This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "London"
(→Thursday, February 2nd 2012 ,17:00-21:00) |
m (→Future Events) |
||
Line 31: | Line 31: | ||
=== Thursday, March 29th 2012 (Central London) === | === Thursday, March 29th 2012 (Central London) === | ||
− | '''Location''': Canary Wharf, London E14 4QA | + | '''Location''': Morgan Stanley, Canary Wharf, London E14 4QA |
====Talks==== | ====Talks==== | ||
Line 37: | Line 37: | ||
*:Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism. | *:Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism. | ||
*'''IronWASP - Manish Saindane''' | *'''IronWASP - Manish Saindane''' | ||
− | *: | + | *:IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners. |
====Speakers==== | ====Speakers==== | ||
*'''Jim Manico''' is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. | *'''Jim Manico''' is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series. | ||
− | *'''Manish Saindane''' | + | *'''Manish Saindane''' is a Senior Security Consultant at Gotham Digital Science. He also co-authors a security research website and blog http://andlabs.org. He has actively contributed towards conceptualising IronWASP and also maintains the Ruby plug-in repository for this framework. |
=== Thursday, May 10th 2012 (Central London) === | === Thursday, May 10th 2012 (Central London) === |
Revision as of 22:37, 20 February 2012
- 1 OWASP London
- 2 Participation
- 3 Sponsorship/Membership
- 4 Next Meeting/Event(s)
- 5 Future Events
- 6 Past Events
- 7 Archived Events
- 8 Other Activities
OWASP London
Welcome to the London chapter homepage. The chapter leader is Justin Clarke (justin.clarke [at] owasp.org) since January 2009, with Tobias Gondrom (tobias.gondrom [at] owasp.org), Dennis Groves (dennis.groves [at] owasp.org), and Chris Lamont-Smith (chris.lamont-smith [at] owasp.org) constituting the London Chapter Board
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
Sponsorship/Membership
to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Next Meeting/Event(s)
Thursday, February 2nd 2012 ,18:30-21:00
Location: Royal Holloway University of London, Bourne Lecture Theatre 2, Egham Hill, Egham, TW20 0EX
Speakers: Sarah Baso, Dinis Cruz, Dennis Groves
- Security as Pollution (lessons learned) - Dinis Cruz
- Based on David Rice's "Upon the Threshold of Opportunity" presentation at the OWASP AppSec USA 2010
- Making Security Invisible by Becoming the Developer's Best Friends - Dinis Cruz
- Based on Dinis' presentation at OWASP AppSec Brazil 2011
- How to get a job in AppSec by Hacking and fixing TeamMentor - Dinis Cruz and Dennis Groves
- This is for students and developers who want to get into the application security space and need to have/show real-world experience.
- What's Happening on OWASP Today - Sarah Baso
- This is an overview of the multiple activities that are currently happening around the world at OWASP presented by one of OWASP's employees currently focused on logistics, community and empowerment
Future Events
Thursday, March 8th 2012 (Royal Holloway)
Location: Royal Holloway University of London, Room BLT2, Egham Hill, Egham, TW20 0EX
Watch this space - dates for the rest of the year will be added as these are confirmed.
Thursday, March 29th 2012 (Central London)
Location: Morgan Stanley, Canary Wharf, London E14 4QA
Talks
- Deep Access Control Best Practices and Anti-Patterns - Jim Manico
- Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
- IronWASP - Manish Saindane
- IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.
Speakers
- Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series.
- Manish Saindane is a Senior Security Consultant at Gotham Digital Science. He also co-authors a security research website and blog http://andlabs.org. He has actively contributed towards conceptualising IronWASP and also maintains the Ruby plug-in repository for this framework.
Thursday, May 10th 2012 (Central London)
Location: To be confirmed
Thursday, July 12th 2012 (Central London)
Location: To be confirmed
Thursday, September 13th 2012 (Central London)
Location: To be confirmed
Thursday, November 8th 2012 (Central London)
Location: To be confirmed
Past Events
Thursday, September 8th 2011
Location: Royal Holloway University of London, Bourne Lecture Theatre 2, Egham Hill, Egham, TW20 0EX
Speaker: Daniel Cuthbert (deck)
Title: Doing it for the Lulz: Why Lulzsec has shown us to be an ineffective industry.
Bio: Daniel Cuthbert is one of the Open Web Application Security Project Leaders and the Assessment manager for SensePost. He has been researching, and involved, with web application security since the late 90’s and has worked on a wide range of projects to ensure that the development life cycle is secure and the overall application can withstand today’s hackers.
Directions to Royal Holloway and a Campus Plan are available from the following website (Bourne LT 2 is in building 31 on the Campus Plan).
Friday, June 3rd 2011
Location: Royal Holloway University of London, Room BLT2, Egham Hill, Egham, TW20 0EX
- Wordpress Security - Steve Lord (PDF)
- Wordpress is one if the most popular blogging systems in the world but is routinely used to shoehorn complex sites into a blog shaped box, often because of it's flexibility and ease of use. In this talk, Mandalorian's Steve Lord discusses common Wordpress security snafus and how to avoid them.
Thursday, April 14th 2011
Location: Charterhouse Bar, 38 Charterhouse Street, Smithfield, London EC1M 6JH
- Wordpress Security - Steve Lord (PDF)
- Wordpress is one if the most popular blogging systems in the world but is routinely used to shoehorn complex sites into a blog shaped box, often because of it's flexibility and ease of use. In this talk, Mandalorian's Steve Lord discusses common Wordpress security snafus and how to avoid them.
- Outcomes from the recent OWASP Summit in Portugal - London based attendees of the Summit
- Discussion of what came out of the recent OWASP Summit, "OWASP 4.0" and what is changing in the OWASP world now and in the near future
Thursday, February 17th 2011
Location: ThoughtWorks, Berkshire House, 168-173 High Holborn, City of London WC1V 7AA
A special meeting event, in conjunction with London Geek Nights on SSL usage and dangers. An opportunity to get some of the developer and security communities together to talk more pragmatically on this very key topic.
Archived Events
For events before 2011, see Archived OWASP London Events
Other Activities
- February 2010 - Personal Information Online COP
The Leeds UK, London and Scotland Chapters joint response to the UK Information Commissioner's Office draft Personal Information Online Code of Practice.
- March 2009 - Entry for Nominet Best Practice Challenge 2009
Open Web Application Security Project was nominated by OWASP London for the Best Security Initiative Award (File:Nominet best practice challenge 2009 owasp entry.pdf) in the Nominet Best Practice Challenge 2009. Short-listed June 2009. Announcement due 2 July 2009.
- 16th October 2008 - COI Browser Standards for Public Websites
The London and Scotland Chapters joint response to the Central Office of Information draft document on browser standards for public websites (version 0.13) (File:OWASP-COI-Browser-Standards.pdf).