Cork

'''Becoming a chapter sponsor means that you get your organisation mentioned in meeting promotion (including on this page), recognition at the beginning of the meeting and promotional material at the meeting. We currently have the following sponsorship options available: €250 for an individual meeting sponsorship €1500 for annual chapter sponsorship Contact any of the board members below for more information. '''

OWASP Cork Board
Should you have a question about the local chapter, would like to get more involved contact any of the following people below

Chapter Leads:


 * [mailto:fiona.collins(at)owasp.org Fiona Collins]
 * [mailto:darren.fitzpatrick@owasp.org Darren Fitzpatrick]

Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/

November Chapter Meeting - PCI DSS Pen Testing / IAM (Identity & Access Mgmt)
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5" To Find Us: click here To Register: click here
 * align="center" height="30" style="background:#CCCCEE;" colspan="2"      | November Chapter Meeting - PCI DSS Pen Testing / IAM (Identity & Access Mgmt)
 * style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | When
 * style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | Where
 * valign="middle" bgcolor="#EEEEEE" align="center" |  Thursday 12th Nov 2015  Doors: 19:00 Talks start: 19:10
 * valign="middle" bgcolor="#EEEEEE" align="left" | Venue Location: Cashmans (upstairs), 26 Academy Street, Cork
 * style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | When
 * style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | Where
 * valign="middle" bgcolor="#EEEEEE" align="center" |  Thursday 12th Nov 2015  Doors: 19:00 Talks start: 19:10
 * valign="middle" bgcolor="#EEEEEE" align="left" | Venue Location: Cashmans (upstairs), 26 Academy Street, Cork
 * valign="middle" bgcolor="#EEEEEE" align="center" |  Thursday 12th Nov 2015  Doors: 19:00 Talks start: 19:10
 * valign="middle" bgcolor="#EEEEEE" align="left" | Venue Location: Cashmans (upstairs), 26 Academy Street, Cork
 * valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | SLIDES FOR THIS MONTH
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |
 * valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | SLIDES FOR THIS MONTH
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |

TBD - After event
 * valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | DESCRIPTION
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |

On Thursday November 12th we have two great speakers lined up for our next chapter meeting. Both posses great experience in their respective areas, so can get across the information and answer your questions that might not be so easy to find in the books. Stephen O'Boyle will talk about PCI DSS (Payment Card Industry - Data Security Standard), the set of compliance guidelines that you must adhere to if you store, transmit or process credit card information. This will be followed up with Barry Mulcahy's valuable information on management of identity and access to data across systems.

Also, thanks to the kind sponsorship from Espion on the night there will be some food and drinks provided too. No doubt, this should be a great night :)

Talk #1 - PCI DSS v3.1 Scanning and Penetration Testing
Stephen will discuss the key changes in PCI DSS Version 3.1, examine penetration testing methodology from the auditor’s point of view, and how you can maintain compliance.

Key Takeaways will include

∙ PCI DSS Pentest / Scanning overview

∙ Migrating from V2 to V3.1

∙ Changes to penetration testing requirement 11.3

∙ Scanning vs pen testing

∙ What the auditor expects from pen testing

∙ Example methodology

Speaker Bio: Stephen O'Boyle
Stephen heads up Espion’s Professional Services team and has been a PCI Qualified Security Assessor since 2008. He is an experienced information security, risk and compliance consultant with has over ten years’ experience in information security in both domestic and international markets. Stephen has extensive experience in performing PCI audits / consultancy, information security & risk management assessments, network / architecture security reviews, application security reviews, penetration testing and assisting organisations in aligning their information security posture to their business objectives. Stephen has worked across a wide range of industry verticals, including government, financial, education and technology.

Talk #2 - Identity and Access Management (IAM)
This talk will focus on Identity and Access Management (IAM), what it is and how it fits into the security landscape. It will outline the lifecycle of an identity (Hello new hire Alice!). How we move from having an identity to having access. Some of the common pitfalls encountered during IAM integration projects. Analytics techniques for IAM that smooth the integration path, validate controls and provide valuable Business Intelligence (BI) that are useful for process improvement and security auditing. The talk will conclude by looking at some of the recent trends in IAM and some pointers for the future.

