Pilot Cambridge WebAppSec Mini Conference 2012

The Department of Computing & Technology, Anglia Ruskin University, with support from volunteer contributors to the OWASP (Open Web Application Security Project), is hosting a free mini conference on Web Application Security in Cambridge on Tuesday 28th February 2012 from 4pm – 8pm,  entitled

=Building in Security for Application Development=

The Department of Computing & Technology at Anglia Ruskin University in partnership with OWASP are attempting to establish a joint professional networking group and local chapter in the Cambridge/East Anglia region concentrating on aspects of computing and application security as a key part of both organisations drive to promote the importance of including security within application development. Anyone wishing to help establish a group or become involved, please let us know.

In addition, the establishment of a local Information Security Student Society affiliated to OWASP is another activity we are keen to promote.

Guest Speakers
Dennis Groves: Dennis is the co-founder of OWASP. He is a well known thought leader in application security who's work focuses on multidisciplinary approaches to information security risk management. He holds an MSc in Information Security from the University of Royal Holloway. He is currently an expert for the UK mirror of ISO subcommittee 27, WG4.

Fabio Cerullo: Fabio has over 10 years of experience in the information security field gained across a diverse range of industries. As CEO & Founder of Cycubix, he helps customers around the globe by assessing the security of applications developed in-house or by third parties, defining policies and standards, implementing risk management initiatives, as well as providing training on the subject to developers, auditors, executives and security professionals. As a member of the OWASP Fundation, Fabio is part of the Global Education Committee whose mission is to provide training and educational services to businesses, governments and educational institutions on application security, and has been appointed OWASP Ireland Chapter Leader since early 2010. He holds a Msc in Computer Engineering from UCA and has been granted the CISSP & CSSLP certificates by (ISC)2.

Colin Watson: Colin is the Technical Director for Watson Hall Ltd, an application security consultancy providing services such as application defence, web application risk management, secure software development lifecycle, online and web project security &amp; privacy policies, He writes a less-technical blog aimed at website designers, developers and owners called Web Security, Usability and Design and tweet occasionally as Clerkendweller. Colin also serves as a Global Industry Committee Member for the OWASP Foundation.

Background
Tackling today's security challenges now far exceeds the "we've got a firewall connected to the Internet so we're covered" fallacy. Increasingly the most critical areas of vulnerability and weakness have become the web application server and client. Protecting corporate and personal data has never been more crucial with the increasing trend towards mandatory public disclosure of 'lost' data and the ever increasing loss of reputation, regulatory penalties and litigation from victims.

Developing secure code is the most effective method of securing an organisations web applications which results in a more stable and robust application and assists in protecting an organisations brand. However the ability to develop this code takes additional skill and know-how which traditionally has not commonly formed part of many computer science curricula and most organizations have not focused on instituting a culture that includes application security as a core part of their software development training

The Department of Computing &amp; Technology at Anglia Ruskin University is enhancing its curricula and capabilities in information security following its successful BSc(Hons) Information Security and Forensic Computing pathway. Establishing a joint professional networking group with OWASP concentrating on aspects of computing and application security is a key part of this enhancement. A key aim the department is working towards is developing a MSc Information Security specialising in Application Security and as part of this activity looking to develop a local Information Security Student Society.

Agenda


4.30pm - 5.00pm Welcome and introductions, Adrian Winckles, Senior Lecturer, Information Security &amp; Forensic Computing. 5.00pm - 5.30pm Dinis Cruz, Introduction to OWASP and Application Security 02 Project Framework 5.30pm - 6.30pm Fabio Cerullo, Open Software Assurance Maturity Model and Enterprise Security API (presentation PPT) 6.30pm - 7.00pm Colin Watson, AppSensor Project - Intrusion Detection (presentation PDF | PPTX, article in CrossTalk Journal pp14-18 PDF) 7.00pm - 8.00pm Informal drinks and networking  

Registration
Please register online for this free event : http://www.surveymonkey.com/s/QL3NYH3

Location
The conference will be held in the Lord Ashcroft Building, Room 002 (Breakout Room 006 for networking &amp; refreshments).

Please enter through the Helmore Building and ask at reception.

Anglia Ruskin University Cambridge Campus East Road Cambridge Cambs CB1 1PT

For further infotmation on travelling to the Cambridge campus, please visit http://www.anglia.ac.uk/ruskin/en/home/your_university/anglia_ruskin_campuses/cambridge_campus/find_cambridge.html