This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Cambridge"

From OWASP
Jump to: navigation, search
(Past Events)
(full program)
Line 5: Line 5:
 
= Local News =
 
= Local News =
 
==='''Local News'''===
 
==='''Local News'''===
'''Cambridge OWASP Chapter Meeting
 
  
Thursday 19th January 2017 9:30– 17:00, Lord Ashcroft Building (LAB003), Anglia Ruskin University, Cambridge.
+
'''OWASP Cambridge Chapter Security Spring Seminar'''
  
Hosted by the Department of Computing & Technology, Anglia Ruskin University, British Computer Society (BCS) Cybercrime Forensics Special Internet Group and OWASP (Open Web Application Security Project) Cambridge Chapter.
+
Tuesday 7th March 2017 17:30 – 20:30, Lord Ashcroft Building (LAB002), Anglia Ruskin University, Cambridge.
 +
Hosted by the Department of Computing & Technology, Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter  
  
It looks increasingly likely that 2016 is going to be “Year of the Data Breach” with more and more organisation’s than ever before becoming part of the self-fulfilling prophecy, “there are two types of organization, those who know they’ve been breached and those who don’t”....
+
'''Spring Presentations'''
  
So what happens if despite your best efforts your defenses are ineffective and you suffer a data breach. Your organization needs to know how to handle the breach either internally and externally, who to inform and who to call.
+
'''Guest speaker: Andrew Tillman, 8ARC Ltd'''
  
What is needed is “incident response”, an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
+
'''Abstract: “Introduction to Open Source Intelligence"'''
  
Background
+
This talk will provide an introduction to Open Source Intelligence and give an insight into what is needed to conduct an Open Source Intelligence Investigation. The subject matter is designed for persons who are interested in the information discovery phase of an investigation and/or research activity, and will provide theoretical and practical advice and guidance.  The learning points gained from the ‘Introduction to Open Source Intelligence’ are intended to be transferable for numerous uses and are adaptable for both public and private sector organisations.
  
OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organization focused on improving the security of application software. Their mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks.
+
'''Biography: Andrew Tillman'''
  
The British Computer Society (BCS) Cybercrime Forensics Special Interest Group (SIG) promotes Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those groups and of the wider public.
+
Andrew is the CEO of 8ARC LTD, a cyber intelligence and information security management company specialising in protecting businesses and consumers from cyber and cyber-enabled crime. Andrew has extensive detailed and specific experience in the cyber intelligence/investigations arena. As the former Head of Intelligence for National Trading Standards (NTS), Andrew built the first National Trading Standards e-Crime Intelligence Hub, and also the NTS Intelligence Team. In addition to the aforementioned, Andrew has developed and delivered numerous training events, nationally and internationally, on subjects such as Open Source Intelligence (OSINT) cyber intelligence/enforcement, and exploitation of emerging technologies for use in large scale frauds.
 +
 
 +
'''Guest Speaker:  Andrew Thompson, Solutions Architect, Checkmarx'''
  
The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking groupwith OWASP concentrating on aspects of computing and application security is a key part of this enhancement.
+
'''Biography: Andrew Thompson'''
  
'''Guest speakers: Peter Yapp from NCSC, Steve Shepherd MBE from 7Safe/PA Consulting and Tony Drewitt from IT Governance'''
+
With over 20 years experience in IT, Andrew is an industry veteran. He started off working in IBM mainframes prior to spending several years as a Java programmer. Building on his lengthy career debugging code, Andrew’s current goal is helping development teams increase their debugging efficiency.
 +
 +
'''Abstract - 1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness'''
  
 +
We created an application security awareness kit for organisations to run a month long secure coding awareness enhancement program with their developers. We shipped 362 physical kits including an interactive quiz, giveaways and other incentives. During this session you will learn how to effectively educate developers on secure coding best practices, play an interactive gamified session and demonstrate your knowledge and win your very own secure development kits.
  
 +
Learn how to engage developers with Application Security
  
'''Guest Speaker: Steve Shepperd MBE – Senior Forensic Consultant – 7Safe/PA Consulting'''
+
View a case study about Application Security education, how it can be gamified and made interactive and appealing to any audience
  
'''Abstract:''' Malware Red Alert: the first 24 hours
+
Request your own education kit to try it out within your organization
  
It’s Friday at 19:30. You are the acting manager of your organisation’s Security Operations Centre.
+
Understand why developers are a core function in the cyber security world and why it is critical that they become more security aware
You are working the graveyard shift with a colleague when ...
 
