OWASP - User contributions [en]

Leeds UK

2013-03-15T11:24:39Z

Mike Woodhead:

{{Chapter Template|chaptername=Leeds UK|extra=

This is a new chapter and we are looking for enthusiatic new members to make this one of the best OWASP chapters. We are hoping to accumalate a good proportion of subject matter experts who will in turn be able to provide guidance and presentations for the benefit of all chapter members. So please join the mailing list and contribute.

Details of your chapter Board members can be found here [[Leeds_UK_chapter_leaders]]

The chapter email address is [mailto:owaspleeds@gmail.com owaspleeds@gmail.com]

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Leeds_UK|emailarchives=http://lists.owasp.org/pipermail/owasp-Leeds_UK}}

<paypal>Leeds_UK</paypal>

== Sponsors ==

Many thanks to our first silver sponsor, [http://www.activityim.com/ Activity Information Management Ltd.]

[[File:Activity_logo.png|200px|thumb|left]]

= Planned Meetings =

Nov 2012

Jan 2013

April 2013

July 2013

October 2013

== Next Meeting ==
'''UKSG and OWASP meetings are free to attend and are open to all those interested in web application and information security.

This is our first combined meeting of the NUKSG and OWASP Leeds groups. We hope that this will encourage new friendships and new interest between the two groups. You can subscribe to both groups to be notified of future events via their websites.
'''
Buffet food and a drink on arrival are kindly provided by our sponsors DVV Solutions and Activity IM (http://www.activityim.com). Please bring your ticket! Further drinks are available for purchase at the venue.

Please book your place quickly as we expect a big turnout!

'''6.00pm - Networking Drinks'''

We will be arriving from 6pm with an opportunity to chat over a beer before we formally start at 6.20pm in the conservatory room.

'''6.20pm - Introduction'''

About OWASP and NUKSG, who we are and what we do. How you can get involved and how you can support NUKSG and the work of OWASP. We'll also have a brief update on the NUKSG team entry to White Hat Rally's 2013 pirates and smugglers themed rally - Pieces of V8 - places are available on the team and corporate sponsors needed.

'''6.30pm - Food!'''

'''6.45pm - Arron "Finux" Finnon - What is OSNIF?'''

"Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for a while, and i get either "that's awesome" or "they've been done to death". The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation.

For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF?"

Arron "Finux" Finnon is a Research Consultant at Activity Information Management Limited.

'''7.45pm - Break'''

'''8.00pm - Campbell Murray - API's, creating and abusing'''

This talk looks at the rise of the API and its increasing prevalence in web services. As APIs' are more commonly understood their use is growing, but as with all technology, the more people doing it, the more opportunities for getting it wrong. We will take a rapid look into creating, abusing and fixing the Application Programming Interface.

'''8.55pm - Closing remarks'''

'''9.00pm - Retire to bar'''

== Past Events ==

'''2012 Dates'''

[[Leeds_UK/Feb_2012]]

[[Leeds_UK/June_2012]]

'''2011 Dates'''

[[Leeds_UK/October_2011_Leeds]]

[[June_2011]]

'''2010 Dates'''

[[8th_December_Leeds]]

[[15th_September_Leeds]]

[[16th_june_Leeds]]

[[17th March - Leeds]]

'''2009 Dates'''

[[14th October 2009 - Leeds]]

[[Category:United Kingdom]]
[[Category:Europe]]

Leeds UK

2012-11-19T21:10:20Z

Mike Woodhead:

Leeds UK

2012-11-19T15:52:11Z

Mike Woodhead:

File:Activity logo.png

2012-11-19T15:49:45Z

Mike Woodhead: activitysponsorlogo

activitysponsorlogo

Leeds UK

2012-11-19T11:59:12Z

Mike Woodhead:

Leeds UK

2012-11-15T15:11:01Z

Mike Woodhead:

Leeds UK

2012-10-25T15:14:18Z

Mike Woodhead:

Leeds UK

2012-09-14T09:11:05Z

Mike Woodhead:

Leeds UK

2012-09-14T09:10:00Z

Mike Woodhead:

Leeds UK/June 2012

2012-09-14T09:08:58Z

Mike Woodhead: Created page with "'''Date:''' Wednesday 13th June Leeds '''Location''' This chapter meeting is being kindly hosted by [PWC http://www.pwc.co.uk/governance-risk-compliance/issues/sustainable-in..."

