Past Events
← Older revision
Revision as of 11:29, 30 November 2016
(One intermediate revision by the same user not shown)
Line 41:
Line 41:
==Next Meeting/Event(s)==
==Next Meeting/Event(s)==
+
- 26 January 2017 (TBC) - details to be confirmed later
+
+
== Speaking at OWASP London Chapter Events ==
+
====Call For Speakers====
+
Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP London Chapter events - please review the [[Speaker_Agreement | speaker agreement]] and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail:
+
owasplondon (at) owasp.org
+
+
== Past Events ==
===Thursday, 24th November 2016 (Central London)===
===Thursday, 24th November 2016 (Central London)===
Line 46:
Line 54:
The next OWASP London Chapter meeting will take place on Thursday, 24th November 2016 at 18:30 (we start on time!)
The next OWASP London Chapter meeting will take place on Thursday, 24th November 2016 at 18:30 (we start on time!)
−
This event is kindly sponsored and hosted
by Empiric
.
+
The videos of talks from this event are available to watch on OWASP London YouTube channel: [https://www.youtube.com/OWASPLondon https://www.youtube.com/OWASPLondon]
+
+
This event is kindly sponsored and hosted
by Empiric
.
−
'''Location''': Empiric offices,
1
Old Jewry, London EC2R 8DN
+
'''Location''': Empiric offices,
1
Old Jewry, London EC2R 8DN
−
'''Nearest Tube''': Bank (2 minute walk)
+
'''Nearest Tube''': Bank (2 minute walk)
'''Time:''' Doors Open at 6pm, the talks start at 6:30pm (We start '''on time''')
'''Time:''' Doors Open at 6pm, the talks start at 6:30pm (We start '''on time''')
Line 61:
Line 71:
*'''PCI - The View from the Bridge - Jeremy King''' ([[Media:OWASPLondon20161124_PCI_View_From_The_Bridge.pptx|PPTX]])
*'''PCI - The View from the Bridge - Jeremy King''' ([[Media:OWASPLondon20161124_PCI_View_From_The_Bridge.pptx|PPTX]])
−
:The International Director of
the PCI Security
Standards Council will take us on a journey around some wonderful sights of Europe using the images to reflect on and relate to the challenges and successes that we all face in protecting data. In his talk Jeremy will talk about the potential impact of Brexit on security and will discuss the latest changes in PCI DSS related to TLS, Multi-Factor Authentication and Secure Software Development Requirements.
+
:The International Director of
the PCI Security
Standards Council will take us on a journey around some wonderful sights of Europe using the images to reflect on and relate to the challenges and successes that we all face in protecting data. In his talk Jeremy will talk about the potential impact of Brexit on security and will discuss the latest changes in PCI DSS related to TLS, Multi-Factor Authentication and Secure Software Development Requirements.
*'''Lightning Talk 1 - OWASP ZAP Official Jenkins Plugin walkthrough & Demo - Goran Sarenkapa''' ([[Media:OWASPLondon20161124_ZAP_Jenkins_Plugin_Intro.pdf|PDF]])
*'''Lightning Talk 1 - OWASP ZAP Official Jenkins Plugin walkthrough & Demo - Goran Sarenkapa''' ([[Media:OWASPLondon20161124_ZAP_Jenkins_Plugin_Intro.pdf|PDF]])
Line 70:
Line 80:
:Shane will talk about myBBC Security Council and how it demonstrates an organisational approach towards security that ensures the right decisions are made by the right people, and that developers can raise concerns knowing that they will be seen and escalated. It also frames InfoSec as an enabling force rather than a loophole
:Shane will talk about myBBC Security Council and how it demonstrates an organisational approach towards security that ensures the right decisions are made by the right people, and that developers can raise concerns knowing that they will be seen and escalated. It also frames InfoSec as an enabling force rather than a loophole
−
*'''JSON Hijacking -
Gareth Heyes
''' ([[Media:OWASPLondon20161124_JSON_Hijacking_Gareth_Heyes.pdf|PDF]])
+
*'''JSON Hijacking -
Gareth Heyes
''' ([[Media:OWASPLondon20161124_JSON_Hijacking_Gareth_Heyes.pdf|PDF]])
:JSON hijacking is supposedly dead after the Array constructor and "Object.prototype" setter bugs have been patched or is it? This talk will show how it's still possible to steal JSON data cross domain using various browser bugs. Gareth will take us on an epic journey of bug discovery and if we have time he may even bypass CSP for fun.
:JSON hijacking is supposedly dead after the Array constructor and "Object.prototype" setter bugs have been patched or is it? This talk will show how it's still possible to steal JSON data cross domain using various browser bugs. Gareth will take us on an epic journey of bug discovery and if we have time he may even bypass CSP for fun.
Line 79:
Line 89:
'''Jeremy King'''
'''Jeremy King'''
−
:Jeremy
is the
International Director of
the PCI Security
Standards Council.
He leads
the PCI Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.
+
:Jeremy
is the
International Director of
the PCI Security
Standards Council.
He leads
the PCI Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.
'''Gareth Heyes'''
'''Gareth Heyes'''
−
:Gareth works as a researcher at Portswigger and loves breaking sandboxes and anything to do with JavaScript. He has developed various free online tools such as Hackvertor and Shazzer. He also created MentalJS a free JavaScript sandbox that provides a safe DOM environment for sandboxed code.
Gareth has
been a speaker at many security conferences including the Microsoft BlueHat, Confidence Poland, and OWASP Application Security Conferences.
Gareth
also co-authored
the
"Web Application Obfuscation" book,
which
was
named a
2011 Best Hacking and Pen Testing Book by InfoSec Reviews
+
:Gareth works as a researcher at Portswigger and loves breaking sandboxes and anything to do with JavaScript. He has developed various free online tools such as Hackvertor and Shazzer. He also created MentalJS a free JavaScript sandbox that provides a safe DOM environment for sandboxed code.
Gareth has
been a speaker at many security conferences including the Microsoft BlueHat, Confidence Poland, and OWASP Application Security Conferences.
Gareth
also co-authored
the
"Web Application Obfuscation" book,
which
was
named a
2011 Best Hacking and Pen Testing Book by InfoSec Reviews
'''Shane Kelly'''
'''Shane Kelly'''
Line 151:
Line 161:
https://www.eventbrite.co.uk/e/owasp-london-hackathon-and-ctf-tickets-29190020136
https://www.eventbrite.co.uk/e/owasp-london-hackathon-and-ctf-tickets-29190020136
−
−
== Speaking at OWASP London Chapter Events ==
−
====Call For Speakers====
−
Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP London Chapter events - please review the [[Speaker_Agreement | speaker agreement]] and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail:
−
owasplondon (at) owasp.org
−
−
== Past Events ==