  
Your SIEM alerts you to what may be the presence of a Trojan in your system. But before you have a chance to respond, you receive an email from a hacker making demands.
+
'''Guest Speaker: John Haine, Chairman, IoT Security Foundation'''
  
The threat is that highly-confidential information has been stolen from your financial database. If the hacker does not receive £2 million by midnight on Sunday, they will put this data on the web just before your firm’s annual financial report, due for release on Monday, is published. Their motive: to cause panic among investors by undermining the credibility of your growth and profit forecasts with data that the hacker claims they have found in emails and report documents.
+
B'''iography: John Haine'''
  
What do you do next to thwart the attack, contain the incident and prevent, or at least minimise, damage to your brand name and reputation in the markets?Security incidents, both potential and actual, occur on a frequent basis. It is therefore important to accurately categorize incidents and prioritise the most severe. Evaluation is based on the impact that the data breach may have on business operations, the potential reputational risk and the time and cost of resources engaged in recovery.
+
John Haine has spent his career in the electronics and communications industry, working for British Telecom, Marconi, PA Consulting, and with start-ups including Cognito and Ionica.  His technical background includes R&D in radio circuitry and microwave circuit theory; and the design of novel radio systems for cordless telephony, mobile data, and fixed wireless access. He has led standardisation activities in both the latter areas in ETSI, and contributed to WiMax.
  
Of critical importance is the effective gathering of key information about the attack in real time. Focusing on quick fixes should be avoided. It is important to clearly document all information collected/actions performed for subsequent analysis in a post incident review/lessons learned session. A clear plan must be established, including timeframes and ownership, to implement any required changes that will mitigate future risk.
+
In 1999 he joined TTP Communications working on research, technology strategy and M&A activities; and after the company’s acquisition by Motorola became Director of Technology Strategy in Motorola Mobile Devices.  After leaving Motorola he was CTO Enterprise Systems with ip.access Limited, the leading manufacturer of GSM picocells and 3G femtocells.  In early 2010 he joined Cognovo Limited, which was acquired by u-blox AG in 2012. In u-blox John worked on RF platform strategy for future wireless modules. He led u-blox’ involvement in a major 3GPP standards activity on low complexity cellular communications for the Internet of Things, and the company’s early development of devices for trials and demonstrations. Now retired from u-blox he is Royal Academy of Engineering Visiting Professor at Bristol University, focusing on Radio Systems for the Internet of Things.
  
Steve Shepherd MBE describes for the business audience a series of real life scenarios that will serve as a warning to Board members and SOC managers alike, as he shares his thoughts on how to apply the CREST Three-Phase CSIR model and invites the audience to role play with him in responding to this incident.
+
John has a first degree from Birmingham (1971) and a PhD from Leeds (1977) universities.  He is a member of the IET and IEEE and serves on the Cambridge Wireless Board.
  
If you think that you understand incident response procedures from a ‘people, process and technology’ standpoint, be prepared to challenge what you deem to be fact during Steve’s practical talk and demonstration. The emphasis will be on knowledge transfer - and why software tools are never the whole answer.
+
'''Abstract: “Overview of the IoT Security Foundation”'''
  
 +
The IoT Security Foundation is an industry group set up in 2015 to document and promulgate best security practice for IoT devices and systems.  In December 2016 it published its initial set of guidelines and its "Trust Framework", initially aimed at connected consumer products.  Together these are intended to support a process by which any party in the IoT supply chain can apply best practice in developing, supplying and supporting its products and services, so that we can build a "supply chain of trust".  The Foundation has 79 members from across the IT industry ranging from large multi-nationals to one-man-bands, including several universities.  Work continues and revised and updated documents will be released in June and December 2017, widening the scope to cover other types of product and service.  This presentation will give an overview of the IoTSF and its activities.
  
'''Guest Speaker: Tony Drewitt, Head of Consultancy – IT Governance'''
+
'''Background'''
  
'''Abstract:''' Cyber resilience and Incident Response
+
OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.
  
Tony will introduce today’s cyber threat environment and what it means in terms of security incidents. Cyber assurance techniques will be examined from 4 different perspectives, the conventional theme’s:
+
The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.
 
 
- People,
 
 
 
- Processes and
 
 
 
- Technology
 
 
 
but also examining Digital versus Physical security dimensions.
 
 
 
The talk will conclude with a discussion on cyber resilience versus incident response and if incident response is a necessity, what structure should it take.
 
 
 
'''Guest speaker: Peter Yapp - Deputy Director Incident Management for the National Cyber Security Centre (NCSC)'''
 
 
 
'''Abstract:''' “The Thermostat, the Hacker, and the Malware"
 
 
 
 
 
 
 
'''Biography:''' Peter Yapp 
 
 
 
Before joining the NCSC, Peter was Deputy Director Operations for CERT-UK. Prior to CERT-UK, Peter was the Information Security Advisor for Brecon Group and before that the Managing Director for Accenture’s global Computer Incident Response Team (CIRT) running a team of 50 based at five locations around the world. While there, he set up a cyber threat intelligence team and inputted into technical, policy and training initiatives. He also contributed to the maintenance of the largest ISO27001 certification in the world.
 
 
 
Prior to Accenture, Peter was head of Forensics and information security consulting at Control Risks in London. Peter devised and delivered information security awareness training courses for Oil and Gas clients around the world, specialised briefings on the threat of state sponsored espionage and a computer forensics training course for CISSPs. Peter reviewed and revised information security policy documents. He carried out IS Security (and ISO27001) reviews and gap analyses (and risk assessments) for the finance and manufacturing sectors. Peter carried out numerous computer investigations into fraud, abuse and misuse.
 
 
 
Before joining Control Risks in 1998, Peter was a Senior Investigation officer in the National Investigation Service of H.M. Customs & Excise. During this time he represented H.M. Customs & Excise at national and international conferences and seminars, speaking at Interpol on computer crime. He was a member of the British Home Office delegation to the G8 sub group on High Tech crime. Peter trained overseas agencies around the world.
 
 
 
 
 
'''Biography:''' Steve Shepperd MBE
 
 
 
Steve leads the 7Safe Cyber Security Incident Response offering. Steve has extensive experience in conducting and directing forensic and hi-tech investigations having been involved in the discipline since the late the 1990’s. Steve has worked within the Civil Service, law enforcement and private industry, latterly employed as a cyber security specialist for a government intelligence agency prior to joining PA Consulting. Steve has been involved as a team member and team leader in myriad digital investigations ranging from civil to criminal and national security level incidents. Steve is also the lead developer and course manager for the Certified Malware Investigator course, the Certified Data Acquisition Technician course and is the author of our new cyber Network Investigations course.
 
 
 
 
 
'''Biography:''' Tony Drewitt
 
 
 
Tony leads IT Governance’s consultancy team. He works with clients to help them implement and comply with international standards such as ISO 27001 and ISO 22301 as well as other compliance frameworks such as the NHS Information Governance Toolkit and the UK Gambling Commission’s technical security standard.
 
 
 
He has helped one of the first companies in the UK to achieve full certification under BS25999-2 (now ISO22301) and is currently delivering a number of ISO27001 ISMS projects for companies in the UK and overseas. He is also a leading business continuity author of ITGP titles A Manager’s Guide to ISO22301; ISO 22301: A Pocket Guide, and Everything You want to Know about Business Continuity.
 
 
 
Tony is a full member of BCI and is a certified Lead Implementer and Lead Auditor for ISO 27001 and ISO 22301. He also holds CRISC, CISMP and ITIL Foundation certificates.
 
  
 
'''Agenda'''
 
'''Agenda'''
  
09:30 – 10:00 Registration & Refreshments
+
17:30 – 17:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University
 +
17:45 - 18:30 Talk from Andrew Tillman, 8ARC Ltd “Introduction to Open Source Intelligence"
 +
18:30 - 19:15 Talk from Andrew Thompson, Checkmarx, “1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness”
 +
19:15 – 20:00 Talk from John Haine, Chairman, IoT Security Foundation, “Overview of the IoT Security Foundation”.
 +
20:00 – 20:30 Refreshments & Networking in LAB006
  
10:00 – 10:15 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University
+
'''Registration'''
  
10:15 – 11:00 “National Cyber Security Centre’s Incident Response Strategy” – Peter Yapp – Deputy Director – Incident Management – National Cyber Security Centre (NCSC)
+
To register for this free event, please register online at
  
11:00 – 11:45 “Malware Red Alert: the first 24 hours” - Steven Shepherd MBE, 7Safe/PA Consulting
+
https://www.eventbrite.com/e/owasp-cambridge-chapter-spring-security-seminar-tickets-32352865291
  
11:45 – 12:30 “Cyber resilience and Incident Response” Tony Drewitt, Head of Consultancy, IT Governance
+
The meeting will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).
  
12:30 – 13:15 Lunch & Networking (LAB006)
+
Please enter through the Helmore Building and ask at reception.
 