'''Date:''' Wednesday 13th June Leeds

'''Location''' This chapter meeting is being kindly hosted by [PWC http://www.pwc.co.uk/governance-risk-compliance/issues/sustainable-information-security.jhtml]. Please ensure you RSVP with a REAL name so that we can supply the information to PWC building security. Please register on eventbrite here: http://www.eventbrite.com/event/3688111240

https://maps.google.com/maps?f=q&hl=en&q=LS1+4JP&ll=53.796576,-1.556271&spn=0.012218,0.042915

'''Schedule: 18:15 for 18:30 start'''

'''18:30-18:45'''

OWASP Chapter introduction. OWASP values and membership. Chapter information.

OWASP Leeds board member

'''18:45-19:45'''

Jason Alexander - Security Architect KPMG, OWASP board member

Utilising OWASP resources to build security into the SDLC - In this presentaion Jason will show how the free and open resources of OWASP (Open Web Application Security Project) can be utilised to initially measure the current status and maturity of security within your software development life cycle and then drive improvements at every stage. From setting security requirements and implementing standards to developer training, software testing and all importantly measuring results.

'''19:45-20:45'''

Jason Steer - has worked in IT security for 15 years and works as a solution architect for Silver Tail across Europe

Silver Tail - will discuss and walk through some real world attacks being seen by our customers web applications from banking, ecommerce, travel etc to show various business logic abuse cases of website functionality. Attacks are on the rise however most businesses are not aware of the extent of attacks on an hourly basis.

'''20:45-close'''

Leeds UK

2012-09-14T09:06:41Z

Mike Woodhead:

Leeds UK chapter leaders

2011-06-18T21:28:20Z

Mike Woodhead:

== Chapter Board/Leaders ==

'''Jason Alexander''' Application Security Specialist - KPMG

Jason has over 10 years of information security experience. He has an avid interest in web application security and especially web services security.

[mailto:jason.alexander@owasp.org jason.alexander@owasp.org]

'''Craig Cantwell''' Senior Security specialist - Department of Health Informatics

Craig is a seasoned security professional who has helped in the past with OWASP Leeds events. He has now moved onto the board were his experience and contacts will help deliver great OWASP chapter events.

'''Nadim Nawaz''' SmoothWall Ltd

Nadim is a Business Development Manager at SmoothWall Ltd. Nadim has over 8 years experience in the Internet Security Industry.

'''Simon Bennetts''' Technical Team Lead - Sage Ltd

Simon is based in Manchester is leading up the OWASP Chapter meets for Manchester.

'''Martin Law''' Director - First Defence Information Security Limited

Martin is also the Vice chair of CREST Standards Committee and a very experienced security consultant.

'''Mike Woodhead''' Senior Security Consultant - Activity Information Management LTD

Mike has over 10 years experience in the security industry, both as an e-commerce developer and penetration tester. While he has a well rounded skill set, he prefers the challenge associated with web application testing.
He currently holds the Crest Certified Web Application Tester certification.

We can all be contacted through [mailto:owaspleeds@gmail.com owaspleeds@gmail.com]

Please remember, there is no limit on the amount of chapter leaders. If you feel you can contribute to the success of the chapter then please volunteer.

Leeds UK chapter leaders

2011-06-18T21:24:56Z

Mike Woodhead:

== Chapter Board/Leaders ==

'''Jason Alexander''' Application Security Specialist - NHS Technology Office

Jason has over 10 years of information security experience. He has an avid interest in web application security and especially web services security.

[mailto:jason.alexander@owasp.org jason.alexander@owasp.org]

'''Craig Cantwell''' Senior Security specialist - Department of Health Informatics

Craig is a seasoned security professional who has helped in the past with OWASP Leeds events. He has now moved onto the board were his experience and contacts will help deliver great OWASP chapter events.

'''Nadim Nawaz''' SmoothWall Ltd

Nadim is a Business Development Manager at SmoothWall Ltd. Nadim has over 8 years experience in the Internet Security Industry.

'''Simon Bennetts''' Technical Team Lead - Sage Ltd

Simon is based in Manchester is leading up the OWASP Chapter meets for Manchester.

'''Martin Law''' Director - First Defence Information Security Limited

Martin is also the Vice chair of CREST Standards Committee and a very experienced security consultant.

'''Mike Woodhead''' Senior Security Consultant - Activity Information Management LTD

Mike has over 10 years experience in the security industry, both as an e-commerce developer and penetration tester. While he has a well rounded skill set, he prefers the challenge associated with web application testing.
He currently holds the Crest Certified Web Application Tester certification.

