2015-07-02-Bristol

The first ever Bristol chapter meeting will be held on the 2nd July, 2015. Kindly hosted and sponsored by KPMG, which means refreshments, beer and pizza !!!. KPMG office is locate at:

100 Temple Street Bristol BS1 6AG

A map to the KPMG office is located here http://www.kpmg.com/UK/en/about/MapOfOfficesAndLinks/PublishingImages/bristol-office-locator.pdf

6:00pm for a 6:30pm start. Expected finish time approx 9:00pm... you will need to RSVP via eventbrite for this https://www.eventbrite.com/e/owasp-bristol-chapter-meeting-july-tickets-17529336718. When you apply for a ticket pleas ensure you provide a full name per ticket as this will be needed to enter KPMG office

Evenings talks and speakers

Konrads Smelkovs @truekonrads @kpmguk Cyber Team

Bio Konrads is an experienced, fast thinking and performing IT consultant with 12 years IT experience. Konrads joined KPMG in 2007, where has been delivering information security (audit, assurance, testing) and IT advisory related engagements. Initially based in the Baltics, he is now in the London office where he is a member of our Information Protection and Business Resilience (IPBR) team where he is currently focusing on penetration testing and incident response. JA - He's also a top notch bloke :)

Talk Microsoft Windows Communication Foundation is a popular suite of protocols for remote method invocation using .NET frameworks. Most security research has focused on using the NetHTTP protocol – binary soap over HTTP, but have sidestepped the use of tcp.net protocol used commonly in modern rich client applications, that is until today! This talk will explain how to find net.tcp protocol use on the network, explain how to identify what methods are available for invocation and sketch a practical way of pentesting rich applications written using net.tcp protocol.

Daniel Cuthbert @dcuthbert @sensepost

Bio Well, I doubt I have to introduce Daniel to anyone in our industry especially anyone who knows their AppSec. Over a decade of experience of application security and currently COO of @sensepost When he's not being COO he also has a keen eye and a great talent for photography... He truly is "gifted".. and that's not all folks... because this man, no this great man, is a major force and influence and supporter and above all contributor to OWASP itself. HE is the lead on the amazing project that is the OWASP ASVS. This document is for me the AppSec Bible which probably makes Daniel the OWASP Appsec Messiah..... Amen..... Amen.....

Talk Herding Cats: How the OWASP ASVS will make your life sexier and more fulfilling. JA if you have not seen or know what the ASVS is then you are missing out on something that can be used in multiple ways for Application Security....

Paco Hope @pacohope @Cigital

Bio Paco Hope is a security consultant at Cigital who has helped software firms secure their software for nearly 15 years in a variety of industries like financial services, retail, and embedded systems. He is the author of two books on security, the most recent being the Web Security Testing Cookbook. He helps (ISC)² develop the Certified Secure Software Lifecycle Professional (CSSLP) and CISSP certifications. His passion is empowering everyone in the software lifecycle—developers, testers, analysts—to make meaningful contributions to the securing of software. JA Paco is one of those speakers that has the capability to talk about a highly technical subject in a way that everyone gets. At a Con if his name is on the speakers list I always head that way, whatever the subject. Hes the only person I've heard talk about random number generators and kept the entire audience interest all the way through.. that takes some doing !!

Talk Intro to the OWASP Mobile Top Ten

OWASP’s Mobile Top Ten (MTT) Risks project has been around for a few years and has changed shape several times during those years. In 2015 we’re remaking it with reference data from several security consultancies. Paco Hope is helping to shape the 2015 version of the MTT and will share where it has been, where it is, and where it’s going. More info is available at: https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks