligence capabilities within enterprise to bring about changes to the way we deploy countermeasures against threat actors<br />
----13/06/2019 from 18:00 to 21:00 at Eagle Lab Newcastle, Tus Park<br />
<br />
Red Team versus Blue Team event<br />
<br />
'''Talk 1: Red Teaming a view from the field'''<br />
<br />
Speakers: Andi Pannell (<nowiki>https://twitter.com/dr0idandy</nowiki>) , Robin Fewster (<nowiki>https://twitter.com/listenerstation</nowiki>), Gavin Johnson-Lynn (<nowiki>https://twitter.com/gav_jl</nowiki>)<br />
<br />
Description: A talk about what red teaming is, how it is different from a penetration test, and then we’ll reveal some hardware we use during red team engagements and some success stories.<br />
<br />
'''Talk 2: Protecting the museum – HIPS'''<br />
Speaker: Marek Banas<br />
Description: How you can minimise the manual labour with increasing the security on legacy servers, plus some issues we hit while choosing the solutions, challenges we had.<br />
<br />
Event is detailed here: [https://www.meetup.com/OWASP-Newcastle-Chapter/events/260856686/ OWASP Newcastle Meetup June 2019]<br />
----26/02/2019 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-403.<br />
<br />
'''Talk 1: Matt Wixey (@darkartlab)'''<br />
<br />
The talk will be three smaller talks, covering: <br />
# Remote online social engineering (how attackers use catfishing techniques) <br />
# Hacking with light and sound (using infrared, ultrasound, and lasers to exfiltrate data and disrupt sensors) <br />
# Attack linkage (using granular attack behaviours to link different cyber attacks)<br />
'''Talk 2: Kathryn Cardose (@AGeordieLass)'''<br />
<br />
"Getting stakeholders on board".<br />
* So you’ve nailed the tech, you’ve found the controls, you’ve requested remediation.....how do you get stakeholders of all levels to buy in and support security?<br />
----'''2018 Dates'''<br />
----25/09/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-402.<br />
<br />
Speakers:<br />
* '''Andy Ferguson: "Don't tell your Big Brother" Encryption tips and tricks.''' <br />
* '''Gavin Johnson-Lynn: My Path to CSSLP.''' Join me on a journey from a vague knowledge of security to gaining a valued security certification. For anyone considering certification as a route to success, self-improvement, or even just some thoughts on how I approached it. We’ll look at what I learned and how I learned it, including some tricks I picked up along the way to help cram information into my brain (and keep it there). <br />
The event is detailed here: https://www.eventbrite.com/e/owasp-newcastle-september-2018-meetup-tickets-49842084015<br />
----26/06/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-402.<br />
We held our first CTF (Capture The Flag) event.<br />
<br />
The CTF event was facilitated by Secarma. The attendees were split into groups, each group had their own sandboxed environment to connect into, and prizes were offered to the teams who captured the most flags. The event is detailed here: [https://www.eventbrite.com/e/owasp-newcastle-june-2018-capture-the-flag-tickets-43192186994?aff=eac2 https://www.eventbrite.com/e/owasp-newcastle-june-2018-capture-the-flag-tickets-43192186994]<br />
----27/03/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-402.<br />
<br />
Speakers<br />
* '''Andi Pannell: The Internet of (broken) things.''' This talk will focus on the internet of things, how we’re connecting everything to the internet now, because why not add a WiFi connection to your Fridge? And how security is unlikely to be a consideration when making these products. I’ll also talk about DefCon, as last year my company sent a team of us to DefCon 25 in Las Vegas, explaining what DefCon is, what happens there, and how we won the IoT Village 0-day contest and I'll conclude with a '''live hacking demo'''.<br />
* '''Colin Watson: An introduction to the OWASP automated threats to web applications.''' Web applications are subjected to unwanted automated usage – day in, day out. The vast majority of these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Also, excessive misuse is often mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the attacker’s primary intent. [https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_Applications Project page] | [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf Handbook PDF file] | [http://www.lulu.com/shop/owasp-foundation/automated-threat-handbook/paperback/product-23540699.html Handbook print version] | [https://www.owasp.org/index.php/File:AutomatedThreats-Newcastle-20180327.pptx Newcastle PPT presentation]<br />
----<br />
<br />
30/01/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-008.<br />
<br />
Speakers<br />
* '''Neil Dixley: Code that fights back.''' Lessons from the gaming world on detecting and responding to attacks on software assets. An introduction to proactive software security including a philosophical look at how far we should go to protect our apps.<br />
<br />
* '''Luke Sadler: Practical demonstration of mobile software penetration'''. Luke Sadler walks us through hands on examples of cracking mobile technology.<br />
----'''2017 Dates'''<br />
----<br />
<br />
21/11/2017 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-024.<br />
<br />
Speakers:<br />
* '''Lorenzo Grespan: Explain hacking in ten minutes.''' Bio: Lorenzo Grespan is a computer scientist currently working as an application security specialist for Secarma, Ltd. While his main interest has always been computer security, he also worked as a developer, systems administrator and project manager for a research effort in robotic surgery. His background is in computational neuroscience, neural networks and evolutionary systems and he likes to solve interesting problems at the intersection of people and technology. Talk (30 minutes): Recently I had to show a 10-minute "live hack" to a non-technical audience. As an introvert and a geek my main effort was in maintaining technical accuracy, however what made the audience go "aha!" turned out to be what for me was the least significant detail of the entire demo. In this talk I will show the hack, share the lessons learned and discuss how to communicate security concerns to non technical stakeholders, higher management and end users. [[Media:OWASPNCL LG 21112017.pdf]]<br />
<br />
* '''Robin Sillem:''' '''Building a Development Environment That's 'Secure Enough'.''' This will be a discussion of how a team at DWP is using modern DevOps practices to create a dev/build/test platform secure enough for development of services handling large volumes of UK citizen data. [[Media:Modern_DevOps_and_security.pptx]]<br />
----<br />
<br />
19/09/2017 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-024.<br />
<br />
Speakers: <br />
* '''Gareth Dixon: Running a security event using OWASP Security Shepherd.''' In this talk I will cover running a security event using [[OWASP Security Shepherd]]. The event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications. This talk will cover the project planning stage, through execution to the project retrospective. [[Media:Security_Shepherd.pptx]]<br />
* '''Mike Goodwin: Enter the (Threat ) Dragon:Threat Modeling with OWASP Threat Dragon'''. Threat modelling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to Windows or not free. [[OWASP Threat Dragon]] is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood. Mike the the project leader for Threat Dragon, so if you want to contribute, he would be very pleased to speak to you. [[Media:Owasp_threat_dragon_201709_.pptx]]<br />
----<br />
<br />
'''2016 Dates'''<br />
<br />
----<br />
<br />
23/08/2016 from 18:00 to 21:00 at The Auditorium - Bunker Coffee and Kitchen 9-11 Carliol Square, Newcastle-upon-Tyne, NE1 6UF.<br />
<br />
Speakers: <br />
<br />
* '''Andrew Pannell: 50 Million Downloads and All I Got Was Malware.''' How is it a free Android application that has been downloaded more times than WhatsApp can turn your phone into malware, sending your private data to China and inserting adverts? I’ll be discussing my journey of researching mobile malware and how you can too. [https://www.droidandy.com/uploads/50MillionDownloads.pdf]<br />
* '''Colin Watson: OWASP Cornucopia.''' OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example eCommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats. The game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities. Bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [https://www.owasp.org/index.php/File:OwaspNCL-cornucopia-colinwatson.odp]<br />
<br />
----<br />
<br />
'''2015 Dates'''<br />
<br />
----<br />
<br />
24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
Speakers: <br />
* '''Ben Lee''' and '''Ross Dargan''': '''The problems with proving identity.''' In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers. The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…* (*Talk may not be historically accurate! ;)) [[Media: OWASPNewcastle_the_problem_with_proving_identity.pptx]]<br />
* '''Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks.''' The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities. Take a copy of the game away with you - it is suitable for developers of all sizes. [[Media: Owaspnewcastle-snakesandladders.pptx]]<br />
* '''Michael Haselhurst - Automated Security Testing Using The ZAP API.''' This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi. [[Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx]]<br />
* '''Mike Goodwin - Real world defence in depth (part 1).''' Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality. [[Media: Owaspnewcastle-real_world_defence_in_depth.pptx]]<br />
----<br />
<br />
29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
Speakers:<br />
<br />
* '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf |Media: CSP_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]<br />
* '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]<br />
<br />
----<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' [[Media: OWASP_Honeypots.odp]] <br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.''' [[Media: OWASP_Security_Containerisation.ppt]]<br />
----<br />
<br />
29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs. [[Media: An_introduction_to_penetration_testing.pptx]] <br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. [[Media: Threat_Modeling_Presentation.pptx]] <br />
----<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
----<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Robin Fewster|Robin Fewster]]<br />
* [[User:Andi Pannell|Andi Pannell]]<br />
<br />
We are always happy to hear from people who want to contribute to the chapter as a leader.<br />
<br />
= Slack =<br />
OWASP Newcastle has a slack group which you're welcome to join and chat to us! You can join us [https://owasp.slack.com/messages/C0CLHS45S Here]<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter events and corporate sponsorship officer [mailto:katy.l.buller@pwc.com Katy Buller].<br />
<br />
Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events (this list is moderated).<br />
<br />
__NOTOC__ <headertabs></headertabs><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=File:OWASP-Newcastle.pdf&diff=254916File:OWASP-Newcastle.pdf2019-09-24T10:46:58Z<p>Connor Carr: Connor Carr uploaded a new version of File:OWASP-Newcastle.pdf</p>
<hr />
<div>OWASP Newcastle 2019 Stalkerware slides</div>Connor Carrhttps://wiki.owasp.org/index.php?title=File:OWASP-Newcastle.pdf&diff=254915File:OWASP-Newcastle.pdf2019-09-24T10:43:39Z<p>Connor Carr: </p>
<hr />
<div>OWASP Newcastle 2019 Stalkerware slides</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=243143Newcastle2018-09-04T14:34:42Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr], [mailto:robin.fewster@owasp.org Robin Fewster] and [mailto:andrew.pannell@owasp.org Andi Pannell]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
= Upcoming Events =<br />
<br />
25/09/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-402. <br />
<br />
Speakers: <br />
* '''Andy Ferguson: "Don't tell your Big Brother" Encryption tips and tricks.''' Overview TBA <br />
* '''Gavin Johnson-Lynn: My Path to CSSLP.''' Join me on a journey from a vague knowledge of security to gaining a valued security certification. For anyone considering certification as a route to success, self-improvement, or even just some thoughts on how I approached it. We’ll look at what I learned and how I learned it, including some tricks I picked up along the way to help cram information into my brain (and keep it there). <br />
Keep updated and in touch using the [https://lists.owasp.org/mailman/listinfo/owasp-Newcastle chapter mailing list] and/or Twitter [https://twitter.com/OWASP_Newcastle @OWASP_Newcastle] and/or [https://owasp.slack.com/messages/C0CLHS45S Slack]. <br />
<br />
= Past Events =<br />
'''2018 Dates'''<br />
----26/06/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-402.<br />
We have a CTF (Capture The Flag) event coming up on 26th June at Northumbria University.<br />
<br />
Please register here - [https://www.eventbrite.com/e/owasp-newcastle-june-2018-capture-the-flag-tickets-43192186994?aff=eac2 https://www.eventbrite.com/e/owasp-newcastle-june-2018-capture-the-flag-tickets-43192186994] <br />
<br />
As always free pizza will be provided. <br />
<br />
'''All skill levels are welcome''' as you will learn something. <br />
----27/03/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-402.<br />
<br />
Speakers<br />
* '''Andi Pannell: The Internet of (broken) things.''' This talk will focus on the internet of things, how we’re connecting everything to the internet now, because why not add a WiFi connection to your Fridge? And how security is unlikely to be a consideration when making these products. I’ll also talk about DefCon, as last year my company sent a team of us to DefCon 25 in Las Vegas, explaining what DefCon is, what happens there, and how we won the IoT Village 0-day contest and I'll conclude with a '''live hacking demo'''.<br />
* '''Colin Watson: An introduction to the OWASP automated threats to web applications.''' Web applications are subjected to unwanted automated usage – day in, day out. The vast majority of these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Also, excessive misuse is often mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the attacker’s primary intent. [https://www.owasp.org/index.php/OWASP_Automated_Threats_to_Web_Applications Project page] | [https://www.owasp.org/index.php/File:Automated-threat-handbook.pdf Handbook PDF file] | [http://www.lulu.com/shop/owasp-foundation/automated-threat-handbook/paperback/product-23540699.html Handbook print version] | [https://www.owasp.org/index.php/File:AutomatedThreats-Newcastle-20180327.pptx Newcastle PPT presentation]<br />
----<br />
<br />
30/01/2018 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-008.<br />
<br />
Speakers<br />
* '''Neil Dixley: Code that fights back.''' Lessons from the gaming world on detecting and responding to attacks on software assets. An introduction to proactive software security including a philosophical look at how far we should go to protect our apps.<br />
<br />
* '''Luke Sadler: Practical demonstration of mobile software penetration'''. Luke Sadler walks us through hands on examples of cracking mobile technology.<br />
----'''2017 Dates'''<br />
----<br />
<br />
21/11/2017 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-024.<br />
<br />
Speakers:<br />
* '''Lorenzo Grespan: Explain hacking in ten minutes.''' Bio: Lorenzo Grespan is a computer scientist currently working as an application security specialist for Secarma, Ltd. While his main interest has always been computer security, he also worked as a developer, systems administrator and project manager for a research effort in robotic surgery. His background is in computational neuroscience, neural networks and evolutionary systems and he likes to solve interesting problems at the intersection of people and technology. Talk (30 minutes): Recently I had to show a 10-minute "live hack" to a non-technical audience. As an introvert and a geek my main effort was in maintaining technical accuracy, however what made the audience go "aha!" turned out to be what for me was the least significant detail of the entire demo. In this talk I will show the hack, share the lessons learned and discuss how to communicate security concerns to non technical stakeholders, higher management and end users. [[Media:OWASPNCL LG 21112017.pdf]]<br />
<br />
* '''Robin Sillem:''' '''Building a Development Environment That's 'Secure Enough'.''' This will be a discussion of how a team at DWP is using modern DevOps practices to create a dev/build/test platform secure enough for development of services handling large volumes of UK citizen data. [[Media:Modern_DevOps_and_security.pptx]]<br />
----<br />
<br />
19/09/2017 from 18:00 to 21:00 at Northumbria University, City Campus East, room CCE1-024.<br />
<br />
Speakers: <br />
* '''Gareth Dixon: Running a security event using OWASP Security Shepherd.''' In this talk I will cover running a security event using [[OWASP Security Shepherd]]. The event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications. This talk will cover the project planning stage, through execution to the project retrospective. [[Media:Security_Shepherd.pptx]]<br />
* '''Mike Goodwin: Enter the (Threat ) Dragon:Threat Modeling with OWASP Threat Dragon'''. Threat modelling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to Windows or not free. [[OWASP Threat Dragon]] is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood. Mike the the project leader for Threat Dragon, so if you want to contribute, he would be very pleased to speak to you. [[Media:Owasp_threat_dragon_201709_.pptx]]<br />
----<br />
<br />
'''2016 Dates'''<br />
<br />
----<br />
<br />
23/08/2016 from 18:00 to 21:00 at The Auditorium - Bunker Coffee and Kitchen 9-11 Carliol Square, Newcastle-upon-Tyne, NE1 6UF.<br />
<br />
Speakers: <br />
<br />
* '''Andrew Pannell: 50 Million Downloads and All I Got Was Malware.''' How is it a free Android application that has been downloaded more times than WhatsApp can turn your phone into malware, sending your private data to China and inserting adverts? I’ll be discussing my journey of researching mobile malware and how you can too. [https://www.droidandy.com/uploads/50MillionDownloads.pdf]<br />
* '''Colin Watson: OWASP Cornucopia.''' OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example eCommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats. The game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities. Bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [https://www.owasp.org/index.php/File:OwaspNCL-cornucopia-colinwatson.odp]<br />
<br />
----<br />
<br />
'''2015 Dates'''<br />
<br />
----<br />
<br />
24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
Speakers: <br />
* '''Ben Lee''' and '''Ross Dargan''': '''The problems with proving identity.''' In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers. The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…* (*Talk may not be historically accurate! ;)) [[Media: OWASPNewcastle_the_problem_with_proving_identity.pptx]]<br />
* '''Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks.''' The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities. Take a copy of the game away with you - it is suitable for developers of all sizes. [[Media: Owaspnewcastle-snakesandladders.pptx]]<br />
* '''Michael Haselhurst - Automated Security Testing Using The ZAP API.''' This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi. [[Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx]]<br />
* '''Mike Goodwin - Real world defence in depth (part 1).''' Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality. [[Media: Owaspnewcastle-real_world_defence_in_depth.pptx]]<br />
----<br />
<br />
29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
Speakers:<br />
<br />
* '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf |Media: CSP_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]<br />
* '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]<br />
<br />
----<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' [[Media: OWASP_Honeypots.odp]] <br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.''' [[Media: OWASP_Security_Containerisation.ppt]]<br />
----<br />
<br />
29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs. [[Media: An_introduction_to_penetration_testing.pptx]] <br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. [[Media: Threat_Modeling_Presentation.pptx]] <br />
----<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
----<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Robin Fewster|Robin Fewster]]<br />
* [[User:Andi Pannell|Andi Pannell]]<br />
<br />
We are always happy to hear from people who want to contribute to the chapter as a leader.<br />
<br />
= Slack =<br />
OWASP Newcastle has a slack group which you're welcome to join and chat to us! You can join us [https://owasp.slack.com/messages/C0CLHS45S Here]<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter events and corporate sponsorship officer [mailto:katy.l.buller@pwc.com Katy Buller].<br />
<br />
Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events (this list is moderated).<br />
<br />
__NOTOC__ <headertabs></headertabs><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=235104Newcastle2017-11-06T17:10:08Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr], [mailto:robin.fewster@owasp.org Robin Fewster], [mailto:mike.goodwin@owasp.org Mike Goodwin,] and [mailto:andrew.pannell@owasp.org Andi Pannell]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will be held on 21st November Northumbria City Campus East, room CCE1-024 18:00 - 21:00.<br />
<br />
First talk by '''Lorenzo Grespan''' he will be talking about '''Explain hacking in ten minutes''':<br />
<br />
Bio: Lorenzo Grespan is a computer scientist currently working as an application security specialist for Secarma, Ltd. While his main interest has always been computer security, he also worked as a developer, systems administrator and project manager for a research effort in robotic surgery. His background is in computational neuroscience, neural networks and evolutionary systems and he likes to solve interesting problems at the intersection of people and technology.<br />
<br />
Talk (30 minutes): Recently I had to show a 10-minute "live hack" to a non-technical audience. As an introvert and a geek my main effort was in maintaining technical accuracy, however what made the audience go "aha!" turned out to be what for me was the least significant detail of the entire demo. In this talk I will show the hack, share the lessons learned and discuss how to communicate security concerns to non technical stakeholders, higher management and end users.<br />
<br />
Pizza and networking<br />
<br />
Talk 2: Robin Sillem<br />
<br />
''TBC''<br />
<br />
Keep updated and in touch using the [https://lists.owasp.org/mailman/listinfo/owasp-Newcastle chapter mailing list] and/or Twitter [https://twitter.com/OWASP_Newcastle @OWASP_Newcastle]<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
The long talk by '''Ben Lee''' and '''Ross Dargan''':<br />
<br />
'''The problems with proving identity.'''<br />
<br />
In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.<br />
<br />
The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*<br />
<br />
(*Talk may not be historically accurate! ;))<br />
<br />
[[Media: OWASPNewcastle_the_problem_with_proving_identity.pptx]]<br />
<br />
The short talks:<br />
<br />
'''Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks'''<br />
<br />
The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.<br />
<br />
Take a copy of the game away with you - it is suitable for developers of all sizes.<br />
<br />
[[Media: Owaspnewcastle-snakesandladders.pptx]]<br />
<br />
'''Michael Haselhurst - Automated Security Testing Using The ZAP API'''<br />
<br />
This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.<br />
<br />
[[Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx]]<br />
<br />
'''Mike Goodwin - Real world defence in depth (part 1)'''<br />
<br />
Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.<br />
<br />
[[Media: Owaspnewcastle-real_world_defence_in_depth.pptx]]<br />
<br />
----<br />
<br />
29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
We changed the format for this meeting and has 3 short talks (approx 20 mins) and then one long one (60 mins).<br />
<br />
Speakers:<br />
<br />
* '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf ]]<br />
* '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]<br />
* '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]<br />
<br />
----<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
----<br />
<br />
29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
----<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
----<br />
<br />
'''2016 Dates'''<br />
<br />
23/08/2016 from 18:00 to 21:00 at The Auditorium - Bunker Coffee and Kitchen 9-11 Carliol Square, Newcastle-upon-Tyne, NE1 6UF.<br />
<br />
Speakers: <br />
<br />
* '''Andrew Pannell: 50 Million Downloads and All I Got Was Malware.''' How is it a free Android application that has been downloaded more times than WhatsApp can turn your phone into malware, sending your private data to China and inserting adverts? I’ll be discussing my journey of researching mobile malware and how you can too. [https://rm-r.sh/uploads/50MillionDownloads.pdf]<br />
* '''Colin Watson: OWASP Cornucopia.''' OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example eCommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats. The game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities. Bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [https://www.owasp.org/index.php/File:OwaspNCL-cornucopia-colinwatson.odp]<br />
<br />
'''2017 Dates'''<br />
<br />
''Running a security event using OWASP Security Shepherd''<br />
<br />
In this talk I will cover running a security event using [[OWASP Security Shepherd]]. The event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications. This talk will cover the project planning stage, through execution to the project retrospective. [[Media:Security_Shepherd.pptx]]<br />
<br />
'''Talk 2: Mike Goodwin'''<br />
<br />
''Enter the (Threat ) Dragon:Threat Modeling with OWASP Threat Dragon''<br />
<br />
Threat modeling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to Windows or not free. [[OWASP Threat Dragon]] is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood. Mike the the project leader for Threat Dragon, so if you want to contribute, he would be very pleased to speak to you. [[Media:Owasp_threat_dragon_201709_.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Listenerstation|Robin Fewster]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
* [[User:Andi Pannell|Andi Pannell]]<br />
<br />
We are always happy to hear from people who want to contribute to the chapter as a leader.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter events and corporate sponsorship officer [mailto:katy.l.buller@pwc.com Katy Buller].<br />
<br />
Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events (this list is moderated).<br />
<br />
__NOTOC__ <headertabs></headertabs><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=234651Newcastle2017-10-26T09:26:41Z<p>Connor Carr: Removing 'Next Meeting' tab as it is redundant.</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr], [mailto:robin.fewster@owasp.org Robin Fewster], [mailto:mike.goodwin@owasp.org Mike Goodwin,] and [mailto:andrew.pannell@owasp.org Andi Pannell]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will be held on 21st November Northumbria City Campus East, room CCE1-024 18:00 - 21:00.<br />
<br />
Keep updated and in touch using the [https://lists.owasp.org/mailman/listinfo/owasp-Newcastle chapter mailing list] and/or Twitter [https://twitter.com/OWASP_Newcastle @OWASP_Newcastle]<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
The long talk by '''Ben Lee''' and '''Ross Dargan''':<br />
<br />
'''The problems with proving identity.'''<br />
<br />
In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.<br />
<br />
The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*<br />
<br />
(*Talk may not be historically accurate! ;))<br />
<br />
[[Media: OWASPNewcastle_the_problem_with_proving_identity.pptx]]<br />
<br />
The short talks:<br />
<br />
'''Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks'''<br />
<br />
The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.<br />
<br />
Take a copy of the game away with you - it is suitable for developers of all sizes.<br />
<br />
[[Media: Owaspnewcastle-snakesandladders.pptx]]<br />
<br />
'''Michael Haselhurst - Automated Security Testing Using The ZAP API'''<br />
<br />
This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.<br />
<br />
[[Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx]]<br />
<br />
'''Mike Goodwin - Real world defence in depth (part 1)'''<br />
<br />
Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.<br />
<br />
[[Media: Owaspnewcastle-real_world_defence_in_depth.pptx]]<br />
<br />
----<br />
<br />
29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
We changed the format for this meeting and has 3 short talks (approx 20 mins) and then one long one (60 mins).<br />
<br />
Speakers:<br />
<br />
* '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf ]]<br />
* '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]<br />
* '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]<br />
<br />
----<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
----<br />
<br />
29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
----<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
----<br />
<br />
'''2016 Dates'''<br />
<br />
23/08/2016 from 18:00 to 21:00 at The Auditorium - Bunker Coffee and Kitchen 9-11 Carliol Square, Newcastle-upon-Tyne, NE1 6UF.<br />
<br />
Speakers: <br />
<br />
* '''Andrew Pannell: 50 Million Downloads and All I Got Was Malware.''' How is it a free Android application that has been downloaded more times than WhatsApp can turn your phone into malware, sending your private data to China and inserting adverts? I’ll be discussing my journey of researching mobile malware and how you can too. [https://rm-r.sh/uploads/50MillionDownloads.pdf]<br />
* '''Colin Watson: OWASP Cornucopia.''' OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example eCommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats. The game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities. Bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [https://www.owasp.org/index.php/File:OwaspNCL-cornucopia-colinwatson.odp]<br />
<br />
'''2017 Dates'''<br />
<br />
''Running a security event using OWASP Security Shepherd''<br />
<br />
In this talk I will cover running a security event using [[OWASP Security Shepherd]]. The event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications. This talk will cover the project planning stage, through execution to the project retrospective. [[Media:Security_Shepherd.pptx]]<br />
<br />
'''Talk 2: Mike Goodwin'''<br />
<br />
''Enter the (Threat ) Dragon:Threat Modeling with OWASP Threat Dragon''<br />
<br />
Threat modeling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to Windows or not free. [[OWASP Threat Dragon]] is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood. Mike the the project leader for Threat Dragon, so if you want to contribute, he would be very pleased to speak to you. [[Media:Owasp_threat_dragon_201709_.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Listenerstation|Robin Fewster]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
* [[User:Andi Pannell|Andi Pannell]]<br />
<br />
We are always happy to hear from people who want to contribute to the chapter as a leader.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman].<br />
<br />
Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events (this list is moderated).<br />
<br />
__NOTOC__ <headertabs></headertabs><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=234649Newcastle2017-10-26T08:57:35Z<p>Connor Carr: Added in the next event under 'Next Meeting' and 'Upcoming Events' tab.</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr], [mailto:robin.fewster@owasp.org Robin Fewster], [mailto:mike.goodwin@owasp.org Mike Goodwin,] and [mailto:andrew.pannell@owasp.org Andi Pannell]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will be held on 21st November Northumbria City Campus East, room CCE1-024 18:00 - 21:00.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will be held on 21st November Northumbria City Campus East, room CCE1-024 18:00 - 21:00.<br />
<br />
Keep updated and in touch using the [https://lists.owasp.org/mailman/listinfo/owasp-Newcastle chapter mailing list] and/or Twitter [https://twitter.com/OWASP_Newcastle @OWASP_Newcastle]<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
The long talk by '''Ben Lee''' and '''Ross Dargan''':<br />
<br />
'''The problems with proving identity.'''<br />
<br />
In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.<br />
<br />
The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*<br />
<br />
(*Talk may not be historically accurate! ;))<br />
<br />
[[Media: OWASPNewcastle_the_problem_with_proving_identity.pptx]]<br />
<br />
The short talks:<br />
<br />
'''Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks'''<br />
<br />
The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.<br />
<br />
Take a copy of the game away with you - it is suitable for developers of all sizes.<br />
<br />
[[Media: Owaspnewcastle-snakesandladders.pptx]]<br />
<br />
'''Michael Haselhurst - Automated Security Testing Using The ZAP API'''<br />
<br />
This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.<br />
<br />
[[Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx]]<br />
<br />
'''Mike Goodwin - Real world defence in depth (part 1)'''<br />
<br />
Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.<br />
<br />
[[Media: Owaspnewcastle-real_world_defence_in_depth.pptx]]<br />
<br />
----<br />
<br />
29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002<br />
<br />
We changed the format for this meeting and has 3 short talks (approx 20 mins) and then one long one (60 mins).<br />
<br />
Speakers:<br />
<br />
* '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]<br />
* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf ]]<br />
* '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]<br />
* '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]<br />
<br />
----<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
----<br />
<br />
29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
----<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
----<br />
<br />
'''2016 Dates'''<br />
<br />
23/08/2016 from 18:00 to 21:00 at The Auditorium - Bunker Coffee and Kitchen 9-11 Carliol Square, Newcastle-upon-Tyne, NE1 6UF.<br />
<br />
Speakers: <br />
<br />
* '''Andrew Pannell: 50 Million Downloads and All I Got Was Malware.''' How is it a free Android application that has been downloaded more times than WhatsApp can turn your phone into malware, sending your private data to China and inserting adverts? I’ll be discussing my journey of researching mobile malware and how you can too. [https://rm-r.sh/uploads/50MillionDownloads.pdf]<br />
* '''Colin Watson: OWASP Cornucopia.''' OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example eCommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats. The game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities. Bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [https://www.owasp.org/index.php/File:OwaspNCL-cornucopia-colinwatson.odp]<br />
<br />
'''2017 Dates'''<br />
<br />
''Running a security event using OWASP Security Shepherd''<br />
<br />
In this talk I will cover running a security event using [[OWASP Security Shepherd]]. The event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications. This talk will cover the project planning stage, through execution to the project retrospective. [[Media:Security_Shepherd.pptx]]<br />
<br />
'''Talk 2: Mike Goodwin'''<br />
<br />
''Enter the (Threat ) Dragon:Threat Modeling with OWASP Threat Dragon''<br />
<br />
Threat modeling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to Windows or not free. [[OWASP Threat Dragon]] is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood. Mike the the project leader for Threat Dragon, so if you want to contribute, he would be very pleased to speak to you. [[Media:Owasp_threat_dragon_201709_.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Listenerstation|Robin Fewster]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
* [[User:Andi Pannell|Andi Pannell]]<br />
<br />
We are always happy to hear from people who want to contribute to the chapter as a leader.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman].<br />
<br />
Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events (this list is moderated).<br />
<br />
__NOTOC__ <headertabs></headertabs><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=200903Newcastle2015-09-21T14:24:59Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002. We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk<br />
<br />
We are still looking for a speaker for the long talk, but the short sessions are<br />
<br />
* John Beddard on Securing Real-Time Networks<br />
* Ian Oxley on Content Security Policy<br />
* Mike Goodwin talking about his OWASP threat modelling tool project<br />
* Neil Dixley on 'OWASP Top 10 Mobile Risks'<br />
<br />
If you would like to volunteer to speak at this or any future meetings, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
= Upcoming Events =<br />
<br />
The next event will be run on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the Fourth Meeting of the Newcastle Chapter.<br />
<br />
We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk.<br />
<br />
<br />
The talks are as follows:<br />
<br />
18:00 - 18:20 John Beddard on Securing Real-Time Networks which should prove extremely interesting given the amount of sysops we have!<br />
<br />
18:20 - 18:40 Ian Oxley on Content Security Policy <br />
<br />
18:40 - 19:00 Mike Goodwin talking about his OWASP threat modelling tool project.<br />
<br />
19:00 - 20:00 Pizza!<br />
<br />
20:00 - 21:00 Neil Dixley on 'OWASP Top 10 Mobile Risks': An introduction to using the OWASP top 10 for mobile risks for secure mobile development, including an overview of the OWASP Mobile Security Project and how you can participate.<br />
<br />
Everyone is free to attend.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=200902Newcastle2015-09-21T14:24:43Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002. We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk<br />
<br />
We are still looking for a speaker for the long talk, but the short sessions are<br />
<br />
* John Beddard on Securing Real-Time Networks<br />
* Ian Oxley on Content Security Policy<br />
* Mike Goodwin talking about his OWASP threat modelling tool project<br />
<br />
If you would like to volunteer to speak at this or any future meetings, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
= Upcoming Events =<br />
<br />
The next event will be run on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the Fourth Meeting of the Newcastle Chapter.<br />
<br />
We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk.<br />
<br />
<br />
The talks are as follows:<br />
<br />
18:00 - 18:20 John Beddard on Securing Real-Time Networks which should prove extremely interesting given the amount of sysops we have!<br />
<br />
18:20 - 18:40 Ian Oxley on Content Security Policy <br />
<br />
18:40 - 19:00 Mike Goodwin talking about his OWASP threat modelling tool project.<br />
<br />
19:00 - 20:00 Pizza!<br />
<br />
20:00 - 21:00 Neil Dixley on 'OWASP Top 10 Mobile Risks': An introduction to using the OWASP top 10 for mobile risks for secure mobile development, including an overview of the OWASP Mobile Security Project and how you can participate.<br />
<br />
Everyone is free to attend.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=200901Newcastle2015-09-21T14:24:21Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002. We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk<br />
<br />
We are still looking for a speaker for the long talk, but the short sessions are<br />
<br />
* John Beddard on Securing Real-Time Networks<br />
* Ian Oxley on Content Security Policy<br />
* Mike Goodwin talking about his OWASP threat modelling tool project<br />
<br />
If you would like to volunteer to speak at this or any future meetings, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
= Upcoming Events =<br />
<br />
The next event will be run on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the Fourth Meeting of the Newcastle Chapter.<br />
<br />
We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk.<br />
<br />
<br />
The talks are as follows:<br />
<br />
18:00 - 18:20 John Beddard on Securing Real-Time Networks which should prove extremely interesting given the amount of sysops we have!<br />
<br />
18:20 - 18:40 Ian Oxley on Content Security Policy <br />
<br />
18:40 - 19:00 Mike Goodwin talking about his OWASP threat modelling tool project.<br />
<br />
19:00 - 20:00 Pizza!<br />
<br />
20:00 - 21:00 Neil Dixley on 'OWASP Top 10 Mobile Risks'<br />
<br />
An introduction to using the OWASP top 10 for mobile risks for secure mobile development, including an overview of the OWASP Mobile Security Project and how you can participate.<br />
<br />
Everyone is free to attend.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=200509Newcastle2015-09-14T09:45:00Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002. We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk<br />
<br />
We are still looking for a speaker for the long talk, but the short sessions are<br />
<br />
* John Beddard on Securing Real-Time Networks<br />
* Ian Oxley on Content Security Policy<br />
* Mike Goodwin talking about his OWASP threat modelling tool project<br />
<br />
If you would like to volunteer to speak at this or any future meetings, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
= Upcoming Events =<br />
<br />
The next event will be run on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the Fourth Meeting of the Newcastle Chapter.<br />
<br />
We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk.<br />
<br />
<br />
The talks are as follows:<br />
<br />
18:00-18:20 John Beddard on Securing Real-Time Networks which should prove extremely interesting given the amount of sysops we have!<br />
<br />
18:20-18:40 Ian Oxley on Content Security Policy <br />
<br />
18:40 - 19:00 Mike Goodwin talking about his OWASP threat modelling tool project.<br />
<br />
We currently haven't got anyone for the 60 minute slot, if you would like to volunteer or know someone else who would feel free to contact us!<br />
<br />
Everyone is free to attend.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=200508Newcastle2015-09-14T09:43:47Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002. We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk<br />
<br />
We are still looking for a speaker for the long talk, but the short sessions are<br />
<br />
* John Beddard on Securing Real-Time Networks<br />
* Ian Oxley on Content Security Policy<br />
* Mike Goodwin talking about his OWASP threat modelling tool project<br />
<br />
If you would like to volunteer to speak at this or any future meetings, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
= Upcoming Events =<br />
<br />
This is the Fourth Meeting of the Newcastle Chapter.<br />
<br />
We are changing the format this time and having 3 small 20 minute talks, a refreshment break and then a single 60 minute talk.<br />
<br />
<br />
The talks are as follows:<br />
<br />
18:00-18:20 John Beddard on Securing Real-Time Networks which should prove extremely interesting given the amount of sysops we have!<br />
<br />