We can all be contacted through [mailto:owaspleeds@gmail.com owaspleeds@gmail.com]

Please remember, there is no limit on the amount of chapter leaders. If you feel you can contribute to the success of the chapter then please volunteer.

Leeds UK

2011-06-18T21:22:01Z

Mike Woodhead:

17th March - Leeds

2010-03-25T09:44:35Z

Mike Woodhead:

'''Location:''' Novotel Leeds, 4 Whitehall quay, Leeds, LS1 4HR

'''Schedule:'''

'''18:00 for 18:15 start'''

'''18:15 - 18:30'''

OWASP Chapter introduction. OWASP values. Chapter information.

OWASP Leeds Chapter Board

[[Media:Leeds17032010.ppt]]

'''18:30 - 19:00'''

Introduction to DVWA (Damn Vulnerable Web Application)

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. More information regarding Ryan and DVWA can be found on his personal blog http://www.ethicalhack3r.co.uk or on the official DVWA homepage http://www.dvwa.co.uk/

Ryan Dewhurst - Lead developer and creator of DVWA

[[Media:DVWA.ppt]]

'''19:00 - 19:45'''

Empirical Software Security Assurance

‘Empirical Software Security Assurance’ that compares and contrasts the approach to application security taken by 9 leading European companies along with practical tips that can be applied to any organisation regardless of scale.

David Anumudu - Software Security Consultant for Fortify Software EMEA

'''19:45 - 20:30''' - (if time permits)

Attacking Web Services

Companies worldwide are deploying SOA infrastructure using web services both in intranet and extranet environments. While web services offer many advantages over traditional alternatives they are often over looked when it comes to security. This presentation hopes to educate the audience about web services and their potential vulnerabilities. Also included (technology gremlins permitting) will be some attack vector demonstrations.

Jason Alexander - OWASP Leeds Board Member.

[[Media:Attacking_Web_Services.ppt‎]]

'''20:30'''

Finish/Networking

Don't forget to RSVP via the eventbrite website. http://www.eventbrite.com/event/604010612

File:Leeds17032010.ppt

2010-03-25T09:41:23Z

Mike Woodhead:

File:DVWA.ppt

2010-03-25T09:32:34Z

Mike Woodhead:

Damn Vulnerable Web App - Ryan Dewhurst

File:DVWA.ppt

2010-03-25T09:31:13Z

Mike Woodhead: Attacking Web Services - Jason Alexander

Attacking Web Services - Jason Alexander

File:Attacking Web Services.ppt

2010-03-25T09:29:51Z

Mike Woodhead: Attacking Web Services - Jason Alexander

Attacking Web Services - Jason Alexander

Leeds UK

2010-03-23T18:55:16Z

Mike Woodhead: /* Next Meeting */

Leeds UK

2010-03-23T18:51:08Z

Mike Woodhead: /* Past Events */

Leeds UK

2010-03-23T18:50:35Z

Mike Woodhead: /* 2010 Dates */

Leeds UK

2010-03-23T18:50:03Z

Mike Woodhead: /* Past Events */

17th March - Leeds

2010-03-23T18:49:24Z

Mike Woodhead:

'''Location:''' Novotel Leeds, 4 Whitehall quay, Leeds, LS1 4HR

'''Schedule:'''

'''18:00 for 18:15 start'''

'''18:15 - 18:30'''

OWASP Chapter introduction. OWASP values. Chapter information.

OWASP Leeds Chapter Board

'''18:30 - 19:00'''

Introduction to DVWA (Damn Vulnerable Web Application)

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. More information regarding Ryan and DVWA can be found on his personal blog http://www.ethicalhack3r.co.uk or on the official DVWA homepage http://www.dvwa.co.uk/

Ryan Dewhurst - Lead developer and creator of DVWA

'''19:00 - 19:45'''

Empirical Software Security Assurance

‘Empirical Software Security Assurance’ that compares and contrasts the approach to application security taken by 9 leading European companies along with practical tips that can be applied to any organisation regardless of scale.

David Anumudu - Software Security Consultant for Fortify Software EMEA

'''19:45 - 20:30''' - (if time permits)

Attacking Web Services

Companies worldwide are deploying SOA infrastructure using web services both in intranet and extranet environments. While web services offer many advantages over traditional alternatives they are often over looked when it comes to security. This presentation hopes to educate the audience about web services and their potential vulnerabilities. Also included (technology gremlins permitting) will be some attack vector demonstrations.

Jason Alexander - OWASP Leeds Board Member.

'''20:30'''

Finish/Networking

Don't forget to RSVP via the eventbrite website. http://www.eventbrite.com/event/604010612

Leeds UK

2010-03-23T18:49:02Z

Mike Woodhead: /* Past Events */

14th October 2009 - Leeds

2010-03-23T18:48:31Z

Mike Woodhead:

'''Location:''' Leeds Novotel, 4 Whitehall, Whitehall Quay, Leeds, LSI 4HR.

'''Schedule:'''

6:00pm - 6:15pm Registration & refreshments

6:15pm - 6:30pm OWASP Leeds Chapter Presentation - Jason Alexander

''Introduction to OWASP and its charter. Leeds Chapter details.''

6:30pm - 7:30pm "The right way to secure Oracle" - Pete Finnigan

''The talk covers the process of securing an Oracle deatabase but with a proper focus to the task rather than simply following a checklist. A checklist is fine for general hardening but not for securing data as there is no method to ensure that the data that must be protected has indeed been protected.''

7:30pm - 8:30pm "SQL Injection - how far does the rabbit hole go? " - Justin clarke

''SQL Injection has been around for over 10 years, and yet it is still to this day not truly understood by many security professionals and developers. With the recent mass attacks against sites across the world it has again come to the fore of vulnerabilities under the spotlight, however many consider it to only be a data access issue, or parameterized queries to be a panacea. Explore some of the deeper, darker danger areas of SQL Injection, hybrid attacks, and exploiting obscure database functionality, and what we could possibly expect to see next out of this venerable application security issue.''

'''Speaker Bio's'''

''Jason Alexander''

Currently a Security Specialist working for the NHS Technology Office. Jason has over 8 years of information security experience in a variety of business and public sectors from ISP's to goverment. Jason has a keen interest in web application and web services security and is the Leeds Chapter Leader.

''Pete Finningan''

Pete Finnigan specialises in the Security of Oracle databases. Pete has been interested in Oracle Security for many years and more recently in generally database security. Pete has also written the book "Oracle Security Step-by-step" and has produced many papers on the subject of oracle security. Pete has also produced a number of security tools that can aid in securing a database. More information can be found at Pete's web site http://www.petefinnigan.com

''Justin Clarke''

Justin has over 12 years experience in testing the security of networks, web applications and wireless networks for large financial, retail and technology clients from all around the globe. Justin is a contributing author to a number of security books and is the lead author of the book "SQL Injection Attacks and Defense" as well as a speaker at many conferences including Black Hat USA, RSA, SANS and OWASP. He is the author of the open source SQLBrute blind SQL injection exploitation tool, and is the chapter leader for the London chapter of OWASP. More information regarding Justin can be found on his company website http://www.gdssecurity.com/

14th October 2009 - Leeds

2010-03-23T18:48:16Z

Mike Woodhead: Created page with ''''Date:''' 14th October 6:00pm '''Location:''' Leeds Novotel, 4 Whitehall, Whitehall Quay, Leeds, LSI 4HR. '''Schedule:''' 6:00pm - 6:15pm Registration & refreshments 6:15p…'

'''Date:''' 14th October 6:00pm

'''Location:''' Leeds Novotel, 4 Whitehall, Whitehall Quay, Leeds, LSI 4HR.

'''Schedule:'''

6:00pm - 6:15pm Registration & refreshments

6:15pm - 6:30pm OWASP Leeds Chapter Presentation - Jason Alexander

''Introduction to OWASP and its charter. Leeds Chapter details.''

6:30pm - 7:30pm "The right way to secure Oracle" - Pete Finnigan

''The talk covers the process of securing an Oracle deatabase but with a proper focus to the task rather than simply following a checklist. A checklist is fine for general hardening but not for securing data as there is no method to ensure that the data that must be protected has indeed been protected.''

7:30pm - 8:30pm "SQL Injection - how far does the rabbit hole go? " - Justin clarke

''SQL Injection has been around for over 10 years, and yet it is still to this day not truly understood by many security professionals and developers. With the recent mass attacks against sites across the world it has again come to the fore of vulnerabilities under the spotlight, however many consider it to only be a data access issue, or parameterized queries to be a panacea. Explore some of the deeper, darker danger areas of SQL Injection, hybrid attacks, and exploiting obscure database functionality, and what we could possibly expect to see next out of this venerable application security issue.''

'''Speaker Bio's'''

''Jason Alexander''

Currently a Security Specialist working for the NHS Technology Office. Jason has over 8 years of information security experience in a variety of business and public sectors from ISP's to goverment. Jason has a keen interest in web application and web services security and is the Leeds Chapter Leader.

''Pete Finningan''

Pete Finnigan specialises in the Security of Oracle databases. Pete has been interested in Oracle Security for many years and more recently in generally database security. Pete has also written the book "Oracle Security Step-by-step" and has produced many papers on the subject of oracle security. Pete has also produced a number of security tools that can aid in securing a database. More information can be found at Pete's web site http://www.petefinnigan.com

''Justin Clarke''

Justin has over 12 years experience in testing the security of networks, web applications and wireless networks for large financial, retail and technology clients from all around the globe. Justin is a contributing author to a number of security books and is the lead author of the book "SQL Injection Attacks and Defense" as well as a speaker at many conferences including Black Hat USA, RSA, SANS and OWASP. He is the author of the open source SQLBrute blind SQL injection exploitation tool, and is the chapter leader for the London chapter of OWASP. More information regarding Justin can be found on his company website http://www.gdssecurity.com/

Leeds UK

2010-03-23T18:46:28Z

Mike Woodhead: /* Past Events */

Leeds UK

2010-03-23T18:45:49Z

Mike Woodhead: /* Next Meeting */

17th March - Leeds

2010-03-23T18:44:37Z

Mike Woodhead: Created page with '== Next Meeting == '''Date:''' Wednesday 17th March '''Location:''' Novotel Leeds, 4 Whitehall quay, Leeds, LS1 4HR '''Schedule:''' '''18:00 for 18:15 start''' '''18:15 - 1…'

== Next Meeting ==
'''Date:''' Wednesday 17th March

'''Location:''' Novotel Leeds, 4 Whitehall quay, Leeds, LS1 4HR

'''Schedule:'''

'''18:00 for 18:15 start'''

'''18:15 - 18:30'''

OWASP Chapter introduction. OWASP values. Chapter information.

OWASP Leeds Chapter Board

'''18:30 - 19:00'''

Introduction to DVWA (Damn Vulnerable Web Application)

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. More information regarding Ryan and DVWA can be found on his personal blog http://www.ethicalhack3r.co.uk or on the official DVWA homepage http://www.dvwa.co.uk/

Ryan Dewhurst - Lead developer and creator of DVWA

'''19:00 - 19:45'''

Empirical Software Security Assurance

‘Empirical Software Security Assurance’ that compares and contrasts the approach to application security taken by 9 leading European companies along with practical tips that can be applied to any organisation regardless of scale.

David Anumudu - Software Security Consultant for Fortify Software EMEA

'''19:45 - 20:30''' - (if time permits)

Attacking Web Services

Companies worldwide are deploying SOA infrastructure using web services both in intranet and extranet environments. While web services offer many advantages over traditional alternatives they are often over looked when it comes to security. This presentation hopes to educate the audience about web services and their potential vulnerabilities. Also included (technology gremlins permitting) will be some attack vector demonstrations.

Jason Alexander - OWASP Leeds Board Member.

'''20:30'''

Finish/Networking

Don't forget to RSVP via the eventbrite website. http://www.eventbrite.com/event/604010612

14th October - Leeds

2010-03-23T18:43:54Z

Leeds UK

2010-03-23T18:43:41Z

Mike Woodhead: /* Past Events */

Leeds UK

2010-03-23T17:44:03Z

Mike Woodhead: /* 2010 Planned Meetings */

{{Chapter Template|chaptername=Leeds UK|extra=

This is a new chapter and we are looking for enthusiatic new members to make this one of the best OWASP chapters. We are hoping to accumalate a good proportion of subject matter experts who will in turn be able to provide guidance and presentations for the benefit of all chapter members. So please join the mailing list and contribute.

Details of your chapter Board members can be found here [[Leeds_UK_chapter_leaders]]

The chapter email address is [mailto:owaspleeds@gmail.com owaspleeds@gmail.com]

|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Leeds_UK|emailarchives=http://lists.owasp.org/pipermail/owasp-Leeds_UK}}

<paypal>Leeds_UK</paypal>

== 2010 Planned Meetings ==

June 16th

September 15th

December 8th

== Next Meeting ==
'''Date:''' Wednesday 17th March

'''Location:''' Novotel Leeds, 4 Whitehall quay, Leeds, LS1 4HR

'''Schedule:'''

'''18:00 for 18:15 start'''

'''18:15 - 18:30'''

OWASP Chapter introduction. OWASP values. Chapter information.

