This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Leeds UK

Revision as of 11:29, 2 February 2011 by Owaspleeds (talk | contribs) (2011 Planned Meetings)

Jump to: navigation, search


Welcome to the Leeds UK chapter homepage. This is a new chapter and we are looking for enthusiatic new members to make this one of the best OWASP chapters. We are hoping to accumalate a good proportion of subject matter experts who will in turn be able to provide guidance and presentations for the benefit of all chapter members. So please join the mailing list and contribute.

Details of your chapter Board members can be found here Leeds_UK_chapter_leaders

The chapter email address is [email protected]


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


2012 Planned Meetings

June 22nd Manchester

September 21st Leeds

December 14th TBC

Next Meeting

Date: Wednesday 8th December in Manchester::: Kindly sponsored by KPMG. For more details on our sponsors please click here

Please note, you MUST RSVP with the correct name as this will ensure you can get access to the building. Please go to to RSVP

Location: KPMG Manchester - Room 6.4, St James Square, Manchester, Greater Manchester, M2 6DS

Schedule: 18:00 for 18:15 start

18:20 - 18:30

OWASP Chapter introduction. OWASP values and membership. Chapter information.

Jason Alexander - OWASP Leeds/Northern Chapter Board Member

18:30 - 19:15

upSploit - Vulnerability Advisory Solution

Thomas Mackenzie

Over the past year a lot of vulnerabilities have been released out into the wild and a lot of discussion has been had on what ethical disclosure is. upSploit is an online web application / tool that can be used by researchers to release vulnerabilities as ethically as possible.

The talk consists of a number of parts including: Information on vulnerability disclosure before upSploit was around, the creation / idea of upSploit and how it has helped and is helping the community at the moment.

Speaker Bio

Tom studies a BSc (Hons) in Ethical Hacking for Computer Security at Northumbria University in Newcastle and worked part time for Wetherby based company RandomStorm conducting Web Penetration testing, External Penetration testing and building wireless analysis solutions. Tom found a vulnerability in WordPress back in February 2010 which helped him kickstart his career in infosec whilst still studying. Previously the Co-host of popular UK student podcast Disaster Protocol Tom now spend all the time away from that on the upSploit project making sure his team get stuff done!

19:15 - 20:00

Avoiding the CWE/SANS Top 25 Most Dangerous Programming Errors

Jason Steer - Solution Architect at Veracode

The CWE/SANS list of the Top 25 Most Dangerous Programming Errors is becoming the standard for developing secure applications in large enterprises. Even the State of New York and the Depository Trust & Clearing Corporation (DTCC) plan to implement procurement contracts that include language mandating application security. Whether you manage internal development activities, work with third party developers or are developing commercial-of-the-shelf (COTS) applications for enterprises, your mandate is clear- safeguard your code and avoid the CWE/SANS Top 25 Most Dangerous Programming Errors.

During this presentation, Jason will discuss:

Prevalence of attacks using vulnerabilities listed in the CWE/SANS Top 25

CWE categories illustrated with code snippets in .NET, Java, and other languages

Impact of attacks on your application and your customers

Methods to identify, track and remediate these vulnerabilities

Session attendees will leave armed with the necessary steps to ensure that they’re building secure applications.

20:00 - 20:45

OWASP Zed Attack Proxy

Simon Bennetts - Project Lead and technical team lead at Sage UK

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.

In this presentation Simon will explain why it was released, who it is aimed at and where it is headed.

Past Events

2010 Dates



17th March - Leeds

2009 Dates

14th October 2009 - Leeds