This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Suffolk"

From OWASP
Jump to: navigation, search
(Created page with " {{Chapter Template|chaptername=Suffolk|extra=The chapter leader is [mailto:[email protected] James Verniquest].|mailinglistsite=http://lists.owasp.org/mailman/listinf...")
 
(added links to slides and video)
 
(36 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
{{Chapter Template|chaptername=Suffolk|extra=The chapter leaders are [mailto:[email protected] Wojciech Cichon] and [mailto:[email protected] Abhinav Sejpal]. Please follow as on Twitter [https://twitter.com/owaspsuffolk @owaspsuffolk] and subscribe to our [https://www.youtube.com/channel/UCGU_bGraZZZc37pQytdaH6w youtube channel].
 +
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Suffolk|emailarchives=http://lists.owasp.org/pipermail/owasp-Suffolk}}
 +
 +
==Meeting Sponsors==
 +
The following is the list of organisations who have generously provided us with space for OWASP Suffolk chapter events
 +
<table cellpadding="15" cellspacing="0">
 +
<tr>
 +
<td>
 +
 +
[[Image:UOS-IWIC-logo-RGB.jpg|link=https://www.uos.ac.uk/content/ipswich-waterfront-innovation-centre-0|alt=IWIC|200px]]
 +
</td>
 +
<td>
 +
[[Image:OCCAMSEC logo.jpg|link=https://occamsec.com/|alt=OccamsSc|400px]]
 +
</td>
 +
</tr>
 +
</table>
 +
 +
==Next Meeting/Event(s)==
 +
 +
=== [ December 2019 (Ipswich)] ===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
====TALKS:====
 +
* TBA
 +
 +
 +
==Past Meeting/Event(s)==
 +
=== [https://www.meetup.com/OWASP-Suffolk-Chapter/events/265681990/ 4 November 2019 (Ipswich)] ===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* '''Practical Threat Analysis – Martin Russ'''  [ [https://www.slideshare.net/owaspsuffolk/practical-threat-analysis-martin-russ Slides] ][ [https://www.youtube.com/watch?v=-lI4ZJom3u0 Video] ]
 +
:Martin Russ shows you how to actually do Threat Analysis using a simple spreadsheet as a guide. The key to successful threat analysis and modelling is to have a clear idea of how to get to the end-point, and not to get overwhelmed with how you are going to get there! Having a simple guide makes this much easier, but there aren’t many examples out there - this turns to be one of those rare topics where Google searches don’t return much that is particularly useful. So we will be using a very straight-forward approach that isn’t scary or hard to understand, and which doesn’t require a brain the size of a planet. or the services of an expensive consultant!
 +
====Speakers====
 +
*  Martin Russ passed the CISSP exam in just over four hours (you are allowed to take six!), but has just lapsed and returned to the status of mere mortal. He worked in the Security Engineering department of a major US utility metering company for nearly ten years, and knows too much about hacking devices that measure, or web front-ends that interface to the real world, or cloud back-ends that assume that replication is a substitute for backups… He has always wanted a t-shirt that says: ‘There’s no way that could ever happen…’ because he has heard it too many times in security workshops...
 +
 +
=== [https://www.meetup.com/OWASP-Suffolk-Chapter/events/264628337 30 September 2019 (Ipswich)] ===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* '''What could possibly go wrong? Threat modelling in the 21st century. – Phil Ashby''' [ [https://www.slideshare.net/owaspsuffolk/what-could-possibly-go-wrong-threat-modelling-in-the-21st-century-phil-ashby Slides] ][ [https://www.youtube.com/watch?v=0HgYZEJXAJo Video] ]
 +
:Introduction to threat modeling what it is, why is needed and how to do it right. Why and how threat modeling should evolve to be ready for 21st century threats. We will discuss potential threats in each stage of SDLC, and how to approach them.
 +
====Speakers====
 +
* Phil Ashby has over 30+ years experience in tech. He is currently working for an identity intelligence company, trying to evolve it from a single location, sub-300 people business to a global 1000+ people corporate.
 +
 +
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/262389116/ Monday 15th July 2019 (Ipswich)]===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* '''Your only as strong as your weakest link – Edward Ogden''' [ [https://www.slideshare.net/owaspsuffolk/your-only-as-strong-as-your-weakest-link-edward-ogden/owaspsuffolk/your-only-as-strong-as-your-weakest-link-edward-ogden Slides] ] [ [https://www.youtube.com/watch?v=2sHn_PEFF0o&t=867s Video] ]
