This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Newcastle"

From OWASP

Jump to: navigation, search

Revision as of 23:07, 3 January 2018

OWASP Newcastle

Welcome to the Newcastle chapter homepage. The chapter leaders are Connor Carr, Robin Fewster, Mike Goodwin, and Andi Pannell

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?

The next meeting will be held on 21st November Northumbria City Campus East, room CCE1-024 18:00 - 21:00.

If you plan to attend please register via Eventbrite here. Registration is not essential although it does help us to estimate the pizza order!

First talk by Lorenzo Grespan he will be talking about Explain hacking in ten minutes:

Bio: Lorenzo Grespan is a computer scientist currently working as an application security specialist for Secarma, Ltd. While his main interest has always been computer security, he also worked as a developer, systems administrator and project manager for a research effort in robotic surgery. His background is in computational neuroscience, neural networks and evolutionary systems and he likes to solve interesting problems at the intersection of people and technology.

Talk (30 minutes): Recently I had to show a 10-minute "live hack" to a non-technical audience. As an introvert and a geek my main effort was in maintaining technical accuracy, however what made the audience go "aha!" turned out to be what for me was the least significant detail of the entire demo. In this talk I will show the hack, share the lessons learned and discuss how to communicate security concerns to non technical stakeholders, higher management and end users.

Media:OWASPNCL LG 21112017.pdf

Pizza and networking

Talk 2: Robin Sillem has a talk entitled Building a Development Environment That's 'Secure Enough'. This will be a discussion of how a team at DWP is using modern DevOps practices to create a dev/build/test platform secure enough for development of services handling large volumes of UK citizen data.

Keep updated and in touch using the chapter mailing list and/or Twitter @OWASP_Newcastle

2015 Dates

24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002

The long talk by Ben Lee and Ross Dargan:

The problems with proving identity.

In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.

The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*

(*Talk may not be historically accurate! ;))

Media: OWASPNewcastle_the_problem_with_proving_identity.pptx

The short talks:

Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks

The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.

Take a copy of the game away with you - it is suitable for developers of all sizes.

Media: Owaspnewcastle-snakesandladders.pptx

Michael Haselhurst - Automated Security Testing Using The ZAP API

This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.

Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx

Mike Goodwin - Real world defence in depth (part 1)

Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.

Media: Owaspnewcastle-real_world_defence_in_depth.pptx

29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002

We changed the format for this meeting and has 3 short talks (approx 20 mins) and then one long one (60 mins).

Speakers:

John Beddard on Securing Real-Time Networks (short talk) Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf
Ian Oxley on Content Security Policy (short talk) Media: CSP_Newcastle_Chapter_Sept_2015.pdf
Mike Goodwin on Threat Dragon - a new threat modelling tool project from OWASP (short talk) Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx
Neil Dixley on 'OWASP Top 10 Mobile Risks' (long talk) Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx

28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.

Speakers:

Andrew Waite: Honeypots; from research to the Enterprise.

Media: OWASP_Honeypots.odp

George Chlapoutakis: Security in the World of Containerisation.

Media: OWASP_Security_Containerisation.ppt

29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.

Speakers:

Robin Fewster: An introduction to basic application penetration testing.

An introduction to penetration testing, using several OWASP projects as well as other open source and free programs. Media: An_introduction_to_penetration_testing.pptx

Neil Dixley: The Elevation of Privilege Threat Modelling Tool.

An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. Media: Threat_Modeling_Presentation.pptx

24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.

Speakers:

Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering. An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx
Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?. Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. Media: OWASP_Compliance_for_Devs.pptx

2016 Dates

23/08/2016 from 18:00 to 21:00 at The Auditorium - Bunker Coffee and Kitchen 9-11 Carliol Square, Newcastle-upon-Tyne, NE1 6UF.

Speakers:

Andrew Pannell: 50 Million Downloads and All I Got Was Malware. How is it a free Android application that has been downloaded more times than WhatsApp can turn your phone into malware, sending your private data to China and inserting adverts? I’ll be discussing my journey of researching mobile malware and how you can too. [1]
Colin Watson: OWASP Cornucopia. OWASP Cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle. This session will use an example eCommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats. The game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities. Bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [2]

2017 Dates

Running a security event using OWASP Security Shepherd

In this talk I will cover running a security event using OWASP Security Shepherd. The event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications. This talk will cover the project planning stage, through execution to the project retrospective. Media:Security_Shepherd.pptx

Talk 2: Mike Goodwin

Enter the (Threat ) Dragon:Threat Modeling with OWASP Threat Dragon

Threat modeling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to Windows or not free. OWASP Threat Dragon is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood. Mike the the project leader for Threat Dragon, so if you want to contribute, he would be very pleased to speak to you. Media:Owasp_threat_dragon_201709_.pptx

Retrieved from "https://wiki.owasp.org/index.php?title=Newcastle&oldid=236580"

Categories:

@@ Line 14: / Line 14: @@
 Talk (30 minutes): Recently I had to show a 10-minute  "live hack" to a non-technical audience. As an introvert and a geek my main effort was in maintaining technical accuracy, however what made the audience go "aha!" turned out to be what for me was the least significant detail of the entire demo. In this talk I will show the hack, share the lessons learned and discuss how to communicate security concerns to non technical stakeholders, higher management and end users.
+[[Media:OWASPNCL LG 21112017.pdf]]
 Pizza and networking
@@ Line 70: / Line 72: @@
 * '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]
-* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf ]]
+* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf |Media: CSP_Newcastle_Chapter_Sept_2015.pdf]]
 * '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]
 * '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]

Difference between revisions of "Newcastle"

Revision as of 23:07, 3 January 2018

OWASP Newcastle

Participation

Sponsorship/Membership

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools