This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cambridge

From OWASP
Revision as of 14:15, 29 August 2017 by Adrian Winckles (talk | contribs) (Local News)

Jump to: navigation, search

OWASP Cambridge

Welcome to the Cambridge chapter homepage. The chapter leaders are Adrian Winckles and Steven van der Baan.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Local News

OWASP Cambridge Chapter Secure Coding Tournament and Seminar Event

Tuesday 12th September 2017 17:00 – 21:00, Coslett Building COS404/405 & COS124, Anglia Ruskin University, Cambridge.

Hosted by the Cyber Security & Networking Research Group (Department of Computing & Technology), Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter

Secure Code Warrior kindly sponsoring tournament and T-Shirt/Hoodies as Prizes.

OWASP Cambridge sponsoring the Beer, OWASP Swag and Other Prizes

Pizza kindly sponsored by Anglia Ruskin and Others TBD

OWASP Cambridge – Secure Coding Tournament

Compete against your peers to become the ‘Secure Code Warrior.’

OWASP Cambridge Secure Coding Champion 2017.

Secure Coding tournament – what is it all about?

Join this live interactive tournament which is sure to be a fun, challenging learning experience for all.  Whether you are eager to prove your web application AppSec knowledge of the OWASP Top 10 and more…. and watch as you climb to the top of the leaderboard or simply want to learn more about how to code more securely – everyone is welcome and there will be prizes / SWAG for the winner(s). 

Participants are presented with any of three kinds of vulnerable code challenges - identify the problem, locate the insecure code, and fix the vulnerability. Gamification helps
to make the exercise a fun, engaging and interactive experience. Participants can select from various software languages to complete the tournament, including:

Java EE, Java Spring, C# MVC, C# WebForms, Ruby on Rails, Python Django & Node.Js.

Who should take part?

Any developer with an interest in secure coding!

In past tournaments, developers from varying levels of experience, skill levels and various job roles have competed, but all have a common interest in security and the future of security.

The aim of this event is to connect the OWASP Cambridge Chapter in a more open and engaging setting. Security experts will be on-hand to chat and help people during the event.

Guaranteed to be a fun and insightful evening!

Why should I take part?

Becoming the first ever OWASP Cambridge Secure Code Champion should be enough to whet the appetite. However, there will also be prizes, pizza and beer on hand. It is a great opportunity to test your skill levels and have fun on the Secure Code Warrior platform, connect with like-minded folks interested in secure coding and get industry insight from Peter Lawrey’s keynote speech – all free of charge.

Why is Secure Coding a big deal?

If you look at some of the most significant breaches over the last four years, Capgemini, Amazon, Yahoo and more locally the NHS, the common attack vector was vulnerable code. The striking reality is that these were not zero day vulnerabilities with no immediate remediation’s, these attacks targeted known vulnerabilities with known remediation.

As companies move to more agile development, more and more code releases occur daily, if not, on an hourly basis. It is paramount that developers writing the code become the first line of defense. But, for this to happen, developers must build their secure coding skillset. Once a developer builds those skills, they will start to write less vulnerabilities and reduce the possible attack surface of their organisation. From an agility and cost point of view, if less vulnerabilities are included from the start of the SDLC, the organization can save money and precious time – truly enabling agile performance.

Prizes:

1st Prize Raspberry Pi Kit, Hoodie & OWASP Swag (TBD)

2nd Prize Hoodie/T Shirt & OWASP Swag

Plus Other T-Shirts

Student 1st Prize

Free Entry to Cambridge Wireless’s “Inclusive Innovation Conference” 19th September at the Bradfield Centre, Cambridge Science Park (worth £75)

http://www.cambridgewireless.co.uk/InclusiveInnovation/

Many other Prizes!!

Please ensure you bring your laptop (not a tablet) to take part.

Presentation

Guest Speaker: Peter Lawrey – CEO at Higher Frequency Trading Ltd & Chronicle Software

Biography: Peter Lawrey

 Peter Lawrey likes to inspire developers to improve the craftmanship of their solutions, engineer their systems for simplicity and performance, and enjoy their work more by being creative and innovative.

He has a popular blog “Vanilla Java” which gets 120K page views per months, is 3rd on StackOverflow.com for [Java] and 2nd for [concurrency], and is lead developer of the OpenHFT project which includes support for off heap memory, thread pinning and low latency persistence and IPC (as low as 100 nano-seconds)

Abstract – “Secure Coding Challenges ” TBC

Background

OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.

