This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Manchester"

From OWASP
Jump to: navigation, search
(Next Meeting)
Line 10: Line 10:
 
'''Wednesday 26th April''' at ThoughtWorks, City Tower, Manchester
 
'''Wednesday 26th April''' at ThoughtWorks, City Tower, Manchester
  
The next OWASP Manchester event will be held at City Tower, Piccadilly Plaza, Manchester on Wednesday 26th April kindly hosted by [https://www.thoughtworks.com/ ThoughtWorks]. Pizza for this event is also being provided by [https://www.thoughtworks.com/ ThoughtWorks].
+
This event will be hosted by [https://www.thoughtworks.com/ ThoughtWorks] at their newly refurbished City Tower offices right in the heart of the city. ThoughtWorks will also be providing the pizza; beer sponsors will be announced shortly (or else we're all going thirsty!)
  
We're interested in hearing from anyone who may be willing/able to talk at this or a future OWASP Manchester event and also potential beer sponsors. If you think you can help please let one of the [[Manchester#Chapter_Leaders|Chapter Leaders]] know.
+
Confirmed Speakers:
  
A full schedule for the event will be posted here shortly.
+
'''Alex Haynes - I found a Vulnerability!'''
 +
 
 +
The talk will cover vulnerability disclosure and the pitfalls to avoid both as a security researcher and as a company exposed to vulnerabilities. We'll also cover different types of disclosure programs like Bugcrowd and Hackerone, and the advantages and disadvantages of each. The Grey market will get a brief look and of course we'll talk about vulnerabilities. Lots and lots of vulnerabilities.
 +
 
 +
'''Tim Fletcher - Distributed Policy Enforcement with OpenSSH Certificates'''
 +
 
 +
OpenSSH is installed on nearly every virtual machine, physical server and many IoT devices. OpenSSH is a critical systems administration tool used to manage everything from the server in the shed to continent spanning collections of systems.
 +
 
 +
Logging in to OpenSSH quickly and security is normally done with keys, sometimes using strong passwords and hardware key storage all too often left lying about on laptops.
 +
 
 +
Managing the list of keys and permissions for an organisation of more than a handful of people rapidly gets challenging, tracking who has used which key to do what even more so.
 +
 
 +
Using the CA feature of OpenSSH it is possible to remove all this complexity, and leverage OpenSSH to enforce your central policies and provide you with strong audit trails.
 +
 
 +
The talk will cover the technical aspects of what can be done with SSH certificates and the implementation for SSH certificates for an IoT focused business. The management server the business uses will be released shortly before the talk as an OSS project during the FLOSSUK Conference in March.
 +
 
 +
A full schedule for the event and a link for tickets will be posted here shortly.
 +
 
 +
 
 +
 
 +
We're interested in hearing from anyone who may be willing/able to talk, host or sponsor future OWASP Manchester events. If you think you can help please let one of the [[Manchester#Chapter_Leaders|Chapter Leaders]] know.
  
 
= Upcoming Events  =
 
= Upcoming Events  =

Revision as of 20:46, 5 February 2017

OWASP Manchester

Welcome to the Manchester chapter homepage. This UK chapter was started in 2011, having grown out of the successful Leeds_UK chapter.

You can follow @OwaspMcr on Twitter and view some of the chapter meeting videos on YouTube.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Wednesday 26th April at ThoughtWorks, City Tower, Manchester

This event will be hosted by ThoughtWorks at their newly refurbished City Tower offices right in the heart of the city. ThoughtWorks will also be providing the pizza; beer sponsors will be announced shortly (or else we're all going thirsty!)

Confirmed Speakers:

Alex Haynes - I found a Vulnerability!

The talk will cover vulnerability disclosure and the pitfalls to avoid both as a security researcher and as a company exposed to vulnerabilities. We'll also cover different types of disclosure programs like Bugcrowd and Hackerone, and the advantages and disadvantages of each. The Grey market will get a brief look and of course we'll talk about vulnerabilities. Lots and lots of vulnerabilities.

Tim Fletcher - Distributed Policy Enforcement with OpenSSH Certificates

OpenSSH is installed on nearly every virtual machine, physical server and many IoT devices. OpenSSH is a critical systems administration tool used to manage everything from the server in the shed to continent spanning collections of systems.

Logging in to OpenSSH quickly and security is normally done with keys, sometimes using strong passwords and hardware key storage all too often left lying about on laptops.

Managing the list of keys and permissions for an organisation of more than a handful of people rapidly gets challenging, tracking who has used which key to do what even more so.

Using the CA feature of OpenSSH it is possible to remove all this complexity, and leverage OpenSSH to enforce your central policies and provide you with strong audit trails.

The talk will cover the technical aspects of what can be done with SSH certificates and the implementation for SSH certificates for an IoT focused business. The management server the business uses will be released shortly before the talk as an OSS project during the FLOSSUK Conference in March.

A full schedule for the event and a link for tickets will be posted here shortly.


We're interested in hearing from anyone who may be willing/able to talk, host or sponsor future OWASP Manchester events. If you think you can help please let one of the Chapter Leaders know.

Mid/Late Summer 2017

The next event will be in July or August - watch this space for further details.

2016 Dates

30th November

16th June

17th March


2015 Dates

12th November

17th June

17th February

2014 Dates

8th September

13th May

27th February

2013 Dates

30th April

2012 Dates

11th September

30th May

1st February

2011 Dates

16th November

24th August As part of the Leeds Chapter

22nd June As part of the Leeds Chapter

2010 Dates

8th December As part of the Leeds Chapter

The chapter leaders are:

We are actively seeking more chapter leaders - please get in touch if you would like to become one!

We are looking for organizations to sponsor the Manchester chapter.

You can sponsor the chapter for one year at the following levels:

  • £300 Silver
  • £600 Gold
  • £1200 Platinum

You can also sponsor a meeting by hosting the event or donating £100.

If you are interested in sponsoring the chapter then please get in touch with one of the chapter leaders.


Other related organizations in the Manchester area:

Please get in touch with one of the chapter leaders to get your organization listed here.

And feel free to use the Manchester mailing list to publicise related events.


Chapter Sponsors

Thank you to our Gold Chapter sponsor: Veracode-sponsor.jpg