OWASP Leeds Chapter Board

'''18:30 - 19:00'''

Introduction to DVWA (Damn Vulnerable Web Application)

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. More information regarding Ryan and DVWA can be found on his personal blog http://www.ethicalhack3r.co.uk or on the official DVWA homepage http://www.dvwa.co.uk/

Ryan Dewhurst - Lead developer and creator of DVWA

'''19:00 - 19:45'''

Empirical Software Security Assurance

‘Empirical Software Security Assurance’ that compares and contrasts the approach to application security taken by 9 leading European companies along with practical tips that can be applied to any organisation regardless of scale.

David Anumudu - Software Security Consultant for Fortify Software EMEA

'''19:45 - 20:30''' - (if time permits)

Attacking Web Services

Companies worldwide are deploying SOA infrastructure using web services both in intranet and extranet environments. While web services offer many advantages over traditional alternatives they are often over looked when it comes to security. This presentation hopes to educate the audience about web services and their potential vulnerabilities. Also included (technology gremlins permitting) will be some attack vector demonstrations.

Jason Alexander - OWASP Leeds Board Member.

'''20:30'''

Finish/Networking

Don't forget to RSVP via the eventbrite website. http://www.eventbrite.com/event/604010612

== Past Events ==

'''Date:''' 14th October 6:00pm

'''Location:''' Leeds Novotel, 4 Whitehall, Whitehall Quay, Leeds, LSI 4HR.

'''Schedule:'''

6:00pm - 6:15pm Registration & refreshments

6:15pm - 6:30pm OWASP Leeds Chapter Presentation - Jason Alexander

''Introduction to OWASP and its charter. Leeds Chapter details.''

6:30pm - 7:30pm "The right way to secure Oracle" - Pete Finnigan

''The talk covers the process of securing an Oracle deatabase but with a proper focus to the task rather than simply following a checklist. A checklist is fine for general hardening but not for securing data as there is no method to ensure that the data that must be protected has indeed been protected.''

7:30pm - 8:30pm "SQL Injection - how far does the rabbit hole go? " - Justin clarke

''SQL Injection has been around for over 10 years, and yet it is still to this day not truly understood by many security professionals and developers. With the recent mass attacks against sites across the world it has again come to the fore of vulnerabilities under the spotlight, however many consider it to only be a data access issue, or parameterized queries to be a panacea. Explore some of the deeper, darker danger areas of SQL Injection, hybrid attacks, and exploiting obscure database functionality, and what we could possibly expect to see next out of this venerable application security issue.''

'''Speaker Bio's'''

''Jason Alexander''

Currently a Security Specialist working for the NHS Technology Office. Jason has over 8 years of information security experience in a variety of business and public sectors from ISP's to goverment. Jason has a keen interest in web application and web services security and is the Leeds Chapter Leader.

''Pete Finningan''

Pete Finnigan specialises in the Security of Oracle databases. Pete has been interested in Oracle Security for many years and more recently in generally database security. Pete has also written the book "Oracle Security Step-by-step" and has produced many papers on the subject of oracle security. Pete has also produced a number of security tools that can aid in securing a database. More information can be found at Pete's web site http://www.petefinnigan.com

''Justin Clarke''

Justin has over 12 years experience in testing the security of networks, web applications and wireless networks for large financial, retail and technology clients from all around the globe. Justin is a contributing author to a number of security books and is the lead author of the book "SQL Injection Attacks and Defense" as well as a speaker at many conferences including Black Hat USA, RSA, SANS and OWASP. He is the author of the open source SQLBrute blind SQL injection exploitation tool, and is the chapter leader for the London chapter of OWASP. More information regarding Justin can be found on his company website http://www.gdssecurity.com/

[[Category:United Kingdom]]

User talk:Mike Woodhead

2010-02-02T11:21:35Z

Mike Woodhead:

Senior security consultant, currently working at Selex Communications UK LTD. Mike has over 9 years experience in the security industry, both as an E-commerce developer and penetration tester. Whilst he has a well rounded
skill set, mike prefers the challenge associated with web application testing.