Difference between revisions of "Dorset"

Latest revision as of 11:24, 5 December 2019

OWASP Dorset

Welcome to the Dorset chapter homepage. Founded in 2019 on plans to introduce Dorset to Open Source Security. Our events are free, everyone is welcome. Join us at a chapter meeting to contribute, listen and learn. In 2019 we're holding 5 meetings consisting of 4 talks and 1 Capture The Flag (CTF) Event. You can follow us on Twitter @OWASPDorset, LinkedIn and Meetup.

The chapter leaders are Daniel W, Mark Davison and Alexios Mylonas.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

Chapter Sponsors

We welcome OWASP Corporate Members who would like to align themselves with the Dorset chapter, therefore contributing funds to our chapter and allowing us to host ever many more events. Sponsor OWASP Dorset Chapter.

Meeting Sponsors

The following is the list of organisations who have generously provided us with space and/or refreshments for OWASP Dorset chapter meetings:

Meeting Space	Drinks & Food
3 Sided Cube
Bournemouth University	Hays Digital Technology
Barclays Digital Eagle Lab Bournemouth	Bournemouth University
Bournemouth University	N/A

Next Meeting/Event(s)

• OWASP Dorset Social, The Goat and Tricycle, 27-29, Westhill Road, Bournemouth, Dorset, BH2 5PF 7:30-10:00 No talks at this one, but lots of chance to chat and exchange ideas.

Future Events

Meetup - Call for talks, venues and sponsors - please email if you'd like to take part.

TBC January 2020 (1830-2100)

Location: TBC

Time: 1830-2100

TALKS:

• Making use of OWASP resources: Navigating the Wiki
• Larabee - Following on from our CTF event we will reveal how to hack larabee (box available here)

Q2 2020

Q3 2020

Past Events

OWASP Dorset CTF 10/10/2019

Location: Bournemouth University Cyber Labs, Talbot Campus, BH12 5BB

Time: 18:00 - 23:00

OWASP Dorset will be hosting a Capture the Flag event. It is scenario based and we would like to see people pairing up to tackle the challenges and share knowledge, we welcome all skill levels and have experienced volunteers on hand to provide advice guidance and clues!

The event will open with a crash course on CTF strategy. We are very fortunate to be granted access to Bournemouth University's cyber lab and equipment so all tools will be provided.

Hope to see you there!

Meetup Collider - Monday 9th September 2019

Location: 1 Chaseside, Bournemouth BH7 7DA

Time: 18:00 - 21:00

TALKS:

• An Introduction to OWASP - An introduction to OWASP what it does and how to make use of some of it's resources from Daniel Warden & Mark Davison

• Making use of OWASP resources: Cheat sheets

• Routes to becoming a Penetration Tester - A talk about the ways people come to penetration testing and how what you expect may not always be true.
• AppSec 101 – A break down of the theory behind web application vulnerabilities and provides a handful of payload examples to exploit the most common weaknesses: SQL Injection, Cross site scripting (XSS), Path Traversal, and Command “OS” injection from Mike Warner

SPEAKERS:

Daniel Warden & Mark Davison

Two of the OWASP Dorset Chapter Leads, both are professional cyber security consultants

James Riley

James is a specialist penetration tester recruiter for ARM

Mike Warner

Mike is a Software Engineer at JPMorgan Chase & Co. Mike is a certified cybersecurity professional, attaining various cyber related certifications. Mike is an avid promotor of secure code and teacher of the cyber domain. Teaching a range of topics from social engineering to software vulnerabilities, cryptography and network exploits. Mike has held various roles across multiple firms within the cybersecurity field.

Thursday, 27th June 2019 (Bournemouth) (1830-2100)

Location: Barclays Eagle Lab

County Gates House, 300 Poole Road, Bournemouth, BH12 1AZ

Please use the rear entrance on Princess Road (a member of the Barclays Eagle Lab will great you at the side gate)

Time: 1830-2100

TALKS:

*A whistle stop guide to preparing yourself for the OSCP (Offensive Security Certified Professional) certification

from a recent graduate.

*Mining data dumps and leaks for treasure - passwords, complexity and statistical data gathered from research conducted at Bournemouth University.

*FEEDBACK: A session to discuss what you would like OWASP Dorset to be doing, the type of content and style of events.

Led by the OWASP Dorset Chapter Leads, we are keen to hear your thoughts.

SPEAKERS:

Mark Davison

Mark is an OSCP Certified Cyber Security Consultant for Ronin IT Consulting Ltd who engage with companies in a range of industries to advise on and help them enhance their Cyber Security Defence posture.

Mantas Sasnauskas

Mantas is currently working as a research assistant and studying at Bournemouth University. Mantas work is mostly focused on threat hunting, malware and data leak analysis.

Thursday, 11th April 2019 (Bournemouth)

Location: Executive Business Centre, Bournemouth University, 89 Holdenhurst Road, Bournemouth, BH8 8EB

Time: Doors Open at 6:30pm for registration, pizza, drinks and networking. The talks start at 7:15pm (we start on time), close meeting by 9.00pm

TALKS:

* Cyber Kill Chains

Understanding how intelligence works can give you the edge when your website, data or email service is being hacked. With a real life case study, we'll be exploring three analysis tools - Cyber Kill Chains, Diamond Models and the Intelligence cycle. David will show how you can use these tools to understand what your adversary is actually doing, how close to 'the Crown Jewels' they've got, how to find their identity, their attributes and most importantly of all, what you can do to stop them.

SPEAKERS:

David P

Cyber Threat Intelligence Analyst Trained in the Royal Corps of Signals, David went onto Microsoft and then ICL (Fujitsu) as a network administrator, he later moved into Threat Intelligence.

TICKETS: This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.

Register to attend this event at OWASP Dorset Chapter - Meetup - RSVP to attend

Wednesday, 30th January 2019 (Bournemouth)

Location: 3 Sided Cube, Telephone House, 18 Christchurch Road, Bournemouth, Dorset, England, BH1 3NE

Nearest Train: Bournemouth Station (15-minute walk)

Time: Doors Open at 6:30pm for registration, pizza, drinks and networking. The talks start at 7:00pm (we start on time), close meeting by 9.00pm

TALKS:

*OWASP Dorset Introduction, Welcome and News

Welcome and an update on OWASP Projects & Events from the OWASP Dorset Chapter Leader.

*OWASP Projects - Open Source Security at its finest

Overview of OWASP Projects Top 3 Flagship, Lab and Incubator | Focusing on how to fire up your stance on security with minimal investment.

*I know what you did last summer: New persistent tracking mechanisms used in the wild

Web Storage, Indexed Database API and Web SQL Database allow web browsers to store information in the client in a much more advanced way compared to other techniques, such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. The presentation will be divided into two parts. First, it will quantify the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The second part reviews the effectiveness of the removal of client-side storage data in modern browsers.

SPEAKERS:

Daniel W

Daniel is the founder of OWASP Dorset and Director of Warden Group. Warden Group provides services to clients across the globe with a strong focus on Enabling Secure Business. Client engagements vary from Security Strategy Planning to maximise return on investment, through to bespoke Red/Blue Team Activities including Penetration Tests, Vulnerability Assessments and Emergency Incident Response. Daniel W has a deep and well founded experience across the complete Security spectrum, having spent many hours working round the clock to bring strategic assets online, sleeping in deserts, ascending mountains on remote islands, and all while leading teams across the globe to provide assurance wherever may be required. Daniel W is keen to share his passion for security and encourage others to take up the mantle of improving the world we all live in, good security brings greater confidence to all.

Dr. Alexios Mylonas

Program leader for the BSc (Hons) Forensic Computing and Security at Bournemouth University. Lecturer in Computing.

PhD in Information and Communication Security and a BSc (Hons) in Computer Science from Athens University of Economics and Business, MSc in Information Security from Royal Holloway, University of London. Fellow of HEA, teaching and research focuses on Cyber Security and Digital Forensics. Before joining BU, Lecturer at Staffordshire University and before that a security consultant working within VeriSign's PKI Trust Network. Holds more than 20 well referenced, esteemed journal and conference publications. Served as as PC and TC member in a number of reputable conferences (e.g. ESORICS, ARES, etc.) and journals (Computer & Security, Computer, Computers & Electrical Engineering, etc.). Member of IEEE and ACM.

His research falls in the area of cybersecurity and digital forensics. Currently, his work focuses on : (a) smartphone security and privacy, (b) IoT security, (c) Android memory forensics, (d) web security and online fraud prevention, and (e) intrusion detection.

TICKETS: This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.

Register to attend this event at OWASP Dorset Chapter - Meetup - RSVP to attend

Speaking at OWASP Dorset Chapter Events

Call For Speakers

Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP Dorset Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to any of our Chapter Leaders Daniel W, Mark Davison and Alexios Mylonas.

Code of Conduct

We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leader if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: https://www.owasp.org/index.php/Governance/Conference_Policies

Other Activities

Local News

Everyone is welcome to join us at our chapter meetings.