 
13:15 – 14:15 Dr Jules Disso – Nettitude “Incident Analysis including Live Incident Analysis”
 
 
 
14:15 – 14:45 Refreshments (LAB006)
 
 
 
14:45 – 15:30 Benn Morris - 3B Data Security LLP "Hacking Incidents - Real Life Case Examples”
 
 
 
15:30 – 16:15 Canterbury Christchurch University Speaker TBD
 
 
 
16:15 - 16:30 Session Wrap Up & Close
 
 
 
----
 
 
 
'''Registration:'''
 
 
 
To register for this free event, please register online
 
[https://www.eventbrite.com/e/joint-owasp-bcs-cybercrime-forensics-sig-incident-response-day-2017-tickets-30549478312 here]
 
 
 
The conference will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).
 
  
Please enter through the Helmore Building and ask at reception.
 
  
----
+
---
  
 
'''Meeting Location'''
 
'''Meeting Location'''

Revision as of 00:25, 7 March 2017

OWASP Cambridge

Welcome to the Cambridge chapter homepage. The chapter leaders are Adrian Winckles and Steven van der Baan.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


<paypal>Cambridge</paypal>

Local News

OWASP Cambridge Chapter Security Spring Seminar

Tuesday 7th March 2017 17:30 – 20:30, Lord Ashcroft Building (LAB002), Anglia Ruskin University, Cambridge. Hosted by the Department of Computing & Technology, Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter

Spring Presentations

Guest speaker: Andrew Tillman, 8ARC Ltd

Abstract: “Introduction to Open Source Intelligence"

This talk will provide an introduction to Open Source Intelligence and give an insight into what is needed to conduct an Open Source Intelligence Investigation. The subject matter is designed for persons who are interested in the information discovery phase of an investigation and/or research activity, and will provide theoretical and practical advice and guidance.  The learning points gained from the ‘Introduction to Open Source Intelligence’ are intended to be transferable for numerous uses and are adaptable for both public and private sector organisations.

Biography: Andrew Tillman

Andrew is the CEO of 8ARC LTD, a cyber intelligence and information security management company specialising in protecting businesses and consumers from cyber and cyber-enabled crime. Andrew has extensive detailed and specific experience in the cyber intelligence/investigations arena. As the former Head of Intelligence for National Trading Standards (NTS), Andrew built the first National Trading Standards e-Crime Intelligence Hub, and also the NTS Intelligence Team. In addition to the aforementioned, Andrew has developed and delivered numerous training events, nationally and internationally, on subjects such as Open Source Intelligence (OSINT) cyber intelligence/enforcement, and exploitation of emerging technologies for use in large scale frauds.   Guest Speaker: Andrew Thompson, Solutions Architect, Checkmarx

Biography: Andrew Thompson

With over 20 years experience in IT, Andrew is an industry veteran. He started off working in IBM mainframes prior to spending several years as a Java programmer. Building on his lengthy career debugging code, Andrew’s current goal is helping development teams increase their debugging efficiency.

Abstract - 1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness

We created an application security awareness kit for organisations to run a month long secure coding awareness enhancement program with their developers. We shipped 362 physical kits including an interactive quiz, giveaways and other incentives. During this session you will learn how to effectively educate developers on secure coding best practices, play an interactive gamified session and demonstrate your knowledge and win your very own secure development kits.

Learn how to engage developers with Application Security

View a case study about Application Security education, how it can be gamified and made interactive and appealing to any audience

Request your own education kit to try it out within your organization

Understand why developers are a core function in the cyber security world and why it is critical that they become more security aware

Guest Speaker: John Haine, Chairman, IoT Security Foundation

Biography: John Haine

John Haine has spent his career in the electronics and communications industry, working for British Telecom, Marconi, PA Consulting, and with start-ups including Cognito and Ionica. His technical background includes R&D in radio circuitry and microwave circuit theory; and the design of novel radio systems for cordless telephony, mobile data, and fixed wireless access. He has led standardisation activities in both the latter areas in ETSI, and contributed to WiMax.

In 1999 he joined TTP Communications working on research, technology strategy and M&A activities; and after the company’s acquisition by Motorola became Director of Technology Strategy in Motorola Mobile Devices. After leaving Motorola he was CTO Enterprise Systems with ip.access Limited, the leading manufacturer of GSM picocells and 3G femtocells. In early 2010 he joined Cognovo Limited, which was acquired by u-blox AG in 2012. In u-blox John worked on RF platform strategy for future wireless modules. He led u-blox’ involvement in a major 3GPP standards activity on low complexity cellular communications for the Internet of Things, and the company’s early development of devices for trials and demonstrations. Now retired from u-blox he is Royal Academy of Engineering Visiting Professor at Bristol University, focusing on Radio Systems for the Internet of Things.

John has a first degree from Birmingham (1971) and a PhD from Leeds (1977) universities. He is a member of the IET and IEEE and serves on the Cambridge Wireless Board.

Abstract: “Overview of the IoT Security Foundation”

The IoT Security Foundation is an industry group set up in 2015 to document and promulgate best security practice for IoT devices and systems. In December 2016 it published its initial set of guidelines and its "Trust Framework", initially aimed at connected consumer products. Together these are intended to support a process by which any party in the IoT supply chain can apply best practice in developing, supplying and supporting its products and services, so that we can build a "supply chain of trust". The Foundation has 79 members from across the IT industry ranging from large multi-nationals to one-man-bands, including several universities. Work continues and revised and updated documents will be released in June and December 2017, widening the scope to cover other types of product and service. This presentation will give an overview of the IoTSF and its activities.

Background

OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.

The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.

Agenda

17:30 – 17:45 Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University 17:45 - 18:30 Talk from Andrew Tillman, 8ARC Ltd “Introduction to Open Source Intelligence" 18:30 - 19:15 Talk from Andrew Thompson, Checkmarx, “1 Kit, 8 Steps, 30 Days. How we Raised Application Security Awareness” 19:15 – 20:00 Talk from John Haine, Chairman, IoT Security Foundation, “Overview of the IoT Security Foundation”. 20:00 – 20:30 Refreshments & Networking in LAB006

Registration

To register for this free event, please register online at

https://www.eventbrite.com/e/owasp-cambridge-chapter-spring-security-seminar-tickets-32352865291

The meeting will be held in the Lord Ashcroft Building, Room LAB002 (Breakout Room LAB006 for networking & refreshments).

Please enter through the Helmore Building and ask at reception.


---

Meeting Location

Anglia Ruskin University

Cambridge Campus

East Road

Cambridge

CB1 1PT

Get further information on travelling to the university.

http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/cambridge_campus/find_cambridge.html

Everyone is welcome to join us at our chapter meetings.

Planned dates for upcoming events


Thursday 19th January 2017

Wednesday 25th January 2017

Tuesday 7th February 2017

Tuesday 7th March 2017

Tuesday 4th April 2017

Date Name / Title Link
25 Jan 2017 Nick Alston CBE / PIER Chair presentation
25 Jan 2017 Mark Pearce/ 7Safe/PA Consulting presentation
25 Jan 2017 Martin Cassey / Nascenta presentation
25 Jan 2017 Paul Rowley FBCS / Havebury Housing Association presentation
25 Jan 2017 Laurence Kaleman / Legal Director, Olswang presentation
25 Jan 2017 Tony Drewitt / Head of Consultancy - IT Governance presentation
19 Jan 2017 Tony Drewitt / Head of Consultancy - IT Governance presentation
19 Jan 2017 Peter Yapp / NCSC Deputy Director - Incident Response presentation
19 Jan 2017 Martin Cassey / Nascenta presentation
10 Nov 2016 Graham Rymer / University of Cambridge
10 Nov 2016 Mark Wickenden
12 05 2016 Phil Cobley / Modern Policing & the Fight Against Cyber Crime presentation
12 05 2016 Jules Pagna Disso / Building a resilient ICS presentation
08 03 2016 Andrew Lee-Thorp / So you want to use a WebView? Android WebView: Attack and Defence
10 11 2015 Steve Lord / Trying (and failing) to secure the Internet of Things
John Mersh / Software and System Security: a life vest in the IoT ocean
10 Oct 2015 Sumit "sid" Siddharth / Some neat, new and ridiculous hacks from our vault
10 Feb 2015 Steven van der Baan / Web Application Security Testing with Burp Suite
2 December 2014 Colin Watson / OWASP Cornucopia
21 October 2014 Eireann Leverett presentation
1st April 2014 Ian Glover (CREST) / Overview of the CREST activities to professionalise the industry.
Yiannis Chrysanthou (KPMG) / Modern Password Cracking
Damien King (KPMG) / Filename Enumeration with TildeTool
12th November 2013 Paul Cain / Tracking Data using Forensics
12th November 2013 James Forshaw/ The Forger's Art: Exploiting XML Digital Signature Implementations presentation
5th March 2013 Sarantis Makoudis / Android (in)Security presentation
5th March 2013 Nikhil Sreekumar / Power On, Powershell presentation


Retrieved from "https://wiki.owasp.org/index.php?title=Cambridge&oldid=227088"