Birmingham

2011-12-09T11:52:03Z

Owasp birmingham:

Birmingham

2011-12-09T11:46:38Z

Owasp birmingham:

Birmingham

2011-12-09T11:42:00Z

Owasp birmingham:

{{Chapter Template|chaptername=Birmingham, UK|extra=Details of your our Chapter Leaders are [[here]] |mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-birmingham|emailarchives=http://lists.owasp.org/pipermail/owasp-birmingham}}

OWASP is a charitable organisation. Our chapter meetings are free to attend but there are always costs associated with running them. Any amount of donation is appreciated and will be used entirely to enhance the chapter meetings: <paypal>Birmingham</paypal>

== Chapter News ==

'''Planned Chapter Meetings'''

March 2012 Venue:TBC

June2012 Venue:TBC

September 2012 Venue:TBC

December 2012 Venue:TBC

== Next Meeting ==
'''Date:''' Thursday 15th December::: Please RSVP via '''[http://owaspbrum.eventbrite.co.uk eventbrite]''' You must register prior to the event. We have to supply KPMG a list of attendees 24 hours before the meeting. If all tickets are gone please request to go on the standby list

'''Location:''' KPMG Offices Birmingham

One Snowhill

Snow Hill Queensway

Birmingham

West Midlands

B4 6GH

'''Schedule: 18:00 for 18:20 start'''

'''18:20-18:30'''

OWASP Chapter introduction. OWASP values and membership. Chapter information.

OWASP Birmingham Chapter Leader

'''18:30 - 19:10'''

'''Talk 1''' ''Agnitio: the security code review Swiss army knife''

Teaching developers to write secure code, helping security professionals find security flaws in source code, producing application security metrics and reports with integrity checks and audit trails. If you want to implement an SDLC that produces secure software with the audit trails and reports frequently demanded by auditors and management you need to acknowledge that these are key constituents and implement them in a form that is both easy to understand and use.

This is far easier to talk about than it is to implement in the real world where well structured SDLC’s are rare and application security programmes are usually under funded. Working with developers, security professionals and management to cultivate an environment where secure code is written and flaws found consistently requires both time and money. The same can be said for producing informative reports and metrics when all of your security code review data resides in notepad, Word and Excel files. With these problems in mind I developed Agnitio to be my security code review Swiss army knife and released it as a free tool in late 2010.

In this demonstration filled talk I will show how Agnitio can be used to addresses repeatability, integrity and audit trail concerns by requiring the creation of application profiles, the use of a security code review checklist consisting of over 80 application security questions and mandatory integrity checks for reviews and reports created using the tool. I will demonstrate how the inbuilt secure coding and security code review guidance modules allow developers and security professionals to access the information they need precisely when they need it. I will also show how Agnitio automatically creates metrics and reports bringing much needed visibility to the security code review process with no extra effort required from the reviewer, developers or management.

Agnitio v2.1 will be demonstrated during this talk which will show how Agnitio’s already powerful feature set has been expanded to guidance and questions linked to the OWASP top 10 mobile risks as well as the ability to decompile and analyse Android applications.

'''Speaker''''' David Rook Application Security Lead - Realex Payments Ltd''

'''19:30 - 20:10'''

'''Talk 2:''' ''Mobile Security - The Tune is Different, The Dance is the Same''

Paco Hope will discuss what is fundamentally new about mobile applications, and what is fundamentally not new with respect to securing them. Looking at how the platforms work, their respective app stores, and the role of carriers and their security, we will understand four golden rules to ensuring secure use and development of mobile apps. Whether we are the app developer, security professional, or just someone trying to use their mobile securely, these four rules are important to know.

'''Speaker''' Paco Hope, Principal Consultant, Cigital

'''20:20 -21-00'''

'''Talk 3:''' ''Mobile Application Security''

This talk will start by taking a look at the mobile applosion that we have all witnessed since the Apple App Store was launched on the 11th July 2008. Mobile users have downloaded over 25 billion mobile apps since that day which is roughly 14,000 apps for every minute since Apple launched the App Store. Those kinds of numbers make it clear that mobile apps are big business and that we need to quickly understand how to secure these applications.

I will show how mobile manufacturers and network operators are now a big part of your threat models and how their approach to security could undermine your application security efforts.

The final part of the talk will focus on Android and iOS applications. I will give an overview of each platform as well guidance on how you should approach security code reviews for Android and iOS applications.

'''Speaker''' ''David Rook Application Security Lead - Realex Payments Ltd''

'''Speaker Bio's'''

'''David Rook''' is the Application Security Lead at Realex Payments in Dublin. He is a contributor to several OWASP projects including the code review guide and the Cryptographic Storage Cheat Sheet. He has presented at leading information security conferences including DEF CON, BlackHat USA and RSA Europe. In addition to his work with OWASP David created a security resource website and blog called Security Ninja (http://www.securityninja.co.uk).

In 2010 the Security Ninja blog was nominated for five awards including the best technology blog at the Irish Blog Awards, the Computer Weekly IT Security blog award and was a finalist for the Irish Web Awards Best Technology Site. In 2011 David received a Developer Security MVP award from Microsoft. David has recently become one of the first mentors in the Information Security Mentors project helping young people progress their information security careers.

'''Paco Hope''' is a Principal Consultant with Cigital, Inc. and has 12 years of experience in mobile security, embedded security, web software security and operating system security. He has led numerous engagements assessing source code and implementations of mobile phones, lottery systems, casino gaming devices, smart cards and web applications. He is the co-author of The Web Security Testing Cookbook and Mastering FreeBSD and OpenBSD Security. Mr. Hope also serves on the Application Security Advisory Board of (ISC)2, acting as a subject matter expert for the Certified Information Systems Security Professional (CISSP) and the Certified Secure Software Lifecycle Professional (CSSLP).

== Past Events ==

[[Category:OWASP Chapter]]
[[Category:United Kingdom]]

Birmingham Chapter Leaders

2011-12-09T10:46:53Z

Owasp birmingham:

== Chapter Leaders ==

'''Mike Kemp''' -Co-Founder Xiphos Research Labs

Mike has been involved in the IT security industry since Adam was a lad. He has talked at many security conferences around the globe and is well known and respected throughout the industry.

'''Tom Mackenzie''' - Web appliction security consultant at Trustwave

Tom loves Yorkie bars.... but apart from that and despite his young years he has a wealth of web application security knowledge. He has also supported the Leeds and Manchester chapters by often speaking and presenting at them

'''Ian Williams''' -IT Security Analyst at RWE IT UK.

Ian has a wealth of operational security experience including logging and monitoring technologies.He also holds SANS certifications GCIH, GAWN and GPEN

'''Majid Ali''' -Technical Security Analyst at NEC Group

Majid has great experience in PCI-DSS compliance and is a PCI-ISA. He also has a lot of experience with Juniper networks and is starting to focus on web application security

'''Jason Alexander''' - Security Architect KPMG

Jason has over 10 years of information security experience. He has an avid interest in web application security and especially web services security. Jason is also heavlity involved in both the Manchester and Leeds chapters too.

'''Contact:''' [mailto:jason.alexander@owasp.org jason.alexander@owasp.org] [http://twitter.com/#0wasp Twitter]

Birmingham Chapter Leaders

2011-12-09T09:44:43Z

Owasp birmingham: Created page with "'''Jason Alexander''' - Security Architect KPMG Jason has over 10 years of information security experience. He has an avid interest in web application security and especially web..."

'''Jason Alexander''' - Security Architect KPMG
Jason has over 10 years of information security experience. He has an avid interest in web application security and especially web services security.
'''Contact:''' mailto:jason.alexander@owasp.org [http://twitter.com/#0wasp]

Birmingham

2011-12-09T09:39:09Z

Owasp birmingham: