This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cambridge"

From OWASP
Jump to: navigation, search
(full program)
 
(52 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Cambridge|extra=The chapter leaders are [mailto:[email protected] Adrian Winckles ]  and [mailto:[email protected] Steven van der Baan].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cambridge|emailarchives=http://lists.owasp.org/pipermail/owasp-Cambridge}}
 
{{Chapter Template|chaptername=Cambridge|extra=The chapter leaders are [mailto:[email protected] Adrian Winckles ]  and [mailto:[email protected] Steven van der Baan].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Cambridge|emailarchives=http://lists.owasp.org/pipermail/owasp-Cambridge}}
  
<paypal>Cambridge</paypal>
+
<b>Join our [https://www.meetup.com/OWASP-Cambridge-Meetup/ MeetUp]!<br>  
<!-- first tab -->
 
= Local News =
 
==='''Local News'''===
 
  
'''OWASP Cambridge Chapter Security Spring Seminar'''
+
Follow us on  [http://twitter.com/#!/owaspcambs Twitter]<br>
  
Tuesday 7th March 2017 17:30 – 20:30, Lord Ashcroft Building (LAB002), Anglia Ruskin University, Cambridge.
+
Talk to us on [https://owasp.slack.com/app_redirect?channel=chapter-cambridge Slack]<br>
Hosted by the Department of Computing & Technology, Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter
 
  
'''Spring Presentations'''
+
</b>
  
'''Guest speaker: Andrew Tillman, 8ARC Ltd'''
+
For updates, events, membership; please visit our meet up page: http://www.meetup.com/OWASP-Cambridge-Meetup/<br>
  
'''Abstract: “Introduction to Open Source Intelligence"'''
+
<meetup group="OWASP-Cambridge-Meetup" />
  
This talk will provide an introduction to Open Source Intelligence and give an insight into what is needed to conduct an Open Source Intelligence Investigation. The subject matter is designed for persons who are interested in the information discovery phase of an investigation and/or research activity, and will provide theoretical and practical advice and guidance.  The learning points gained from the ‘Introduction to Open Source Intelligence’ are intended to be transferable for numerous uses and are adaptable for both public and private sector organisations.
 
  
'''Biography: Andrew Tillman'''
 
 
Andrew is the CEO of 8ARC LTD, a cyber intelligence and information security management company specialising in protecting businesses and consumers from cyber and cyber-enabled crime. Andrew has extensive detailed and specific experience in the cyber intelligence/investigations arena. As the former Head of Intelligence for National Trading Standards (NTS), Andrew built the first National Trading Standards e-Crime Intelligence Hub, and also the NTS Intelligence Team. In addition to the aforementioned, Andrew has developed and delivered numerous training events, nationally and internationally, on subjects such as Open Source Intelligence (OSINT) cyber intelligence/enforcement, and exploitation of emerging technologies for use in large scale frauds.
 
 
 
'''Guest Speaker:  Andrew Thompson, Solutions Architect, Checkmarx'''
 
 
'''Biography: Andrew Thompson'''
 
 
With over 20 years experience in IT, Andrew is an industry veteran. He started off working in IBM mainframes prior to spending several years as a Java programmer. Building on his lengthy career debugging code, Andrew’s current goal is helping development teams increase their debugging efficiency.
 
 
'''Abstract - 1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness'''
 
 
We created an application security awareness kit for organisations to run a month long secure coding awareness enhancement program with their developers. We shipped 362 physical kits including an interactive quiz, giveaways and other incentives. During this session you will learn how to effectively educate developers on secure coding best practices, play an interactive gamified session and demonstrate your knowledge and win your very own secure development kits.
 
 
Learn how to engage developers with Application Security
 
 
View a case study about Application Security education, how it can be gamified and made interactive and appealing to any audience
 
 
Request your own education kit to try it out within your organization
 
 
Understand why developers are a core function in the cyber security world and why it is critical that they become more security aware
 
 
'''Guest Speaker: John Haine, Chairman, IoT Security Foundation'''
 
 
B'''iography: John Haine'''
 
 
John Haine has spent his career in the electronics and communications industry, working for British Telecom, Marconi, PA Consulting, and with start-ups including Cognito and Ionica.  His technical background includes R&D in radio circuitry and microwave circuit theory; and the design of novel radio systems for cordless telephony, mobile data, and fixed wireless access.  He has led standardisation activities in both the latter areas in ETSI, and contributed to WiMax.
 
 
In 1999 he joined TTP Communications working on research, technology strategy and M&A activities; and after the company’s acquisition by Motorola became Director of Technology Strategy in Motorola Mobile Devices.  After leaving Motorola he was CTO Enterprise Systems with ip.access Limited, the leading manufacturer of GSM picocells and 3G femtocells.  In early 2010 he joined Cognovo Limited, which was acquired by u-blox AG in 2012. In u-blox John worked on RF platform strategy for future wireless modules.  He led u-blox’ involvement in a major 3GPP standards activity on low complexity cellular communications for the Internet of Things, and the company’s early development of devices for trials and demonstrations. Now retired from u-blox he is Royal Academy of Engineering Visiting Professor at Bristol University, focusing on Radio Systems for the Internet of Things.
 
 
John has a first degree from Birmingham (1971) and a PhD from Leeds (1977) universities.  He is a member of the IET and IEEE and serves on the Cambridge Wireless Board.
 
 
'''Abstract: “Overview of the IoT Security Foundation”'''
 
 
The IoT Security Foundation is an industry group set up in 2015 to document and promulgate best security practice for IoT devices and systems.  In December 2016 it published its initial set of guidelines and its "Trust Framework", initially aimed at connected consumer products.  Together these are intended to support a process by which any party in the IoT supply chain can apply best practice in developing, supplying and supporting its products and services, so that we can build a "supply chain of trust".  The Foundation has 79 members from across the IT industry ranging from large multi-nationals to one-man-bands, including several universities.  Work continues and revised and updated documents will be released in June and December 2017, widening the scope to cover other types of product and service.  This presentation will give an overview of the IoTSF and its activities.
 
 
'''Background'''
 
 
OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.
 
 
The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.
 
 
'''Agenda'''
 
 
17:30 – 17:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University
 
17:45 - 18:30 Talk from Andrew Tillman, 8ARC Ltd “Introduction to Open Source Intelligence"
 
18:30 - 19:15 Talk from Andrew Thompson, Checkmarx, “1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness”
 
19:15 – 20:00 Talk from John Haine, Chairman, IoT Security Foundation, “Overview of the IoT Security Foundation”.
 
20:00 – 20:30 Refreshments & Networking in LAB006
 
 
'''Registration'''
 
 
To register for this free event, please register online at
 
 
https://www.eventbrite.com/e/owasp-cambridge-chapter-spring-security-seminar-tickets-32352865291
 
 
The meeting will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).
 
 
Please enter through the Helmore Building and ask at reception.
 
 
 
---
 
 
'''Meeting Location'''
 
 
Anglia Ruskin University
 
 
Cambridge Campus
 
 
East Road
 
 
Cambridge
 
 
CB1 1PT
 
 
Get further information on travelling to the university.
 
 
http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/cambridge_campus/find_cambridge.html
 
 
Everyone is welcome to join us at our chapter meetings.
 
 
----
 
'''Planned dates for upcoming events'''
 
 
 
Thursday 19th January 2017
 
 
Wednesday 25th January 2017
 
 
Tuesday 7th February 2017
 
 
Tuesday 7th March 2017
 
 
Tuesday 4th April 2017
 
<!-- second tab -->
 
  
 
= Past Events =
 
= Past Events =
{|class="wikitable" border="1" style="text-align:center;"|
+
{| class="wikitable" style="text-align:center;" border="1" |
 
! width="300" | Date
 
! width="300" | Date
 
! width="350" | Name / Title
 
! width="350" | Name / Title
 
! width="300" | Link
 
! width="300" | Link
 +
|-
 +
|5 November 2019
 +
|Andrea Scaduto
 +
|[[Media:RTF-OWASP-Cambridge.pdf|presentation]]
 +
|
 +
|-
 +
|8 October 2019
 +
|Dinis Cruz - Revolut
 +
|[https://www.slideshare.net/DinisCruz/using-owasp-security-bot-osbot-to-make-fact-based-security-decisions Presentation]
 +
|
 +
|-
 +
|8 October 2019
 +
|Jeff Williams - Contrast Security
 +
|[https://contrastsecurity.app.box.com/s/w2pv7cb46r3guyob6i1xf0igne9g281g Presentation]
 +
|
 +
|-
 +
|14 May 2019
 +
|Aleksander Gorkowienko - ICS/SCADA Security
 +
|[https://spirent1-my.sharepoint.com/:b:/g/personal/aleksander_gorkowienko_spirent_com/EfDeMof_rydPsGBCGioPuBAB-7VpkIB4jGVtNv2vm8uUhQ?e=dA7hha presentation]
 +
|
 +
|-
 +
|14 May 2019
 +
|Andrew Baldwin - Cyber PREVENT
 +
|[[Media:Cyber_Prevent_for_OWASP_May_2019.pdf|presentation]]
 +
|
 +
|-
 +
|10 April 2019
 +
|Matthew Lorentzen - Sheepl
 +
|[[Media:OWASP-Sheepl_Presentation_April19.pdf|presentation]]
 +
|
 +
|-
 +
|12 March 2019
 +
|Jamie Roderick
 +
|
 +
|-
 +
|12 March 2019
 +
|Nour Fateen
 +
|[[Media:Nour_-_OWASP-3.pdf|presentation]]
 +
|
 +
|-
 +
|12 March 2019
 +
|Matthew Whitcombe
 +
|[[Media:MWR_-_OWASP_v6.pdf|presentation]]
 +
|
 +
|-
 +
|24 January 2019
 +
|Adrian Winckles
 +
|[[Media:Botprobe_-_Reducing_Network_Threat_Intelligence_Big_Data_v0-1_.pdf|presentation]]
 +
|
 +
|-
 +
|24 January 2019
 +
|Simon Newman
 +
|[[Media:Cyber_Threat_Intelligence_Day_(Anglia_Ruskin_University).pdf|presentation]]
 +
|
 +
|-
 +
|4 December 2018
 +
|Matthew Lorentzen
 +
|[[Media:From_battlefield_to_bunker_v1-0.pdf|presentation]]
 +
|
 +
|-
 +
|4 December 2018
 +
|Etienne Greeff
 +
|[[Media:Seconds_out_2018_AI_&_ML_40_min_version.pdf|presentation]]
 +
|
 +
|-
 +
|6 November 2018
 +
|Adrian Winckles
 +
|[[Media:OWASP_Cambridge_Talk_-_Application_Honeypot_Threat_Intelligence_v1-0.pdf|presentation]]
 +
|
 +
|-
 +
|6 November 2018
 +
|Dr Grigorios Fragkos
 +
|[[Media:OWASP_Cambridge_-_6Nov2018_-_G.Fragkos.pdf|presentation]]
 +
|
 +
|-
 +
|17 May 2018
 +
|Goher Mohammad
 +
|[https://www.slideshare.net/GoherMohammad/joint-owasp-cambridge-bcs-cybercrime-forensics-sig-uk-cyber-security-forum-cambridge-cluster Presentation]
 +
|
 +
|-
 +
|13 March 2018
 +
|David Johannson
 +
|[[Media:Cambridge 13-Mar-2018 OWASP Top 10 2017.pdf|presentation]]
 +
|
 +
|-
 +
|13 March 2018
 +
|Rish Auckburally
 +
|[[Media:Intro to 3B RA V1.pdf|presentation]]
 +
|
 +
|-
 +
|18 January 2018
 +
|Deepinder Singh
 +
|[[Media:OWASP-AI-Cybersecurity Cambridge-Deep-180118.pdf|presentation]]
 +
|
 +
|-
 +
|18 January 2018
 +
|Chris Woods
 +
|[[Media:Deck OWASP event 17-01.pptx|presentation]]
 +
|
 +
|-
 +
|18 January 2018
 +
|Nikola Milosevic
 +
|[[Media:OWASPCambridge.pptx|presentation]] ‎
 +
|
 +
|-
 +
|18 January 2018
 +
|Dr Ali Dehghantanha
 +
|[[Media:OWASP Cambridge Myths and Truths Cyber Threat Hunting and Intelligence in IoT Environments.pptx|presentation]] ‎
 +
|
 +
|-
 +
|10 January 2018
 +
|Aleksander Gorkowienko
 +
|[[Media:A.Gorkowienko-Securing Oil and Gas Systems From Cyber-attack v1.1.pdf|presentation]]
 +
|
 +
|-
 +
|5 December 2017
 +
|Deepinder Singh
 +
|
 +
|-
 +
|5 December 2017
 +
|Leum Dunn
 +
|[[Media:100 things.pdf|presentation]]
 +
|
 +
|-
 +
|7 November 2017
 +
|Dr Reza Alavi
 +
|[[Media:GDPR.pptx|presentation]]
 +
|-
 +
|11 October 2017
 +
|Dr Char Sample
 +
|[[Media:FN-20171011_(compressed_image_version.pdf|presentation]]
 +
|-
 +
|11 October 2017
 +
|Dennis Ivory & Dr Diane Gan
 +
|[[Media:Anglia Ruskin F435.pptx|presentation]]
 +
|-
 +
|12 September 2017
 +
|John Fitzgerald - Secure Code Warrior
 +
|presentation
 +
|-
 +
| 4 April 2017
 +
| Leum Dunn - Redacted
 +
| [[Media:A day in the life of.pdf|presentation]]
 +
|--
 +
| 7 March 2017
 +
| Andrew Thompson - Checkmarx
 +
| [[Media:OWASP Cambridge - Checkmarx Software AppSec kit.pdf|presentation]]
 +
|--
 +
| 7 March 2017
 +
| John Haine IoT Security Foundation (Chair)
 +
| [[Media:Ambassador IoTSF Feb 2017 Intro jlh.pdf|presentation]]
 