18:20-18:40 Ian Oxley on Content Security Policy <br />
<br />
18:40 - 19:00 Mike Goodwin talking about his OWASP threat modelling tool project.<br />
<br />
We currently haven't got anyone for the 60 minute slot, if you would like to volunteer or know someone else who would feel free to contact us!<br />
<br />
Everyone is free to attend.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=198473Newcastle2015-08-05T21:14:23Z<p>Connor Carr: /* Next Meeting */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are still looking for speakers.<br />
<br />
If you would like to volunteer to speak at this or any future meetings, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Our speakers are '''Andrew Waite''' will be taking about '''"Honeypots; From Research to the Enterprise"''' and '''George Chlapoutakis''' talking about '''"Security in the World of Containerisation"'''.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=File:OWASP_Security_Containerisation.ppt&diff=198472File:OWASP Security Containerisation.ppt2015-08-05T21:11:58Z<p>Connor Carr: </p>
<hr />
<div></div>Connor Carrhttps://wiki.owasp.org/index.php?title=File:OWASP_Honeypots.odp&diff=198471File:OWASP Honeypots.odp2015-08-05T21:07:03Z<p>Connor Carr: </p>
<hr />
<div></div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=198470Newcastle2015-08-05T21:06:47Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Our speakers are '''Andrew Waite''' will be taking about '''"Honeypots; From Research to the Enterprise"''' and '''George Chlapoutakis''' talking about '''"Security in the World of Containerisation"'''.<br />
<br />
If you would like to volunteer to speak at a future meeting, please get in contact with the chapter leaders - you would be very welcome!<br />
<br />
As always, attendance is free and you don't need to register in advance, but it helps us gauge the size of the half-time pizza order if you register at:<br />
<br />
https://www.eventbrite.com/e/owasp-newcastle-meeting-for-july-tickets-17634654727<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Our speakers are '''Andrew Waite''' will be taking about '''"Honeypots; From Research to the Enterprise"''' and '''George Chlapoutakis''' talking about '''"Security in the World of Containerisation"'''.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.<br />
<br />
Speakers:<br />
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' <br />
[[Media: OWASP_Honeypots.odp]]<br />
<br />
* '''George Chlapoutakis: Security in the World of Containerisation.'''<br />
[[Media: OWASP_Security_Containerisation.ppt]]<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' <br />
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
[[Media: An_introduction_to_penetration_testing.pptx]]<br />
<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' <br />
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media: Threat_Modeling_Presentation.pptx]]<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman]. Their next meeting is on 22nd September at PricewaterhouseCoopers LLP, Central Square South, Orchard Street, Newcastle upon Tyne, NE1 3AZ<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=195514Newcastle2015-05-29T11:56:19Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the second meeting of the Newcastle OWASP chapter. This month Robin Fewster will be giving a talk entitled "An introduction to basic application penetration testing". Rob is a very experienced pen tester, so he is sure to have some great stuff to share.<br />
<br />
Our second speaker is Neil Dixley on "The Elevation of Privilege Threat Modelling Tool".<br />
<br />
"An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. This presentation includes a live example of the card game so make sure you bring your Poker face."<br />
<br />
I (Mike) have personally been in threat modelling sessions with Neil and his card, so I know it will be fun.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.[[Media:Threat_Modeling_Presentation.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=195513Newcastle2015-05-29T11:56:04Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the second meeting of the Newcastle OWASP chapter. This month Robin Fewster will be giving a talk entitled "An introduction to basic application penetration testing". Rob is a very experienced pen tester, so he is sure to have some great stuff to share.<br />
<br />
Our second speaker is Neil Dixley on "The Elevation of Privilege Threat Modelling Tool".<br />
<br />
"An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. This presentation includes a live example of the card game so make sure you bring your Poker face."<br />
<br />
I (Mike) have personally been in threat modelling sessions with Neil and his card, so I know it will be fun.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.[[Threat_Modeling_Presentation.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=195512Newcastle2015-05-29T11:55:29Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the second meeting of the Newcastle OWASP chapter. This month Robin Fewster will be giving a talk entitled "An introduction to basic application penetration testing". Rob is a very experienced pen tester, so he is sure to have some great stuff to share.<br />
<br />
Our second speaker is Neil Dixley on "The Elevation of Privilege Threat Modelling Tool".<br />
<br />
"An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. This presentation includes a live example of the card game so make sure you bring your Poker face."<br />
<br />
I (Mike) have personally been in threat modelling sessions with Neil and his card, so I know it will be fun.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.<br />
[[Media:Threat_Modeling_Presentation.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=195511Newcastle2015-05-29T11:55:17Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the second meeting of the Newcastle OWASP chapter. This month Robin Fewster will be giving a talk entitled "An introduction to basic application penetration testing". Rob is a very experienced pen tester, so he is sure to have some great stuff to share.<br />
<br />
Our second speaker is Neil Dixley on "The Elevation of Privilege Threat Modelling Tool".<br />
<br />
"An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. This presentation includes a live example of the card game so make sure you bring your Poker face."<br />
<br />
I (Mike) have personally been in threat modelling sessions with Neil and his card, so I know it will be fun.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.[[Media:Threat_Modeling_Presentation.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=195510Newcastle2015-05-29T10:26:14Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the second meeting of the Newcastle OWASP chapter. This month Robin Fewster will be giving a talk entitled "An introduction to basic application penetration testing". Rob is a very experienced pen tester, so he is sure to have some great stuff to share.<br />
<br />
Our second speaker is Neil Dixley on "The Elevation of Privilege Threat Modelling Tool".<br />
<br />
"An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. This presentation includes a live example of the card game so make sure you bring your Poker face."<br />
<br />
I (Mike) have personally been in threat modelling sessions with Neil and his card, so I know it will be fun.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.''' An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.[[Media:https://www.owasp.org/images/2/22/Threat_Modeling_Presentation.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=195509Newcastle2015-05-29T10:25:34Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
This is the second meeting of the Newcastle OWASP chapter. This month Robin Fewster will be giving a talk entitled "An introduction to basic application penetration testing". Rob is a very experienced pen tester, so he is sure to have some great stuff to share.<br />
<br />
Our second speaker is Neil Dixley on "The Elevation of Privilege Threat Modelling Tool".<br />
<br />
"An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. This presentation includes a live example of the card game so make sure you bring your Poker face."<br />
<br />
I (Mike) have personally been in threat modelling sessions with Neil and his card, so I know it will be fun.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]<br />
<br />
26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers:<br />
* '''Robin Fewster: An introduction to basic application penetration testing.'''<br />
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.''' An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.[[Media:https://www.owasp.org/images/2/22/Threat_Modeling_Presentation.pptx]]<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=File:Threat_Modeling_Presentation.pptx&diff=195508File:Threat Modeling Presentation.pptx2015-05-29T10:24:35Z<p>Connor Carr: </p>
<hr />
<div></div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=192151Newcastle2015-03-25T13:09:03Z<p>Connor Carr: /* Next Meeting */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering'''. An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?'''. Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=192150Newcastle2015-03-25T13:08:44Z<p>Connor Carr: /* Past Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering'''. An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?'''. Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=192149Newcastle2015-03-25T13:08:17Z<p>Connor Carr: /* Upcoming Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering'''. An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?'''. Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=192148Newcastle2015-03-25T13:07:57Z<p>Connor Carr: /* Upcoming Events */</p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 26/05/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every second month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2015 Dates'''<br />
<br />
24/03/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
Speakers: <br />
<br />
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering'''. An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]<br />
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?'''. Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
= Sponsorship = <br />
<br />
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.<br />
<br />
[[File:sage-logo.jpg]]<br />
<br />
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:<br />
<br />
* Platinum sponsor (£1200)<br />
* Gold sponsor (£600)<br />
* Silver sponsor (£300)<br />
<br />
Any other donation is also gratefully received.<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=191027Newcastle2015-03-09T08:19:50Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
The next meeting will take place on 24/03/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
The next meeting will take place on 24/03/2015 from 18:00 to 22:00 at Northumbria University Ellison Building EBA002.<br />
<br />
We are looking to host a meeting the final Tuesday of every month.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2014 Dates'''<br />
<br />
None currently, we are a new chapter.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Michael Goodwin|Mike Goodwin]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=User:Connor_Carr&diff=188596User:Connor Carr2015-01-27T16:21:17Z<p>Connor Carr: </p>
<hr />
<div>The Newcastle chapter co-leader. I've always been passionate about technology and the inner workings of all things mechanical, I'm always happy to discuss pretty much anything along those lines so feel free to message me.</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=178960Newcastle2014-07-18T13:14:06Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and Mike Goodwin<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
None currently scheduled, please watch this space for updates soon.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
To be confirmed. We are currently looking at the possibility of a September meeting.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2014 Dates'''<br />
<br />
None currently, we are a new chapter.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* [[User:Mike Goodwin|Connor Carr]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=178930Newcastle2014-07-17T18:03:28Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and Mike Goodwin<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
None currently scheduled, please watch this space for updates soon.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
To be confirmed. We are currently looking at the possibility of a September meeting.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2014 Dates'''<br />
<br />
None currently, we are a new chapter.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
* Mike Goodwin<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Chapter_Handbook/Chapter_7:_Organizing_Chapter_Meetings&diff=178840Chapter Handbook/Chapter 7: Organizing Chapter Meetings2014-07-15T20:52:47Z<p>Connor Carr: Just changed a little formatting for readability.</p>
<hr />
<div>==Meeting Formula==<br />
There are a variety of meeting formulas that have been used by existing local chapters; the most traditional of which is an evening speaker meeting. For this type of meeting, the chapter leader will organize one or more speakers to present on one or more topics in a lecture or question & answer format. Needless to say, chapters have adapted this formula in many ways to suit their members or geographic area. Meetings have been organized over breakfast, lunch, or dinner as well as at a bar having a conversation over drinks. Some chapters serve food during the meeting or after the meeting on site, others will invite meeting attendees to a bar nearby for food and drinks after the meeting. Meetings have been organized as social or networking events, roundtables, panel discussions, or even as a remote presentation.<br />
<br />
<br />
Chapter leaders are encouraged to try a variety of formats to determine what will be the most successful for their audience and area. Also, it may work best to have a variety of formats throughout the year depending on the speaker and meeting space availability. <br />
<br />
<br />
Virtual meetings may not be ideal to encourage networking and community building within your local chapter, but they are certainly a good alternative when the chapter is not able to find a venue or having trouble bringing in a speaker. OWASP has a GotoMeeting account already available for chapter leaders (paid by the Foundation and provided for free for the chapters). If you would like to set up a meeting or the GotoMeeting login credentials, [http://sl.owasp.org/contactus contact us].<br />
<br />
<br />
==Before - Planning the Meeting==<br />
<br />
In order of importance,* these are the key pieces to holding a chapter meeting:<br />
#Great speakers / topics<br />
#Venue<br />
#Date<br />
#Promotion<br />
<br />
<br />
* While the order of importance has been debated by chapter leaders, the general consensus appears above. Additional pieces (discussed more below) that some chapter leaders have said are “key” in their regions: sponsors and attendees. The list above is meant to be a starting place and a list of essential items for planning your meeting; it is assumed that once you have these items in place people will attend the meeting and sponsorship will follow thereafter.<br />
<br />
<br />
===Getting a Speaker===<br />
OWASP chapters are encouraged to get local speakers. Your chapter may also use international speakers, but you will quickly need funds to cover travel costs if the speakers cannot pay for the travel themselves. <br />
<br />
One technique for bringing in international speakers is to coordinate your meeting with another event that the speaker may be attending or speaking at nearby. The intended speaker may be willing to arrive early or extend their trip by a day or two to speak at your local meeting.<br />
<br />
Also, the OWASP Speakers Project is available to help local chapters or application security conferences to find OWASP related speakers.<br />
https://www.owasp.org/index.php/Category:OWASP_Speakers_Project<br />
<br />
If you have found an international speaker who is not able to pay for the travel themselves, and your chapter does not have the funds to cover the travel costs, you may be able to apply for “OWASP on the Move” funds (outlined below).<br />
<br />
<br />
===OWASP on the Move===<br />
In order to better support local chapter meetings and (web application) security events, the Global Chapters Committee started a travel-support program for OWASP presenters. <br />
<br />
<br />
The [[OWASP on the Move]] program allows local chapters to have OWASP presenters on site; it is not for speakers to attend OWASP conferences.<br />
This program allows 3 parties to find each other:<br />
*Local chapters events that want to attract an OWASP speaker<br />
*OWASP speakers to entertain OWASP presentations and that want to see the world<br />
*OWASP sponsors that want to support spreading the OWASP message<br />
<br />
<br />
To find available speakers in your area, see the [[:Category:OWASP_Speakers_Project|OWASP Speakers Project]]<br />
<br />
<br />
'''Application Process:'''<br/><br />
The way it works is really easy.<br />
*Upfront the chapter leader submits an OotM request (event details, who to cover, etc...) via http://sl.owasp.org/contactus <br />
*The request will be reviewed by the [[Global Chapter Committee]]. If the request is within the rules (see below), it will be rapidly approved.<br />
*The speaker, who made the travel/lodging expenses, submits a reimbursement request with receipts after the presentation is performed.<br />
*The reimbursement is approved and processed.<br />
<br />
That's it!<br />
<br />
[http://www.google.com/url?q=https://www.owasp.org/index.php/File:Reimbursement_Request_Form.xls&ei=hUXUTtqKI6Pt0gHV7Z3YAQ&sa=X&oi=unauthorizedredirect&ct=targetlink&ust=1322536077576996&usg=AFQjCNEd6G63lRFYnDrmsjoPS_awVl0OEg Reimbursement Request Form]<br />
<br />
<br />
'''OWASP on the Move Rules:'''<br/><br />
The following rules apply for the OotM project:<br />
*Primary funding would be deducted from the local chapter budget.<br />
**A chapter without sufficient funds for a speaker may request the Global Chapter Committee vote to approve the use of OWASP funds.<br />
*The normal maximum amount per speaker is $500 USD<br />
*Only in special circumstances the maximum amount per speaker can be raised to a maximum of $1000 USD<br />
*There is a proposed limit of $2,000 USD on the amount of money provided to any individual per year (*see 'further funding' below)<br />
*There is a proposed limit of $2,000 USD on the amount of money provided to any chapter per year(*see 'further funding' below)<br />
<br />
<br />
A chapter can use the sponsorship 4 times a year, with a maximum of 2 speakers sponsored by OotM for one single event.<br />
*Further funding: for active chapters or speakers who have reach the proposed financial limits, further funding is possible but will depend on available budget, since priority would be given to chapters below these thresholds<br />
<br />
<br />
OWASP on the Move funds are not to be used by speakers to attend OWASP conferences. If assistance is needed to attend a conference, contact the conference chair.<br />
<br />
<br />
The payments are tracked online [[OWASP_on_the_Move_-_Payments]]<br />
<br />
===Speaker Agreement===<br />
Many chapters do not have every speaker sign the OWASP [Speaker Agreement] as part of their agreement or confirmation for the event. However, if you think OWASP values and principles may be an issue or are concerned that the speaker does not understand the terms of the arrangement, you may consider sending them this speaker agreement: https://www.owasp.org/index.php/Speaker_Agreement<br />
<br />
<br />
===Meeting Venue===<br />
There are an infinite number of possibilities for a meeting location - local college, business, library, or even a restaurant or pub. Plan as far in advance as possible - good meeting spaces are often available at little or no cost (local colleges and universities are often willing to give meeting space for free), but they fill up quickly. <br />
<br />
<br />
Also, it is important to consider accessibility when looking at locations: Where will the attendees park? What is the average travel time for attendees? Is there a security checkpoint? What happens if attendees have not pre-registered, can they still attend? Can you serve food at this location?<br />
<br />
<br />
While having a permanent or stable meeting location for your chapter meetings may be convenient for planning, it is also important to consider any conflict of interest (or appearance of conflict of interest) your meeting venue may convey. For example: vendor neutrality is one of the core values of OWASP, but this doesn’t necessarily mean that a vendor cannot host a local chapter meeting. As long as the meeting is free and open and doesn’t violate other OWASP principals, a vendor’s office space may be a great location to hold a meeting. That being said, holding every meeting at this vendor’s office to the exclusion of other available and willing venues, may give an appearance of impropriety.<br />
<br />
<br />
===Setting a Date and Time===<br />
Most OWASP meetings are currently held during the week (Monday through Friday). Additionally, while meetings have traditionally been held in the evening, an increasing number of local chapters have found success in hosting breakfast (early morning) or lunch events. <br />
<br />
<br />
When setting your meeting date and time, be sure to consider:<br />
*Will your anticipated venue will be available?<br />
*Will you be able to find a speaker for this date and time (many chapters will book the speaker first and then choose a date and time that works for him or her)?<br />
*Have you allowed sufficient travel time for attendees that are coming from work?<br />
*Are there any local or regional events or holidays that will conflict?<br />
<br />
<br />
===Posting Meeting Info on the Wiki===<br />
General information about what should be on a chapter’s wiki page can be found under “administration” below. As soon as you know the time, date, and location of your meeting, be sure to post it to your chapter’s wiki page. Additionally, most chapters post information about the upcoming meeting such as: meeting agenda, speaker background, summary of the topic(s) to be covered by the speaker/meeting.<br />
<br />
This is one possible "template" to use on your chapter wiki page for listing meeting details:<br />
<br />
;WHEN<br />
:Fill in date and timeframe<br />
;WHERE<br />
:Fill in meeting place<br />
;AGENDA<br />
*18h00 - 18h30: Networking / Food, Drinks<br />
*18h30 - 19h00: Fill in<br />
*19h00 - 19h30: Fill in<br />
*Etc.<br />
<br />
<br />
You can copy and paste the wiki code for this “template” here: https://www.owasp.org/index.php/Sample_Chapter_Page<br />
<br />
<br />
===Catering===<br />
Many chapters provide food or refreshments before, during, or after their meeting. This is not a necessity for a chapter meeting, but something extra you might consider if you have the funds in your chapter account or are able to get a sponsor to cover costs (or provide food directly). It is also possible for meeting attendees to split the cost if they want food at the meeting; however, no one can be excluded from a meeting based on their ability or willingness to pay for food. Meetings must remain free and open.<br />
<br />
<br />
If you need to decide on the amount of food ahead of time, line up the refreshment logistics based on RSVP'd attendees.<br />
<br />
<br />
===Sponsors & Affiliates===<br />
In order to organize events, an OWASP chapter often needs to find sponsors. These sponsors may provide meeting facilities, refreshments, etc. While sponsorship is good, it is important to avoid the commercialization pitfalls that may accompany it. The following is specifically prohibited:<br />
*Providing sponsors with a list of people registering for or attending any event. This might even be illegal in certain countries due to privacy laws. The sponsor can collect leads in itself, for example by offering a prize for people providing contact details.<br />
*Providing the sponsor with a commercial or product centric presentation slot.<br />
<br />
<br />
So what can sponsors get?*<br />
*Many thanks, and hopefully a very good feeling of helping the community.<br />
*A table top style mini booth where they can put up a "roll up" poster or two and hand out your brochures and freebies. This might not be possible in certain meeting facilities.<br />
*Logo on the local chapter or event page.<br />
<br />
<br />
*All of the OWASP sponsorship options are detailed on the OWASP Membership page:<br />
https://www.owasp.org/index.php/Membership<br />
<br />
<br />
At the local level there are options for both Local Chapter Supporters (90/10 split with the Foundation, 90% directly supporting the local chapter) as well as Single Meeting Supporters.<br />
<br />
<br />
===Meeting Promotion===<br />
Here are some tips that chapter leaders can use to promote their meeting (and increase meeting attendance):<br />
*At a minimum, the date, time, location, speaker, and topic should be listed on your chapter’s wiki page and an email announcement sent out to your chapter’s mailing list. <br />
*When sending out direct meeting invitations, use google calendar invites through your @owasp.org email account. General email assumes that people will read it in a timely manner and will remember to place it onto their calendar. By using the google calendar invitations, this task is done for them.<br />
*Make sure that your upcoming meeting is broadcast through a variety of channels. In addition to posting the meeting to your chapter’s wiki page and mailing list, consider blogging or [http://twitter.com/ tweeting] about it, as well as posting it on social networking sites such as [http://www.linkedin.com/ LinkedIn], [http://www.facebook.com/ Facebook], [http://www.meetup.com/ Meetup], and [http://myowasp.ning.com/ myowasp].<br />
*Post your event to sites such as [http://www.google.com/url?q=http%3A%2F%2Fevents.yahoo.com%2F&sa=D&sntz=1&usg=AFQjCNFoOQ3LHRany2PkDdWPvYMZwbY1Eg Yahoo Events] and partner with other user groups to cross-market (i.e. ISSA, .Net SIG, Java SIG, SIM, DAMA).<br />
*Acknowledge the fact that even if people cannot physically attend, they may be able to participate remotely. The OWASP Foundation has an account with http://www.gotomeeting.com that is free for chapters to use. Account requests or details can be requested can be requested through: http://sl.owasp.org/contactus.<br />
*Many people are tired and hungry, especially after a long day at work. While you cannot cure tiredness, you can at least try to feed your attendees. Pizza is cheap and it is relatively easy to find a sponsor.<br />
*Make sure the topics you choose are broadly applicable and not just targeted at one group (i.e. penetration testers, software developers). Part of making web application security visible requires you to choose (or solicit) speakers that appeal to IT executives, enterprise architects, business analysis, legal and compliance, etc. If a particular group does happen to be the “target audience” at a meeting, try to change things up for your next meeting.<br />
<br />
<br />
===OWASP Calendar===<br />
Most new chapter leaders are given edit privileges for the OWASP calendar at the time their chapter is created, but if you taking over leadership or have been the leader of a chapter for a while, you may not have permission. Calendar edit privileges can be requested through http://sl.owasp.org/contactus.<br />
<br />
<br />
How do I add my chapter’s local events to the OWASP calendar on the wiki home page?<br />
#Log into your owasp email account (via google apps/gmail) <br />
#Open another tab and go to the OWASP wiki home page. [www.owasp.org]<br />
#Click the button on the bottom of the event calendar box that says "+ google calendar". This will integrate the OWASP event calendar with your owasp gmail account.<br />
#Add the local event to your OWASP account google calendar (as you would if adding it for your personal calendar or setting up a meeting invite)<br />
#In the "calendar" drop down menu there are likely 2 (or more options) - select "OWASP Event Calendar" and save. This should populate the event calendar on the OWASP home page. Note that your personal event calendar is likely in your home time zone, but the OWASP event calendar is in GMT. Google should do the proper time conversion for you.<br />
<br />
<br />
===RSVPs===<br />
Posting your meeting on the chapter’s wiki page and emailing an announcement to the chapter’s mailing list are the prime methods of letting people know about OWASP meetings. Some other useful methods are:<br />
*Ask your speakers to send invites to their circle<br />
*Ask people on the list to forward to people in their organization.<br />
*Use your own personal contacts. Since OWASP is not a commercial organization, this would be usually acceptable by your business contacts. Again, this might actually help you keep in touch with them.<br />
<br />
<br />
Meeting invitations/announcements should contain a request to forward it to other interested parties.<br />
<br />
<br />
You might also want to use event invites instead of e-mail messages. These services provide different advantages such as integration with the attendee calendar and RSVP management, but on the other hand might seem more commercial and obtrusive.<br />
<br />
<br />
You can send event invites using the following tools:<br />
*RegOnline - people can register for your meeting (and you can send invites and follow up emails) using OWASP’s RegOnline account. If you do not have access and would like to use this for your next chapter meeting, please request an account through http://sl.owasp.org/contactus<br />
*Direct calendar invites: one can do that using a dedicated Google calendar account.<br />
*The tool most used by OWASP chapters is: [http://www.eventbrite.com/ Eventbrite], which is free for non-profits.<br />
*Others use: [http://www.meetup.com/ Meetup], which while not free is priced very low.<br />
*Yet others use a meeting [http://www.doodle.com/ Doodle].<br />
*http://myowasp.ning.com/<br />
*You can always just use Excel to track the individuals that reply to your email invitations.<br />
<br />
<br />
To extract the list of mailing list members you can use the mailman roster page available at: https://lists.owasp.org/mailman/roster/owasp-<your-list>.<br />
<br />
<br />
Note! Whatever tool you use, personally responding to each person who has RSVPed greatly increase the rate of people who actually attend. Just write back "Great! see you in the meeting" or whatever fits your local culture and is short.<br />
<br />
<br />
===OWASP Merchandise===<br />
The OWASP Foundation can provide you with OWASP books, shirts, pens, lanyards, flyers, or other materials that you might need to jump-start your next meeting. The cost of these items will be billed to your local chapter. If you would like OWASP Merchandise for your meeting or local event, but do not have the funds to cover it, you request that the costs be covered by the Global Chapters Committee. Requests can be submitted through the [https://spreadsheets.google.com/a/owasp.org/spreadsheet/viewform?formkey=dF85bGtvdWdrd2JjYldNZ1gxSkJxaEE6MQ OWASP Merchandise Request Form].<br />
<br />
[http://store.rocksports.net/merchant2/merchant.mvc?Screen=OWASP&Store_Code=2008&Category_Code=OWASP Rocksports] has also set up an OWASP Storefront to show items they have available and many OWASP books have been made available through [http://stores.lulu.com/owasp Lulu].<br />
<br />
<br />
===PPT Template===<br />
You may want to send your speakers a PowerPoint template to use for their presentations. Here are some options:<br />
*https://www.owasp.org/images/c/c3/OWASP_Presentation_template.ppt<br />
*[https://www.owasp.org/images/9/9a/OWASP_Presentation_template.odp OWASP Impress Template] (Open/Libre Office)<br />
<br />
<br />
===Screening Presentations===<br />
In order to ensure that presentations remain vendor neutral and don’t turn into platforms for a sales pitch, it is recommended that you screen the presentations before the meeting.<br />
<br />
<br />
This may also be a good time to remind your speaker about the terms of the Speaker Agreement (or make sure they understand what is expected of them).<br />
<br />
<br />
===Remote Participation===<br />
The OWASP Foundation has an account with http://www.gotomeeting.com that is free for chapters to use. Account requests can be requested through the http://sl.owasp.org/contactus and details on using GoToMeeting can be found here: https://www.owasp.org/index.php/Chapter_Leader_Handbook/GoToMeeting. As soon as you have scheduled the meeting date and time, the remote participation can also be scheduled so you can include details on your chapter’s wiki page or in your emails.<br />
<br />
<br />
===Speaker Gifts===<br />
Although it is not necessary, giving speakers a small token of appreciation such as an OWASP t-shirt, mug, or pen set is encouraged.<br />
<br />
<br />
===Communication===<br />
The following is a recommended communication schedule for notifying members about an upcoming meeting:<br />
*Three weeks before the meeting - send meeting invitations and make sure meeting information has been posted to your chapter’s wiki page.<br />
*One week before the meeting - send reminders about the meeting to your mailing list and through other social media (LinkedIn, Facebook, Twitter, etc.)<br />
*Upon registration and again one day before the meeting - send confirmation to people that have signed up to attend the meeting.<br />
<br />
<br />
==During the Meeting==<br />
<br />
===Meeting Set-Up===<br />
Arrive early! Ensure that everything for the meeting space is set up before the first attendees will be arriving. Here are a few things you may need to set up or prepare:<br />
*Registration & badges (if any)<br />
*OWASP merchandise and signs including banner<br />
*Remote participation<br />
*Sponsor booths/tables<br />
*Catering - Will food or beverages be served before, during, or after your event? Where will the food be located? Who is providing the food? Will someone need to meet the delivery person at the front door of the building?<br />
*Equipment - projector, sound system, and any special items that may have been requested by the speaker(s)<br />
<br />
<br />
===Video Recording===<br />
If you have the equipment, you may want to consider recording a video of your meeting and posting for members who were not able to attend the meeting. This is also a nice resource for chapter leaders or event organizers to use in the future to screen a speaker or learn about his/her style.<br />
<br />
<br />
The OWASP Speaker Agreement includes authorization for the speaker’s presentation to be recorded and posted. If you plan to record the meeting, you should make sure the speaker is aware and has agreed to the reproduction of his/her presentation.<br />
<br />
<br />
===Time Management===<br />
Spread tasks across many individuals in order to ensure that your meeting runs smoothly and all of the tasks before, during, and after the meeting are handled in a timely fashion. There are usually people that attend the meetings who are willing to want to help the chapter be successful, but are not able to commit to a chapter leadership role - that doesn’t mean they aren’t willing to help out on a meeting-by-meeting basis.<br />
<br />
<br />
===Meeting Content===<br />
*Job announcements:<br/><br />
Some chapters encourage recruiters or other individuals who are hiring in their area to come for their meeting and make the job announcement in person. At the beginning of the meeting they ask anyone who is hiring to stand up and introduce themselves and who they are looking for. Then at a break or after the meeting, attendees can get in touch with them. This encourages recruiters/employers to invest a small amount of time in your chapter (attending the meeting) and also gives both the person hiring and the people looking for jobs the benefit of face-to-face contact.<br />
<br />
*Present an OWASP Update:<br/><br />
Always cover the OWASP mission and goals at each meeting to reinforce it to the attendees of why and what the purpose of the chapter is. Explain the web application security problem in a general way to attract a large crowd and to educate the new members and guests.<br />
<br />
<br />
Additionally, if you or any of your chapter members have recently attended an OWASP conference or other event, this is a good time for a short (5-10 minutes) presentation about the event.<br />
<br />
<br />
*One or more speakers - if you have a general time frame for the speaker(s), make sure to let them know. Also, if you will be having more than one speaker, consider whether you will have a short break between them for attendees to stretch their legs and get refreshments, or whether you will want the change-over time to be quick (and attendees remain in their seats). <br />
<br />
<br />
===Collecting CPE Forms===<br />
Send out CPE credits to attendees that requested them or explain to them that ISC2 (as a example) is a self certify -- if organizations such as those want to designate someone to collect and validate they are welcome to do so, but that is not a responsibility of OWASP Chapter Leaders.<br />
<br />
<br />
===Collecting Feedback===<br />
Collect feedback on the speaker from attendees:<br/><br />
*There are a number of sites available that have feedback templates or allow you to build your own survey: formsite.com, surveymonkey.com, zoomerang.com, Google form, etc.<br />
<br />
*A speaker feedback form developed by the NYC/NJ Metro Chapter is also available for you to use. The NYC/NJ Metro Chapter distributes copies to meeting attendees and asks them to complete them and hand them back in at the end of the meeting. Then the chapter leader (or another person willing to keep track of feedback) quickly adds the totals up to get an idea of which speakers they would like to ask back again to present.<br />
<br />
*This is also a good time to capture potential topics or speakers for upcoming chapter meetings. What would meeting attendees like to learn about? Is anyone at the meeting willing to give a presentation in the future?<br />
<br />
<br />
===Networking/Social Events===<br />
There are a variety of ways to incorporate networking or social interactions into your meeting format. While some chapters designate specific meetings for networking and socializing (no speaker, just meet at a local restaurant or pub), it is more common to allow time for socializing after the meeting. Some meeting venues will be able to host this, but more than likely you will want to relocate to a restaurant or bar nearby. Consider asking the speaker(s) to join you so that guests can have an opportunity for follow up conversations. This time also fosters building a local OWASP community where the guests get to know each other and what is going on in the local appsec community.<br />
<br />
<br />
==After the Meeting==<br />
Review event, lessons learned, what can be improved with the other chapter leaders or board members. Go over any feedback collected at the meeting.<br />
<br />
<br />
===Meeting Minutes (and Photos)===<br />
Post meeting minutes to document what was covered at the meeting, including any announcements or decisions that were made. Pictures from the meeting are also encouraged.<br />
<br />
<br />
===Posting Presentations and Recordings===<br />
In addition to any meeting minutes and photos, try to collect the presentation from the speaker to post on the chapter’s wiki page.<br />
<br />
<br />
If you took a video recording of the meeting, you should post that as well. [http://www.vimeo.com/ Vimeo] is commonly used to host the uploaded video, which can then be linked to your chapter page.<br />
<br />
<br />
===Follow-up Communication===<br />
Once you post meeting materials such as minutes, pictures, presentation, or video to your chapter wiki page, send a follow up email to meeting guests thanking them for attending, letting them know about the next meeting (if you have the information), and directing them to the material on your wiki page.<br />
<br />
<br />
If you collected any new email addresses, this will also be a confirmation that you have added their name to the mailing list.<br />
<br />
<br />
===Certificate of Attendance===<br />
It is not standard practice for OWASP to issue Certificates of Attendance for Chapter Meetings. Your chapter nominating someone hold onto a meeting sign-in sheet after each meeting. Meeting attendees are still responsible for submitting their own CPEs, but then the Chapter Leader (or whoever is keeping track of the sign-in sheets) can go back and audit against the chapter’s sign-in sheet if (ISC)2 or another organization audits them.<br />
<br />
[[Category:Chapter_Handbook]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=Newcastle&diff=178783Newcastle2014-07-14T20:56:46Z<p>Connor Carr: </p>
<hr />
<div>{{Chapter Template|chaptername=Newcastle|extra=The chapter leader is [mailto:connor.carr@owasp.org Connor Carr]<br />
<br />
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}<br />
<br />
= Next Meeting =<br />
<br />
None currently scheduled, please watch this space for updates soon.<br />
<br />
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Upcoming Events =<br />
<br />
To be confirmed. We are currently looking at the possibility of a September meeting.<br />
<br />
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.<br />
<br />
Everyone is welcome to join us at our chapter meetings.<br />
<br />
= Past Events =<br />
<br />
'''2014 Dates'''<br />
<br />
None currently, we are a new chapter.<br />
<br />
= Chapter Leaders =<br />
<br />
The chapter leaders are:<br />
<br />
* [[User:Connor Carr|Connor Carr]]<br />
<br />
Once the group is up and running we will be looking for more leaders.<br />
<br />
<br />
= Local Organisations =<br />
<br />
Other related organisations in the Newcastle area:<br />
<br />
* Coming soon...<br />
<br />
Please get in touch with one of the chapter leaders to get your organisation listed here.<br />
<br />
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.<br />
<br />
__NOTOC__ <headertabs /><br />
<br />
[[Category:OWASP Chapter]]<br />
[[Category:United Kingdom]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=User:HelenGao&diff=178216User:HelenGao2014-07-08T13:03:24Z<p>Connor Carr: </p>
<hr />
<div>https://www.owasp.org/index.php/User:Helen_Gao</div>Connor Carrhttps://wiki.owasp.org/index.php?title=User:HelenGao&diff=178215User:HelenGao2014-07-08T13:02:26Z<p>Connor Carr: Redirected page to Https://www.owasp.org/index.php/User:Helen Gao</p>
<hr />
<div>#REDIRECT [[https://www.owasp.org/index.php/User:Helen_Gao]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=OWASP_JBroFuzz&diff=178212OWASP JBroFuzz2014-07-08T08:57:34Z<p>Connor Carr: Redirected page to Category:JBroFuzz</p>
<hr />
<div>#redirect [[:Category:JBroFuzz]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=OWASP_JBroFuzz&diff=178211OWASP JBroFuzz2014-07-08T08:56:33Z<p>Connor Carr: Changed redirect.</p>
<hr />
<div>#redirect [[https://www.owasp.org/index.php/JBroFuzz]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=User:HelenGao&diff=178210User:HelenGao2014-07-08T08:54:40Z<p>Connor Carr: Redirected page to PLEASE DELETE https://www.owasp.org/index.php/User:Helengao</p>
<hr />
<div>#REDIRECT [[PLEASE DELETE https://www.owasp.org/index.php/User:Helengao]]</div>Connor Carrhttps://wiki.owasp.org/index.php?title=OWASP:Autoconfirmed_users&diff=178208OWASP:Autoconfirmed users2014-07-08T08:50:54Z<p>Connor Carr: </p>
<hr />
<div>Autoconfirmed users are wiki users who are members of the "autoconfirmed" user group. This is a special user group which is allocated automatically based on certain criteria. Note that ALL criteria need to be satisfied for an account to be automatically promoted to the autoconfirmed user group.</div>Connor Carr