This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

2017 04 26 Manchester

From OWASP
Revision as of 12:32, 13 May 2017 by Daniel Pollard (talk | contribs) (Archive for past OWASP Manchester Event)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Wednesday 26th April at ThoughtWorks, City Tower, Manchester

This event will be hosted by ThoughtWorks at their newly refurbished City Tower offices right in the heart of the city. ThoughtWorks will also be providing the pizza; beer sponsors will be announced shortly (or else we're all going thirsty!)

Confirmed Speakers:

Alex Haynes - I found a Vulnerability!

The talk will cover vulnerability disclosure and the pitfalls to avoid both as a security researcher and as a company exposed to vulnerabilities. We'll also cover different types of disclosure programs like Bugcrowd and Hackerone, and the advantages and disadvantages of each. The Grey market will get a brief look and of course we'll talk about vulnerabilities. Lots and lots of vulnerabilities.

Tim Fletcher - Distributed Policy Enforcement with OpenSSH Certificates

OpenSSH is installed on nearly every virtual machine, physical server and many IoT devices. OpenSSH is a critical systems administration tool used to manage everything from the server in the shed to continent spanning collections of systems.

Logging in to OpenSSH quickly and security is normally done with keys, sometimes using strong passwords and hardware key storage all too often left lying about on laptops.

Managing the list of keys and permissions for an organisation of more than a handful of people rapidly gets challenging, tracking who has used which key to do what even more so.

Using the CA feature of OpenSSH it is possible to remove all this complexity, and leverage OpenSSH to enforce your central policies and provide you with strong audit trails.

The talk will cover the technical aspects of what can be done with SSH certificates and the implementation for SSH certificates for an IoT focused business. The management server the business uses will be released shortly before the talk as an OSS project during the FLOSSUK Conference in March.