Difference between revisions of "Leeds UK"

From OWASP
Jump to: navigation, search
(Next Meeting)
 
(41 intermediate revisions by 6 users not shown)
Line 13: Line 13:
 
<paypal>Leeds_UK</paypal>
 
<paypal>Leeds_UK</paypal>
  
 +
== Sponsors ==
  
== 2011 Planned Meetings ==
+
Many thanks to our first silver sponsor, [http://www.activityim.com/ Activity Information Management Ltd.]
  
June 22nd Manchester
+
[[File:Activity_logo.png|200px|thumb|left]]
  
September 21st Leeds
 
  
December 14th Manchester
+
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
 
 +
= Planned Meetings =
 +
 
 +
Nov 2012
 +
 
 +
Jan 2013
 +
 
 +
April 2013
 +
 
 +
July 2013
 +
 
 +
October 2013
  
 
== Next Meeting ==
 
== Next Meeting ==
'''Date:''' Wednesday 23rd March in Leeds:::  Please RSVP via the eventbrite link http://www.eventbrite.com/event/1429362261
+
'''UKSG and OWASP meetings are free to attend and are open to all those interested in web application and information security.
  
'''Location:''' Brewery Taps, 18 New Station Street, Leeds, LS1 5DL - Map here http://www.brewerytapleeds.co.uk/contact.html
+
This is our first combined meeting of the NUKSG and OWASP Leeds groups. We hope that this will encourage new friendships and new interest between the two groups. You can subscribe to both groups to be notified of future events via their websites.
 +
'''
 +
Buffet food and a drink on arrival are kindly provided by our sponsors DVV Solutions and Activity IM (http://www.activityim.com). Please bring your ticket! Further drinks are available for purchase at the venue.
  
'''Schedule: 18:00 for 18:20 start'''
+
Please book your place quickly as we expect a big turnout!
  
'''18:20-18:30'''
+
'''6.00pm - Networking Drinks'''
  
OWASP Chapter introduction. OWASP values and membership. Chapter information.
+
We will be arriving from 6pm with an opportunity to chat over a beer before we formally start at 6.20pm in the conservatory room.
  
OWASP Leeds board member
+
'''6.20pm - Introduction'''
  
'''18:30-19:10'''
+
About OWASP and NUKSG, who we are and what we do. How you can get involved and how you can support NUKSG and the work of OWASP. We'll also have a brief update on the NUKSG team entry to White Hat Rally's 2013 pirates and smugglers themed rally - Pieces of V8 - places are available on the team and corporate sponsors needed.
  
Obfuscation Methods
+
'''6.30pm - Food!'''
  
''Thomas Mackenzie''
+
'''6.45pm - Arron "Finux" Finnon - What is OSNIF?'''
  
The talk is basically an overview of some research that I have recently been conducting  in terms of obfuscation methods. It is my belief that pentesting should be used to simulate real world attacks so that not only application and infrastructure vulnerabilities are being found, but log management and sys admin level problems are found too. The talk isn’t technical – it is more about introducing methods on how this can work – I do talk about a few examples but I do not go into huge technical detail about it. I then go on to talk about a methodology that could work in terms of obfuscation methods – this is something that I think could be incorporated into the OWASP testing guide and I talk about that too.
+
"Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for a while, and i get either "that's awesome" or "they've been done to death". The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation.
  
'''19:15 - 20:00'''
+
For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF?"
  
DOM Sandboxing
+
Arron "Finux" Finnon is a Research Consultant at Activity Information Management Limited.
  
''Gareth Heyes"
+
'''7.45pm - Break'''
  
Can regular expressions create a secure sandboxing environment? Is it possible to protect JavaScript with just regular expressions? I will hopefully answer these questions and take you on my journey through regex hell and back into the light of regex heaven. I will then show you how to apply the techniques in a real world environment and share the challenges of allowing JavaScript to be executed on your site without creating XSS.
+
'''8.00pm - Campbell Murray - API's, creating and abusing'''
  
'''20:05-20:50'''
+
This talk looks at the rise of the API and its increasing prevalence in web services.  As APIs' are more commonly understood their use is growing, but as with all technology, the more people doing it, the more opportunities for getting it wrong.  We will take a rapid look into creating, abusing and fixing the Application Programming Interface.
  
