Cambridge

Local News

OWASP Cambridge Chapter Secure Coding Tournament and Seminar Event

Tuesday 12th September 2017 17:00 – 21:00, Coslett Building COS404/405 & COS124, Anglia Ruskin University, Cambridge.

Hosted by the Cyber Security & Networking Research Group (Department of Computing & Technology), Anglia Ruskin University & OWASP (Open Web Application Security Project) Cambridge Chapter

Secure Code Warrior kindly sponsoring tournament and T-Shirt/Hoodies as Prizes.

OWASP Cambridge sponsoring the Beer, OWASP Swag and Other Prizes

Pizza kindly sponsored by Anglia Ruskin and Others TBD

OWASP Cambridge – Secure Coding Tournament

Compete against your peers to become the ‘Secure Code Warrior.’

OWASP Cambridge Secure Coding Champion 2017.

Secure Coding tournament – what is it all about?

Join this live interactive tournament which is sure to be a fun, challenging learning experience for all.  Whether you are eager to prove your web application AppSec knowledge of the OWASP Top 10 and more…. and watch as you climb to the top of the leaderboard or simply want to learn more about how to code more securely – everyone is welcome and there will be prizes / SWAG for the winner(s). 

Participants are presented with any of three kinds of vulnerable code challenges - identify the problem, locate the insecure code, and fix the vulnerability. Gamification helps
to make the exercise a fun, engaging and interactive experience. Participants can select from various software languages to complete the tournament, including:

Java EE, Java Spring, C# MVC, C# WebForms, Ruby on Rails, Python Django & Node.Js.

Who should take part?

Any developer with an interest in secure coding!

In past tournaments, developers from varying levels of experience, skill levels and various job roles have competed, but all have a common interest in security and the future of security.

The aim of this event is to connect the OWASP Cambridge Chapter in a more open and engaging setting. Security experts will be on-hand to chat and help people during the event.

Guaranteed to be a fun and insightful evening!

Why should I take part?

Becoming the first ever OWASP Cambridge Secure Code Champion should be enough to whet the appetite. However, there will also be prizes, pizza and beer on hand. It is a great opportunity to test your skill levels and have fun on the Secure Code Warrior platform, connect with like-minded folks interested in secure coding and get industry insight from Peter Lawrey’s keynote speech – all free of charge.

Why is Secure Coding a big deal?

If you look at some of the most significant breaches over the last four years, Capgemini, Amazon, Yahoo and more locally the NHS, the common attack vector was vulnerable code. The striking reality is that these were not zero day vulnerabilities with no immediate remediation’s, these attacks targeted known vulnerabilities with known remediation.

As companies move to more agile development, more and more code releases occur daily, if not, on an hourly basis. It is paramount that developers writing the code become the first line of defense. But, for this to happen, developers must build their secure coding skillset. Once a developer builds those skills, they will start to write less vulnerabilities and reduce the possible attack surface of their organisation. From an agility and cost point of view, if less vulnerabilities are included from the start of the SDLC, the organization can save money and precious time – truly enabling agile performance.

Prizes:

1^st Prize Raspberry Pi Kit, Hoodie & OWASP Swag (TBD)

2^nd Prize Hoodie/T Shirt & OWASP Swag

Plus Other T-Shirts

Student 1^st Prize

Free Entry to Cambridge Wireless’s “Inclusive Innovation Conference” 19^th September at the Bradfield Centre, Cambridge Science Park (worth £75)

http://www.cambridgewireless.co.uk/InclusiveInnovation/

Many other Prizes!!

Please ensure you bring your laptop (not a tablet) to take part.

Presentation

Guest Speaker: Peter Lawrey – CEO at Higher Frequency Trading Ltd & Chronicle Software

Biography: Peter Lawrey

 Peter Lawrey likes to inspire developers to improve the craftmanship of their solutions, engineer their systems for simplicity and performance, and enjoy their work more by being creative and innovative.

He has a popular blog “Vanilla Java” which gets 120K page views per months, is 3rd on StackOverflow.com for [Java] and 2nd for [concurrency], and is lead developer of the OpenHFT project which includes support for off heap memory, thread pinning and low latency persistence and IPC (as low as 100 nano-seconds)

Abstract – “Secure Coding Challenges ” TBC

Background

OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit worldwide charitable organisation focused on improving the security of application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks.

The Cyber Security and Networking (CSN) research group has close working strategic relationships with industry, professional bodies, law enforcement, government agencies and academia in the delivery of operationally focused applied information and application security research.  We have strong international links with professional organizations such as OWASP, BCS, ISC2, IISP & the UK Cyber Security Forum amongst others. The primary aims of CSNRG are to help the UK and partner nations to tackle cybercrime, be more resilient to cyber-attacks and educate its users for a more secure cyberspace and operational business environment.  These will be achieved through the investigation of threats posed to information systems, understanding the impact of attacks and creation of cyber-based warning systems which include gathering threat intelligence, automate threat detection, alert users and neutralize attacks.  For network security we are researching securing the next generation of software defined infrastructures from the application API and control/data plane attacks. Other key work includes computer forensic analysis, digital evidence crime scenes and evidence visualisation as well as cyber educational approaches such as developing Capture the Flag (CTF) resources and application security programs.

The Department of Computing & Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop and a local Information Security Student Society.

Agenda

17:00 – 17:45: Pizza/Beer & Networking in COS 404/405

17:45 – 18:00: Welcome from the OWASP Cambridge Chapter Leader, Adrian Winckles, Course Leader in Information Security & Forensic Computing, Anglia Ruskin University

18:00 – 18.45: Talk from Peter Lawrey CEO of Higher Frequency Trading Ltd & Chronicle Software

18:45 – 19.00: Registration/on-boarding of participants to the SCW platform.

19:00 – 21.00* Tournament

•15 minutes at end to wrap up and hand out prizes

Registration

To register for this free event, please register online here

The networking and refreshments will be held in Coslett Building (Room COS404/405 on the 4^th Floor) whilst the following talk and tournament will be held in the Coslett Building Large Lecture theatre, Room COS124

Please enter through the Helmore Building and ask at reception.

There will be a reception desk on the ground floor of Coslett Building

Anglia Ruskin University,

Cambridge Campus

East Road

Cambridge

CB1 1PT

Get further information on travelling to the university here .

To find the Cambridge East Road Campus please see the following map

The Coslett building is at the rear of the campus, also accessible from the Mill Road entrance (see campus map).

Planned dates for upcoming events