|-
 
|-
 
| 25 Jan 2017
 
| 25 Jan 2017
Line 147: Line 198:
 
| 19 Jan 2017
 
| 19 Jan 2017
 
| Tony Drewitt / Head of Consultancy - IT Governance
 
| Tony Drewitt / Head of Consultancy - IT Governance
| [[Media:ITG_IncidentResponse_20170119.pdf|presentation]]
+
| [[Media:ITG IncidentResponse 20170119.pdf|presentation]]
 
|-
 
|-
 
| 19 Jan 2017
 
| 19 Jan 2017
Line 167: Line 218:
 
| 12 05 2016
 
| 12 05 2016
 
| Phil Cobley / Modern Policing & the Fight Against Cyber Crime
 
| Phil Cobley / Modern Policing & the Fight Against Cyber Crime
| [[Media:Cyber_Threat_Presentation_-_ARU_Cyber_Resilience_-_May_2016.pdf|presentation]]
+
| [[Media:Cyber Threat Presentation - ARU Cyber Resilience - May 2016.pdf|presentation]]
 
|-
 
|-
 
| 12 05 2016
 
| 12 05 2016
 
| Jules Pagna Disso / Building a resilient ICS  
 
| Jules Pagna Disso / Building a resilient ICS  
| [[MEdia:Building_a_resilient_ICS.pdf|presentation]]
+
| [[MEdia:Building a resilient ICS.pdf|presentation]]
 
|-
 
|-
 
| 08 03 2016
 
| 08 03 2016
Line 199: Line 250:
 
| 21 October 2014
 
| 21 October 2014
 
| Eireann Leverett
 
| Eireann Leverett
| [[Media:20141021-Eireann_Leverett-SwitchesGetStitches.pdf|presentation]]
+
| [[Media:20141021-Eireann Leverett-SwitchesGetStitches.pdf|presentation]]
 
|-  
 
|-  
 
| 1st April 2014
 
| 1st April 2014
Line 219: Line 270:
 
| 12th November 2013
 
| 12th November 2013
 
| James Forshaw/ The Forger's Art: Exploiting XML Digital Signature Implementations
 
| James Forshaw/ The Forger's Art: Exploiting XML Digital Signature Implementations
| [[Media:20131112-James_Forshaw-the_forgers_art-james_forshaw-breakpoint2k13.pdf|presentation]]
+
| [[Media:20131112-James Forshaw-the forgers art-james forshaw-breakpoint2k13.pdf|presentation]]
 
|-  
 
|-  
 
| 5th March 2013
 
| 5th March 2013
Line 229: Line 280:
 
| [http://www.slideshare.net/Roo7break/power-on-powershell presentation]
 
| [http://www.slideshare.net/Roo7break/power-on-powershell presentation]
 
|}
 
|}
 
 
<!-- Don't remove this tag -->
 
<!-- Don't remove this tag -->
 
__NOTOC__  
 
__NOTOC__  
<headertabs/>
+
<headertabs></headertabs>

Latest revision as of 21:30, 13 November 2019

OWASP Cambridge

Welcome to the Cambridge chapter homepage. The chapter leaders are Adrian Winckles and Steven van der Baan.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Join our MeetUp!

Follow us on Twitter

Talk to us on Slack

For updates, events, membership; please visit our meet up page: http://www.meetup.com/OWASP-Cambridge-Meetup/

Chapter Meetings

Visit our group on meetup.com


Past Events

Date Name / Title Link
5 November 2019 Andrea Scaduto presentation
8 October 2019 Dinis Cruz - Revolut Presentation
8 October 2019 Jeff Williams - Contrast Security Presentation
14 May 2019 Aleksander Gorkowienko - ICS/SCADA Security presentation
14 May 2019 Andrew Baldwin - Cyber PREVENT presentation
10 April 2019 Matthew Lorentzen - Sheepl presentation
12 March 2019 Jamie Roderick
12 March 2019 Nour Fateen presentation
12 March 2019 Matthew Whitcombe presentation
24 January 2019 Adrian Winckles presentation
24 January 2019 Simon Newman presentation
4 December 2018 Matthew Lorentzen presentation
4 December 2018 Etienne Greeff presentation
6 November 2018 Adrian Winckles presentation
6 November 2018 Dr Grigorios Fragkos presentation
17 May 2018 Goher Mohammad Presentation
13 March 2018 David Johannson presentation
13 March 2018 Rish Auckburally presentation
18 January 2018 Deepinder Singh presentation
18 January 2018 Chris Woods presentation
18 January 2018 Nikola Milosevic presentation
18 January 2018 Dr Ali Dehghantanha presentation
10 January 2018 Aleksander Gorkowienko presentation
5 December 2017 Deepinder Singh
5 December 2017 Leum Dunn presentation
7 November 2017 Dr Reza Alavi presentation
11 October 2017 Dr Char Sample presentation
11 October 2017 Dennis Ivory & Dr Diane Gan presentation
12 September 2017 John Fitzgerald - Secure Code Warrior presentation
4 April 2017 Leum Dunn - Redacted presentation
7 March 2017 Andrew Thompson - Checkmarx presentation
7 March 2017 John Haine IoT Security Foundation (Chair) presentation
25 Jan 2017 Nick Alston CBE / PIER Chair presentation
25 Jan 2017 Mark Pearce/ 7Safe/PA Consulting presentation
25 Jan 2017 Martin Cassey / Nascenta presentation
25 Jan 2017 Paul Rowley FBCS / Havebury Housing Association presentation
25 Jan 2017 Laurence Kaleman / Legal Director, Olswang presentation
25 Jan 2017 Tony Drewitt / Head of Consultancy - IT Governance presentation
19 Jan 2017 Tony Drewitt / Head of Consultancy - IT Governance presentation
19 Jan 2017 Peter Yapp / NCSC Deputy Director - Incident Response presentation
19 Jan 2017 Martin Cassey / Nascenta presentation
10 Nov 2016 Graham Rymer / University of Cambridge
10 Nov 2016 Mark Wickenden
12 05 2016 Phil Cobley / Modern Policing & the Fight Against Cyber Crime presentation
12 05 2016 Jules Pagna Disso / Building a resilient ICS presentation
08 03 2016 Andrew Lee-Thorp / So you want to use a WebView? Android WebView: Attack and Defence
10 11 2015 Steve Lord / Trying (and failing) to secure the Internet of Things
John Mersh / Software and System Security: a life vest in the IoT ocean
10 Oct 2015 Sumit "sid" Siddharth / Some neat, new and ridiculous hacks from our vault
10 Feb 2015 Steven van der Baan / Web Application Security Testing with Burp Suite
2 December 2014 Colin Watson / OWASP Cornucopia
21 October 2014 Eireann Leverett presentation
1st April 2014 Ian Glover (CREST) / Overview of the CREST activities to professionalise the industry.
Yiannis Chrysanthou (KPMG) / Modern Password Cracking
Damien King (KPMG) / Filename Enumeration with TildeTool
12th November 2013 Paul Cain / Tracking Data using Forensics
12th November 2013 James Forshaw/ The Forger's Art: Exploiting XML Digital Signature Implementations presentation
5th March 2013 Sarantis Makoudis / Android (in)Security presentation
5th March 2013 Nikhil Sreekumar / Power On, Powershell presentation
Retrieved from "https://wiki.owasp.org/index.php?title=Cambridge&oldid=256047"