Speaker Bio: Barry P. Mulcahy
Barry received a B.Sc. in computer science from UCC in 2001 and a Ph.D. in distributed security systems from UCC in 2008. His academic experience involves R&D in distributed security systems with an emphasis on data aggregation, analytics and workflows. While working in Waterford IT as a security researcher he was involved in several large European FP7 projects including CoMiFin, EternalS and Aniketos. His commercial roles include Identity and Access Management (IAM) Project Manager at Onaware-Mycroft. This boutique IAM integration house catered primarily for financial institutions. Barry is currently part of the Qualcomm Web Authentication team, helping design and implement security controls for authentication and authorization in Qualcomm’s global IT infrastructure.

https://ie.linkedin.com/in/barrymulcahy

Afterwards ...
We might have a few sneaky pints afterwards, and you are all welcome to join us.

We are having the talks in Cashman's Bar on Academy Street so we will stay on there.


 * }
 * }

Chapter Meetings - 2014
Details and registration for all chapter meetingsis available on our Meet-Up page: http://www.meetup.com/OWASP-Cork/

OWASP September Event
{|style="vertical-align:top;width:90%;background-color:#white;padding:10px;border:1px solid silver;" align="center" cellspacing="5" Venue Address: Western Gateway Building, UCC, Western Rd, Cork, Ireland''' Venue Map: Google Maps (Registration. Register here)
 * align="center" height="30" style="background:#CCCCEE;" colspan="2"      | Chapter Meeting - September 22 2014
 * style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | When
 * style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | Where
 * valign="middle" bgcolor="#EEEEEE" align="center" |  Monday 22nd September  Doors: 19:00 Talks start: 19:15
 * valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)
 * style="width:20%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | When
 * style="width:80%" valign="middle" bgcolor="#CCCCEE" align="center" colspan="0" | Where
 * valign="middle" bgcolor="#EEEEEE" align="center" |  Monday 22nd September  Doors: 19:00 Talks start: 19:15
 * valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)
 * valign="middle" bgcolor="#EEEEEE" align="center" |  Monday 22nd September  Doors: 19:00 Talks start: 19:15
 * valign="middle" bgcolor="#EEEEEE" align="left" | '''Venue Location: UCC (WGB G.14)
 * valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | DESCRIPTION
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |
 * valign="center" bgcolor="#CCCCEE" align="center" colspan="2"            | DESCRIPTION
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |
 * valign="left" height="80" bgcolor="#EEEEEE" align="left" colspan="2" |

The next OWASP Cork Chapter meeting is taking place on Monday September 22nd in UCC (WGB G.14) at 7PM.

We would like to treat all attendees to some beer and pizza after the talks in the Woolshed bar (Mardyke - http://www.woolshedbaa.com/cork/)

Hope to see you there.

There are two talks lined up:

Talk 1: Introduction to OWASP ZAP

Overview of the OWASP ZAP tool.

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.

It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.

ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually.

Talk 2: Mark Denihan - OWASP Security Shepherd

The OWASP Security Shepherd project has been designed and implemented with the aim of fostering and improving security awareness among a varied skill set demographic. Shepherd covers the OWASP Top Ten web app risks and has recently been injected with totally new content to cover the OWASP Top Ten Mobile risks as well. Many of these levels include insufficient mitigations and protections to these risks, such as blacklist filters, atrocious encoding schemes, barbaric security mechanisms and poor security configuration. The modules have been crafted to provide not only a challenge for a security novice, but security professionals as well. In this presentation we're going to look at the Shepherd platform itself from both a learning and teaching perspective. Some of Shepherd's lessons and challenges will be demonstrated and we'll also walkthrough how easy it is to stand up a Security Shepherd instance and how it can be tailored to suit any web/mobile app sec teaching environments.

Chapter meetings are provided free of charge although OWASP membership is encouraged and besides supporting the organisation, will provide the holder with benefits in other areas such as free/discounted entry to conferences, etc.

OWASP September Event
Everyone is welcome to join us at our chapter meetings.

Other OWASP Chapters in Ireland
OWASP Dublin

https://www.owasp.org/index.php/Ireland-Dublin


 * Chapter Lead [mailto:Owen.Pendlebury(at)owasp.org Owen Pendlebury] +353876605277
 * Board Member/Global Board Member Eoin Keary
 * Board Member [mailto:fcerullo(at)owasp.org Fabio Cerullo] +353877817468
 * Board Member [mailto:Mark.Denihan(at)owasp.org Mark Denihan]

OWASP Limerick

https://www.owasp.org/index.php/Limerick


 * Chapter Lead [mailto:marian.ventuneac(at)owasp.org Marian Ventuneac]