|
|
Line 4: |
Line 4: |
| | | |
| == Local News == | | == Local News == |
− | The next meeting will be held at the Hilton Grosvoner on February 28th starting at 7pm. We have secured Dr Steven Moyle as the Guest Speaker. Details on Steve and his presentation can be found below. I have sat in on one of Steve’s presentations at RSA and they are extremely informative and dynamic.
| |
| | | |
− |
| + | We're Back! |
| | | |
− | Look forward to seeing you soon.
| |
| | | |
− | | + | After a long hiatus the OWASP Scotland chapter has it's next meeting lined up. The date for the diary is Monday October 25th at 6pm. Exact venue to be confirmed but it'll be central Edinburgh. |
| | | |
− | John
| + | We're planning to have Dinis Cruz along to do a talk for us, but it's also a great opportunity for interested parties to have their say in what they'd like to see the OWASP chapter in Scotland achieve. |
| | | |
− |
| |
| | | |
− | Title: "Databases: A class break by design! Is there a class defense?"
| |
| | | |
− |
| |
− |
| |
− | Abstract:
| |
− |
| |
− |
| |
− |
| |
− | "The very foundation principles of relational databases combined with their complexity and ubiquity make them delicately poised to explode sensitive data across the Internet. The trigger is applications developed insensitively to the class breaks in the databases beneath. Can applications be developed with security to mitigate against these vulnerabilities? Are there any class defenses available?"
| |
− |
| |
− |
| |
− |
| |
− | Biographical sketch:
| |
− |
| |
− |
| |
− |
| |
− | "Steve Moyle is the co-founder and Chief Technology Officer of Secerno - the database security company out of Oxford. He has a diverse background. His early career was in process engineering for heavy industry, working for Comalco Aluminium (now part of the Rio Tinto group). He then focused on process automation and computer control systems - first for Comalco, and then for Honeywell Control Systems. He designed and engineered computer monitoring and control systems for not-normally-manned North Sea gas platforms for Total & Conoco. An interest in data mining drew him into research at the Oxford University Computing Laboratory where he spent the next decade. After obtaining his doctorate in symbolic machine learning Steve continued his research at Oxford.
| |
− | His research results in machine learning found a powerful fit in the field of computer security. Steve has built the team of people at Secerno to embed these techniques into the company's range of database security products."
| |
− |
| |
− |
| |
− |
| |
− |
| |
− | '''Next Meeting - Wednesday 23rd January 2008
| |
− | Guest Speaker: Rory McCune, Technical Specialist, HBOS PLC
| |
− |
| |
− | Venue: Hilton Caledonian
| |
− |
| |
− | Time: Wednesday 12th December; 7.00pm for a 7.30pm start
| |
− |
| |
− | Abstract to follow
| |
− |
| |
− |
| |
− | '''Inaugural Meeting'''
| |
− |
| |
− |
| |
− | Venue: Hilton Caledonian Hotel
| |
− |
| |
− | Time: Tuesday 23rd October; 7.00pm for a 7.30pm Start
| |
− |
| |
− | Main Speaker: Brain Chess, Chief Scientist, Fortify Software
| |
− |
| |
− | Title: Secure Programming with Static Analysis
| |
− |
| |
− | Abstract:
| |
− |
| |
− | Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine tooth comb and uncover the kinds of errors that lead directly to vulnerabilities. This talk frames the software security problem and shows how static analysis is part of the solution.
| |
− |
| |
− | Highlights include:
| |
− |
| |
− | - The most common security short-cuts and why they lead to security failures
| |
− |
| |
− | - Why programmers are in the best position to get security right
| |
− |
| |
− | - Where to look for security problems
| |
− |
| |
− | - How static analysis helps
| |
− |
| |
− | - The critical attributes and algorithms that make or break a static analysis tool
| |
− |
| |
− | We will look at how static analysis works, how to integrate it into the software development processes, and how to make the most of it during security code review. Along the way we'll look at examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar errors.
| |
− |
| |
− | '''Other''': 10 Minutes on OWASP and the Edinburgh Chapter
| |
| | | |
| [[Category:United Kingdom]] | | [[Category:United Kingdom]] |
Revision as of 18:50, 7 October 2008
OWASP Scotland
Welcome to the Scotland chapter homepage. The chapter leader is John D Wood
<paypal>Scotland</paypal>
Participation
OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.
to this chapter or become a local chapter supporter.
Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member?
Local News
We're Back!
After a long hiatus the OWASP Scotland chapter has it's next meeting lined up. The date for the diary is Monday October 25th at 6pm. Exact venue to be confirmed but it'll be central Edinburgh.
We're planning to have Dinis Cruz along to do a talk for us, but it's also a great opportunity for interested parties to have their say in what they'd like to see the OWASP chapter in Scotland achieve.