The Image that called me  - Active Content Injection with SVG Files
+
'''8.55pm - Closing remarks'''
  
''Mario Heiderich"
+
'''9.00pm - Retire to bar'''
  
Scalable Vector Graphics are about to conquer the web. Unlike most of their raster based companions from the GIF, PNG and JPEG family, their vector based structure allows to display them on many different devices with various screen sizes without losing visual information. The open XML based SVG sources permit addition of meta data, helping even the visually impaired and blind to get the most out of these images. Additional modules, such as animations, events, SVG fonts, several scripting APIs and inclusion of hyper-links, other images and documents and even arbitrary content from cross-domain sources make SVG the perfect image format for the future WWW.
 
  
Nevertheless, a powerful standard such as SVG certainly poses a lot of risks. This presentation provides a close look at SVG from a security perspective. How can attackers abuse this mighty image format, which ways exist to execute script code and worse, and what should web developers and browser vendors consider when dealing with SVG. How will HTML5 change the way to work with SVGs and why does it matter for security professionals to know about things like SVG Tiny, in-line SVG, SVGz and other acronyms from a world where imaging and scripting collide? Besides many examples of malicious SVGs the talk will shed light on a novel filtering tool capable of filtering and sanitizing SVG images without loss of important content.
 
  
 
== Past Events ==
 
== Past Events ==
 +
 +
'''2012 Dates'''
 +
 +
[[Leeds_UK/Feb_2012]]
 +
 +
[[Leeds_UK/June_2012]]
 +
 +
'''2011 Dates'''
 +
 +
[[Leeds_UK/October_2011_Leeds]]
 +
 +
[[June_2011]]
  
 
'''2010 Dates'''
 
'''2010 Dates'''
Line 79: Line 110:
  
 
[[Category:United Kingdom]]
 
[[Category:United Kingdom]]
 +
[[Category:Europe]]

Latest revision as of 05:24, 15 March 2013

OWASP Leeds UK

Welcome to the Leeds UK chapter homepage. This is a new chapter and we are looking for enthusiatic new members to make this one of the best OWASP chapters. We are hoping to accumalate a good proportion of subject matter experts who will in turn be able to provide guidance and presentations for the benefit of all chapter members. So please join the mailing list and contribute.

Details of your chapter Board members can be found here Leeds_UK_chapter_leaders

The chapter email address is owaspleeds@gmail.com
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Leeds_UK.

Sponsors

Many thanks to our first silver sponsor, Activity Information Management Ltd.

Activity logo.png






Planned Meetings

Nov 2012

Jan 2013

April 2013

July 2013

October 2013

Next Meeting

UKSG and OWASP meetings are free to attend and are open to all those interested in web application and information security.

This is our first combined meeting of the NUKSG and OWASP Leeds groups. We hope that this will encourage new friendships and new interest between the two groups. You can subscribe to both groups to be notified of future events via their websites. Buffet food and a drink on arrival are kindly provided by our sponsors DVV Solutions and Activity IM (http://www.activityim.com). Please bring your ticket! Further drinks are available for purchase at the venue.

Please book your place quickly as we expect a big turnout!

6.00pm - Networking Drinks

We will be arriving from 6pm with an opportunity to chat over a beer before we formally start at 6.20pm in the conservatory room.

6.20pm - Introduction

About OWASP and NUKSG, who we are and what we do. How you can get involved and how you can support NUKSG and the work of OWASP. We'll also have a brief update on the NUKSG team entry to White Hat Rally's 2013 pirates and smugglers themed rally - Pieces of V8 - places are available on the team and corporate sponsors needed.

6.30pm - Food!

6.45pm - Arron "Finux" Finnon - What is OSNIF?

"Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for a while, and i get either "that's awesome" or "they've been done to death". The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation.

For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF?"

Arron "Finux" Finnon is a Research Consultant at Activity Information Management Limited.

7.45pm - Break

8.00pm - Campbell Murray - API's, creating and abusing

This talk looks at the rise of the API and its increasing prevalence in web services. As APIs' are more commonly understood their use is growing, but as with all technology, the more people doing it, the more opportunities for getting it wrong. We will take a rapid look into creating, abusing and fixing the Application Programming Interface.

8.55pm - Closing remarks

9.00pm - Retire to bar


Past Events

2012 Dates

Leeds_UK/Feb_2012

Leeds_UK/June_2012

2011 Dates

Leeds_UK/October_2011_Leeds

June_2011

2010 Dates

8th_December_Leeds

15th_September_Leeds

16th_june_Leeds

17th March - Leeds

2009 Dates

14th October 2009 - Leeds