Suffolk

Meeting Sponsors
The following is the list of organisations who have generously provided us with space for OWASP Suffolk chapter events

[ December 2019 (Ipswich)]
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * TBA

4 November 2019 (Ipswich)
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 * Practical Threat Analysis – Martin Russ [ Slides ][ Video ]
 * Martin Russ shows you how to actually do Threat Analysis using a simple spreadsheet as a guide. The key to successful threat analysis and modelling is to have a clear idea of how to get to the end-point, and not to get overwhelmed with how you are going to get there! Having a simple guide makes this much easier, but there aren’t many examples out there - this turns to be one of those rare topics where Google searches don’t return much that is particularly useful. So we will be using a very straight-forward approach that isn’t scary or hard to understand, and which doesn’t require a brain the size of a planet. or the services of an expensive consultant!

Speakers

 * Martin Russ passed the CISSP exam in just over four hours (you are allowed to take six!), but has just lapsed and returned to the status of mere mortal. He worked in the Security Engineering department of a major US utility metering company for nearly ten years, and knows too much about hacking devices that measure, or web front-ends that interface to the real world, or cloud back-ends that assume that replication is a substitute for backups… He has always wanted a t-shirt that says: ‘There’s no way that could ever happen…’ because he has heard it too many times in security workshops...

30 September 2019 (Ipswich)
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 * What could possibly go wrong? Threat modelling in the 21st century. – Phil Ashby [ Slides ][ Video ]
 * Introduction to threat modeling what it is, why is needed and how to do it right. Why and how threat modeling should evolve to be ready for 21st century threats. We will discuss potential threats in each stage of SDLC, and how to approach them.

Speakers

 * Phil Ashby has over 30+ years experience in tech. He is currently working for an identity intelligence company, trying to evolve it from a single location, sub-300 people business to a global 1000+ people corporate.

Monday 15th July 2019 (Ipswich)
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 * Your only as strong as your weakest link – Edward Ogden [ Slides ] [ Video ]
 * Servers are the root of all web apps and sites, it’s the central point that your clients/customers will connect to and where you put your code.
 * Many small and under resource companies that do there own hosting don’t normally put the time and investment in there hosting technology and this is where it starts to go wrong.
 * This talk will discuss what some of the dangers are and what could happen if an attacker gets into your infrastructure, we will also talk about how some simple changes to the infrastructure can reduce the risk of being attacked.


 * Discussion about future of OWASP Suffolk
 * We will have open discussion about what we are doing, and what YOU expecting us to do.

Speakers

 * Edward Ogden has been in the IT industry for only 6 years and has learnt most of his skill on the job. He started his career as a web developer progressing on to operations side of the industry. Currently he is working for SETL Ltd as a DevOps engineer automating code deploys for client around the world. As a young child he was always interested in servers starting off by hosting gaming servers from his bedroom at the age of 14.

Tuesday, 21 May 2019 (Ipswich)
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 * Windows Active Directory Security Lowlights - Barry Myles
 * Once an attacker is inside your organisation they very often will misuse Windows Active Directory for almost total compromise of every aspect of an organisation's computing infrastructure and the data it holds. This talk will describe how an attacker might do this, when they have done so in the past, the kinds of tools they would use, what common mistakes enable this, and how organisations could go about defending themselves both through changes in behaviour and changes to their setup.

Speakers

 * Barry Myles leads an internal penetration testing team at BT, although tries to stay away from very traditional views of pen testing as much as possible. After becoming somewhat bored and jaded with project management work in 2006 he decided the life on an attacker was a very much more fun, but perhaps less constructive way of life. He enjoys large scale scanning, reverse engineering, cryptography, hardware hacking and network protocols a bit too much.

Tuesday, 23rd April 2019 (Ipswich)
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 * Data Protection Act 2018 - Rebecca Moran [ [[Media:Owaspsuffolk-20190423.pdf| ]]PDF ] [ Video ]
 * An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

Speakers

 * Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

Tuesday, 19th March 2019 (Ipswich)
Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 *  Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ [[Media:Owaspsuffollk-20190319.pdf| ]]PDF ] [ Video ]
 * Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

Speakers

 * Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

Monday, 25th February 2019 (Ipswich)
Location:  Connexions, 159 Princess Street, Ipswich

TALKS:

 * OWASP Suffolk Introduction, Welcome and News - WTC
 * Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.


 * Yet another talk on OWASP Top 10 - WTC [PDF]
 * Brief overview of OWASP Top 10.

TICKETS:
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list. Register to attend this event at OWASP Suffolk Chapter - Meetup - RSVP to attend

Local News
We reopened the chapter, and currently we are looking for venue and speakers.

If you have would like to present a talk on Application Security at any incoming OWASP Suffolk Chapter events, please send us the proposed talk title, abstract and your bio via e-mail: wojciech.cichon@owasp.org

abhinav.sejpal@owasp.org

Everyone is welcome to join us at our chapter meetings.