Difference between revisions of "Leeds UK"

From OWASP
Jump to: navigation, search
m
(39 intermediate revisions by 5 users not shown)
Line 13: Line 13:
 
<paypal>Leeds_UK</paypal>
 
<paypal>Leeds_UK</paypal>
  
 +
== Sponsors ==
  
== 2011 Planned Meetings ==
+
Many thanks to our first silver sponsor, [http://www.activityim.com/ Activity Information Management Ltd.]
  
June 22nd Manchester
+
[[File:Activity_logo.png|200px|thumb|left]]
  
September 21st Leeds
 
  
December 14th Manchester
 
  
== Next Meeting ==
 
'''Date:''' Wednesday 23rd March in Leeds:::  Please RSVP via the eventbrite link http://www.eventbrite.com/event/1429362261
 
  
'''Location:''' Brewery Taps, 18 New Station Street, Leeds, LS1 5DL - Map here http://www.brewerytapleeds.co.uk/contact.html
 
  
'''Schedule: 18:00 for 18:20 start'''
 
  
'''18:20-18:30'''
 
  
OWASP Chapter introduction. OWASP values and membership. Chapter information.
 
  
OWASP Leeds board member
 
  
'''18:30-19:10'''
 
  
Obfuscation Methods
 
  
''Thomas Mackenzie''
+
= Planned Meetings =
  
The talk is basically an overview of some research that I have recently been conducting  in terms of obfuscation methods. It is my belief that pentesting should be used to simulate real world attacks so that not only application and infrastructure vulnerabilities are being found, but log management and sys admin level problems are found too. The talk isn’t technical – it is more about introducing methods on how this can work – I do talk about a few examples but I do not go into huge technical detail about it. I then go on to talk about a methodology that could work in terms of obfuscation methods – this is something that I think could be incorporated into the OWASP testing guide and I talk about that too.
+
Nov 2012
  
'''19:15 - 20:00'''
+
Jan 2013
  
DOM Sandboxing
+
April 2013
  
''Gareth Heyes"
+
July 2013
  
Can regular expressions create a secure sandboxing environment? Is it possible to protect JavaScript with just regular expressions? I will hopefully answer these questions and take you on my journey through regex hell and back into the light of regex heaven. I will then show you how to apply the techniques in a real world environment and share the challenges of allowing JavaScript to be executed on your site without creating XSS.
+
October 2013
  
'''20:05-20:50'''
+
== Next Meeting ==
 +
'''Date:''' Monday 26th November, Leeds
  
The Image that called me  - Active Content Injection with SVG Files
+
'''Location''' The Brewery Tap, Leeds
  
''Mario Heiderich"
+
'''Schedule: 18:15 for 18:30 start'''
  
Scalable Vector Graphics are about to conquer the web. Unlike most of their raster based companions from the GIF, PNG and JPEG family, their vector based structure allows to display them on many different devices with various screen sizes without losing visual information. The open XML based SVG sources permit addition of meta data, helping even the visually impaired and blind to get the most out of these images. Additional modules, such as animations, events, SVG fonts, several scripting APIs and inclusion of hyper-links, other images and documents and even arbitrary content from cross-domain sources make SVG the perfect image format for the future WWW.
+
'''18:30-18:45'''
  
Nevertheless, a powerful standard such as SVG certainly poses a lot of risks. This presentation provides a close look at SVG from a security perspective. How can attackers abuse this mighty image format, which ways exist to execute script code and worse, and what should web developers and browser vendors consider when dealing with SVG. How will HTML5 change the way to work with SVGs and why does it matter for security professionals to know about things like SVG Tiny, in-line SVG, SVGz and other acronyms from a world where imaging and scripting collide? Besides many examples of malicious SVGs the talk will shed light on a novel filtering tool capable of filtering and sanitizing SVG images without loss of important content.
+
OWASP Chapter introduction. OWASP values and membership. Chapter information.
 +
Presented by one of the OWASP Leeds board member's
 +
 
 +
'''18:45-19:45'''
 +
 
 +
''Dafydd Stuttard''
 +
 
 +
Dafydd Stuttard is the creator of popular Burp Suite web application testing tool, and author of The Web Application Hacker's
 +
Handbook. The talk will include, amongst other things, new functionality that is being built into Burp. Intrigued? Come along to the meeting.
 +
 
 +
Registration Link: http://owaspleeds.eventbrite.com/
  
 
== Past Events ==
 
== Past Events ==
 +
 +
'''2012 Dates'''
 +
 +
[[Leeds_UK/Feb_2012]]
 +
 +
[[Leeds_UK/June_2012]]
 +
 +
'''2011 Dates'''
 +
 +
[[Leeds_UK/October_2011_Leeds]]
 +
 +
[[June_2011]]
  
 
'''2010 Dates'''
 
'''2010 Dates'''

Revision as of 16:10, 19 November 2012

Contents

OWASP Leeds UK

Welcome to the Leeds UK chapter homepage. This is a new chapter and we are looking for enthusiatic new members to make this one of the best OWASP chapters. We are hoping to accumalate a good proportion of subject matter experts who will in turn be able to provide guidance and presentations for the benefit of all chapter members. So please join the mailing list and contribute.

Details of your chapter Board members can be found here Leeds_UK_chapter_leaders

The chapter email address is owaspleeds@gmail.com
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Leeds_UK.

Sponsors

Many thanks to our first silver sponsor, Activity Information Management Ltd.

Activity logo.png






Planned Meetings

Nov 2012

Jan 2013

April 2013

July 2013

October 2013

Next Meeting

Date: Monday 26th November, Leeds

Location The Brewery Tap, Leeds

Schedule: 18:15 for 18:30 start

18:30-18:45

OWASP Chapter introduction. OWASP values and membership. Chapter information. Presented by one of the OWASP Leeds board member's

18:45-19:45

Dafydd Stuttard

Dafydd Stuttard is the creator of popular Burp Suite web application testing tool, and author of The Web Application Hacker's Handbook. The talk will include, amongst other things, new functionality that is being built into Burp. Intrigued? Come along to the meeting.

Registration Link: http://owaspleeds.eventbrite.com/

Past Events

2012 Dates

Leeds_UK/Feb_2012

Leeds_UK/June_2012

2011 Dates

Leeds_UK/October_2011_Leeds

June_2011

2010 Dates

8th_December_Leeds

15th_September_Leeds

16th_june_Leeds

17th March - Leeds

2009 Dates

14th October 2009 - Leeds