 +
:Servers are the root of all web apps and sites, it’s the central point that your clients/customers will connect to and where you put your code.
 +
:Many small and under resource companies that do there own hosting don’t normally put the time and investment in there hosting technology and this is where it starts to go wrong.
 +
:This talk will discuss what some of the dangers are and what could happen if an attacker gets into your infrastructure, we will also talk about how some simple changes to the infrastructure can reduce the risk of being attacked.
 +
* '''Discussion about future of OWASP Suffolk'''
 +
:We will have open discussion about what we are doing, and what YOU expecting us to do.
 +
====Speakers====
 +
* Edward Ogden has been in the IT industry for only 6 years and has learnt most of his skill on the job. He started his career as a web developer progressing on to operations side of the industry. Currently he is working for SETL Ltd as a DevOps engineer automating code deploys for client around the world. As a young child he was always interested in servers starting off by hosting gaming servers from his bedroom at the age of 14.
 +
 +
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/261011276/ Tuesday, 21 May 2019 (Ipswich)]===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* '''Windows Active Directory Security Lowlights - Barry Myles'''
 +
:Once an attacker is inside your organisation they very often will misuse Windows Active Directory for almost total compromise of every aspect of an organisation's computing infrastructure and the data it holds. This talk will describe how an attacker might do this, when they have done so  in the past, the kinds of tools they would use, what common mistakes enable this, and how organisations could go about defending themselves both through changes in behaviour and changes to their setup.
 +
====Speakers====
 +
* Barry Myles leads an internal penetration testing team at BT, although tries to stay away from very traditional views of pen testing as much as possible. After becoming somewhat bored and jaded with project management work in 2006 he decided the life on an attacker was a very much more fun, but perhaps less constructive way of life. He enjoys large scale scanning, reverse engineering, cryptography, hardware hacking and network protocols a bit too much.
 +
 +
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/260078150/ Tuesday, 23rd April 2019 (Ipswich)]===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* '''Data Protection Act 2018 - Rebecca Moran''' [ [[Media:Owaspsuffolk-20190423.pdf|<nowiki/>]][https://www.slideshare.net/owaspsuffolk/data-protection-within-development PDF] ] [ [https://www.youtube.com/watch?v=8l39NhDwJe4 Video] ]
 +
:An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.
 +
 +
====Speakers====
 +
* Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.
 +
 +
===[https://www.meetup.com/OWASP-Suffolk-Chapter/events/259469036/ Tuesday, 19th March 2019 (Ipswich)]===
 +
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ
 +
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* ''' Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ [[Media:Owaspsuffollk-20190319.pdf|<nowiki/>]][https://www.slideshare.net/owaspsuffolk/understanding-how-to-prevent-sensitive-data-exposure PDF] ] [ [https://www.youtube.com/watch?v=Z1nNq3wt7Bg Video] ]'''
 +
: Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.
 +
 +
====Speakers====
 +
* Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.
 +
 +
===Monday, 25th February 2019 (Ipswich)===
 +
Location:  Connexions, 159 Princess Street, Ipswich
 +
 +
====TALKS:====
 +
* '''OWASP Suffolk Introduction, Welcome and News - WTC'''
 +
:Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
 +
* '''Yet another talk on OWASP Top 10 - WTC [PDF]'''
 +
: Brief overview of OWASP Top 10.
 +
 +
 +
====TICKETS:====
 +
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.
 +
Register to attend this event at OWASP Suffolk Chapter - [https://www.meetup.com/OWASP-Suffolk-Chapter/ Meetup] - RSVP to attend
  
{{Chapter Template|chaptername=Suffolk|extra=The chapter leader is [mailto:[email protected] James Verniquest].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Suffolk|emailarchives=http://lists.owasp.org/pipermail/owasp-Suffolk}}
 
  
 
== Local News ==
 
== Local News ==
 +
We reopened the chapter, and currently we are looking for venue and speakers.
 +
 +
If you have would like to present a talk on Application Security at any incoming OWASP Suffolk Chapter events, please send us the proposed talk title, abstract and your bio via e-mail:
 +
 +
 +
  
'''Meeting Location'''
 
  
 
Everyone is welcome to join us at our chapter meetings.
 
Everyone is welcome to join us at our chapter meetings.

Latest revision as of 20:01, 6 November 2019

OWASP Suffolk

Welcome to the Suffolk chapter homepage. The chapter leaders are Wojciech Cichon and Abhinav Sejpal. Please follow as on Twitter @owaspsuffolk and subscribe to our youtube channel.


Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter. Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG


Meeting Sponsors

The following is the list of organisations who have generously provided us with space for OWASP Suffolk chapter events

IWIC

OccamsSc

Next Meeting/Event(s)

[ December 2019 (Ipswich)]

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • TBA


Past Meeting/Event(s)

4 November 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • Practical Threat Analysis – Martin Russ [ Slides ][ Video ]
Martin Russ shows you how to actually do Threat Analysis using a simple spreadsheet as a guide. The key to successful threat analysis and modelling is to have a clear idea of how to get to the end-point, and not to get overwhelmed with how you are going to get there! Having a simple guide makes this much easier, but there aren’t many examples out there - this turns to be one of those rare topics where Google searches don’t return much that is particularly useful. So we will be using a very straight-forward approach that isn’t scary or hard to understand, and which doesn’t require a brain the size of a planet. or the services of an expensive consultant!

Speakers

  • Martin Russ passed the CISSP exam in just over four hours (you are allowed to take six!), but has just lapsed and returned to the status of mere mortal. He worked in the Security Engineering department of a major US utility metering company for nearly ten years, and knows too much about hacking devices that measure, or web front-ends that interface to the real world, or cloud back-ends that assume that replication is a substitute for backups… He has always wanted a t-shirt that says: ‘There’s no way that could ever happen…’ because he has heard it too many times in security workshops...

30 September 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • What could possibly go wrong? Threat modelling in the 21st century. – Phil Ashby [ Slides ][ Video ]
Introduction to threat modeling what it is, why is needed and how to do it right. Why and how threat modeling should evolve to be ready for 21st century threats. We will discuss potential threats in each stage of SDLC, and how to approach them.

Speakers

  • Phil Ashby has over 30+ years experience in tech. He is currently working for an identity intelligence company, trying to evolve it from a single location, sub-300 people business to a global 1000+ people corporate.

Monday 15th July 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • Your only as strong as your weakest link – Edward Ogden [ Slides ] [ Video ]
Servers are the root of all web apps and sites, it’s the central point that your clients/customers will connect to and where you put your code.
Many small and under resource companies that do there own hosting don’t normally put the time and investment in there hosting technology and this is where it starts to go wrong.
This talk will discuss what some of the dangers are and what could happen if an attacker gets into your infrastructure, we will also talk about how some simple changes to the infrastructure can reduce the risk of being attacked.
  • Discussion about future of OWASP Suffolk
We will have open discussion about what we are doing, and what YOU expecting us to do.

Speakers

  • Edward Ogden has been in the IT industry for only 6 years and has learnt most of his skill on the job. He started his career as a web developer progressing on to operations side of the industry. Currently he is working for SETL Ltd as a DevOps engineer automating code deploys for client around the world. As a young child he was always interested in servers starting off by hosting gaming servers from his bedroom at the age of 14.

Tuesday, 21 May 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • Windows Active Directory Security Lowlights - Barry Myles
Once an attacker is inside your organisation they very often will misuse Windows Active Directory for almost total compromise of every aspect of an organisation's computing infrastructure and the data it holds. This talk will describe how an attacker might do this, when they have done so in the past, the kinds of tools they would use, what common mistakes enable this, and how organisations could go about defending themselves both through changes in behaviour and changes to their setup.

Speakers

  • Barry Myles leads an internal penetration testing team at BT, although tries to stay away from very traditional views of pen testing as much as possible. After becoming somewhat bored and jaded with project management work in 2006 he decided the life on an attacker was a very much more fun, but perhaps less constructive way of life. He enjoys large scale scanning, reverse engineering, cryptography, hardware hacking and network protocols a bit too much.

Tuesday, 23rd April 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • Data Protection Act 2018 - Rebecca Moran [ PDF ] [ Video ]
An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

Speakers

  • Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

Tuesday, 19th March 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ PDF ] [ Video ]
Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

Speakers

  • Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

Monday, 25th February 2019 (Ipswich)

Location:  Connexions, 159 Princess Street, Ipswich

TALKS:

  • OWASP Suffolk Introduction, Welcome and News - WTC
Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.
  • Yet another talk on OWASP Top 10 - WTC [PDF]
Brief overview of OWASP Top 10.


TICKETS:

This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list. Register to attend this event at OWASP Suffolk Chapter - Meetup - RSVP to attend


Local News

We reopened the chapter, and currently we are looking for venue and speakers.

If you have would like to present a talk on Application Security at any incoming OWASP Suffolk Chapter events, please send us the proposed talk title, abstract and your bio via e-mail:

[email protected] 
[email protected]


Everyone is welcome to join us at our chapter meetings.