The Cyber Security and Networking (CSN) research group has close working strategic relationships with industry, professional bodies, law enforcement, government agencies and academia in the delivery of operationally focused applied information and application security research.  We have strong international links with professional organizations such as OWASP, BCS, ISC2, IISP & the UK Cyber Security Forum amongst others. The primary aims of CSNRG are to help the UK and partner nations to tackle cybercrime, be more resilient to cyber-attacks and educate its users for a more secure cyberspace and operational business environment.  These will be achieved through the investigation of threats posed to information systems, understanding the impact of attacks and creation of cyber-based warning systems which include gathering threat intelligence, automate threat detection, alert users and neutralize attacks.  For network security we are researching securing the next generation of software defined infrastructures from the application API and control/data plane attacks. Other key work includes computer forensic analysis, digital evidence crime scenes and evidence visualisation as well as cyber educational approaches such as developing Capture the Flag (CTF) resources and application security programs.

The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.

Agenda

17:00 – 17:45: Pizza/Beer & Networking in COS 404/405

17:45 – 18:00: Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University

18:00 – 18.45: Talk from Peter Lawrey CEO of Higher Frequency Trading Ltd & Chronicle Software

18:45 – 19.00: Registration/on-boarding of participants to the SCW platform.

19:00 – 21.00* Tournament

•15 minutes at end to wrap up and hand out prizes

Registration

To register for this free event, please register online here

The networking and refreshments will be held in Coslett Building (Room COS404/405 on the 4th Floor) whilst the following talk and tournament will be held in the Coslett Building Large Lecture theatre, Room COS124

Please enter through the Helmore Building and ask at reception.

There will be a reception desk on the ground floor of Coslett Building

Anglia Ruskin University,

Cambridge Campus

East Road

Cambridge

CB1 1PT

Get further information on travelling to the university here .

To find the Cambridge East Road Campus please see the following map

The Coslett building is at the rear of the campus, also accessible from the Mill Road entrance (see campus map).


Planned dates for upcoming events

Cambridge_OWASP Event 20170927 - Secure Coding Challenge 11/09/2017
Cambridge_OWASP Event 20171010 - Web Application  Firewalls 03/10/2017
Cambridge_OWASP/BCS Cybercrime Forensics & Social Media Forensics Day Event 11/10/2017
Cambridge_OWASP & BCS East Anglia Event - GDPR Evening 07/11/2017
Cambridge_OWASP & UK Cyber Security Forum GDPR Event 20171115 15/11/2017
Cambridge_OWASP Event 20171205 05/12/2017
Cambridge_OWASP & BCS Cybercrime Forensics/IoT Forensics Security Day 20180110/11 10/01/2018 or 11/01/2018
Cambridge_OWASP & UK Cyber Security Forum Cyber Machine Learning Day 20180118/19 18/01/2018,
Cambridge_OWASP Event 13/02/2018
Cambridge_OWASP Event 13/03/2018
Cambridge_OWASP Event 10/04/2018
Cambridge_OWASP Event 08/05/2018
Date Name / Title Link
4 April 2017 Leum Dunn - Redacted presentation
7 March 2017 Andrew Thompson - Checkmarx presentation
7 March 2017 John Haine IoT Security Foundation (Chair) presentation
25 Jan 2017 Nick Alston CBE / PIER Chair presentation
25 Jan 2017 Mark Pearce/ 7Safe/PA Consulting presentation
25 Jan 2017 Martin Cassey / Nascenta presentation
25 Jan 2017 Paul Rowley FBCS / Havebury Housing Association presentation
25 Jan 2017 Laurence Kaleman / Legal Director, Olswang presentation
25 Jan 2017 Tony Drewitt / Head of Consultancy - IT Governance presentation
19 Jan 2017 Tony Drewitt / Head of Consultancy - IT Governance presentation
19 Jan 2017 Peter Yapp / NCSC Deputy Director - Incident Response presentation
19 Jan 2017 Martin Cassey / Nascenta presentation
10 Nov 2016 Graham Rymer / University of Cambridge
10 Nov 2016 Mark Wickenden
12 05 2016 Phil Cobley / Modern Policing & the Fight Against Cyber Crime presentation
12 05 2016 Jules Pagna Disso / Building a resilient ICS presentation
08 03 2016 Andrew Lee-Thorp / So you want to use a WebView? Android WebView: Attack and Defence
10 11 2015 Steve Lord / Trying (and failing) to secure the Internet of Things
John Mersh / Software and System Security: a life vest in the IoT ocean
10 Oct 2015 Sumit "sid" Siddharth / Some neat, new and ridiculous hacks from our vault
10 Feb 2015 Steven van der Baan / Web Application Security Testing with Burp Suite
2 December 2014 Colin Watson / OWASP Cornucopia
21 October 2014 Eireann Leverett presentation
1st April 2014 Ian Glover (CREST) / Overview of the CREST activities to professionalise the industry.
Yiannis Chrysanthou (KPMG) / Modern Password Cracking
Damien King (KPMG) / Filename Enumeration with TildeTool
12th November 2013 Paul Cain / Tracking Data using Forensics
12th November 2013 James Forshaw/ The Forger's Art: Exploiting XML Digital Signature Implementations presentation
5th March 2013 Sarantis Makoudis / Android (in)Security presentation
5th March 2013 Nikhil Sreekumar / Power On, Powershell presentation