Difference between revisions of "Leeds UK"

From OWASP
Jump to: navigation, search
(Next Meeting)
 
(47 intermediate revisions by 6 users not shown)
Line 13: Line 13:
 
<paypal>Leeds_UK</paypal>
 
<paypal>Leeds_UK</paypal>
  
 +
== Sponsors ==
  
== 2011 Planned Meetings ==
+
Many thanks to our first silver sponsor, [http://www.activityim.com/ Activity Information Management Ltd.]
  
March
+
[[File:Activity_logo.png|200px|thumb|left]]
  
June
 
  
September
 
  
December
 
  
== Next Meeting ==
 
'''Date:''' Wednesday 8th December in Manchester::: Kindly sponsored by KPMG. For more details on our sponsors please click here http://www.kpmg.com/CN/en/WhatWeDo/Advisory/Risk-Compliance/IT-Advisory/Pages/default.aspx
 
  
Please note, you MUST RSVP with the correct name as this will ensure you can get access to the building. Please go to http://www.eventbrite.com/event/1088645167 to RSVP
 
  
'''Location:''' KPMG Manchester - Romm 6.4, St James Square, Manchester, Greater Manchester, M2 6DS
 
  
'''Schedule: 18:00 for 18:15 start'''
 
  
'''18:20 - 18:30'''
 
  
OWASP Chapter introduction. OWASP values and membership. Chapter information.
 
  
''Jason Alexander - OWASP Leeds/Northern Chapter Board Member''
 
  
'''18:30 - 19:15'''
+
= Planned Meetings =
  
upSploit - Vulnerability Advisory Solution
+
Nov 2012
  
''Thomas Mackenzie''
+
Jan 2013
  
Over the past year a lot of vulnerabilities have been released out into the wild and a lot of discussion has been had on what ethical disclosure is. upSploit is an online web application / tool that can be used by researchers to release vulnerabilities as ethically as possible.
+
April 2013
  
The talk consists of a number of parts including: Information on vulnerability disclosure before upSploit was around, the creation / idea of upSploit and how it has helped and is helping the community at the moment.
+
July 2013
  
''Speaker Bio''
+
October 2013
  
Tom studies a BSc (Hons) in Ethical Hacking for Computer Security at Northumbria University in Newcastle and worked part time for Wetherby based company RandomStorm conducting Web Penetration testing, External Penetration testing and building wireless analysis solutions. Tom found a vulnerability in WordPress back in February 2010 which helped him kickstart his career in infosec whilst still studying. Previously the Co-host of popular UK student podcast Disaster Protocol Tom now spend all the time away from that on the upSploit project making sure his team get stuff done!
+
== Next Meeting ==
 +
'''UKSG and OWASP meetings are free to attend and are open to all those interested in web application and information security.
  
'''19:15 - 20:00'''
+
This is our first combined meeting of the NUKSG and OWASP Leeds groups. We hope that this will encourage new friendships and new interest between the two groups. You can subscribe to both groups to be notified of future events via their websites.
 +
'''
 +
Buffet food and a drink on arrival are kindly provided by our sponsors DVV Solutions and Activity IM (http://www.activityim.com). Please bring your ticket! Further drinks are available for purchase at the venue.
  
Avoiding the CWE/SANS Top 25 Most Dangerous Programming Errors
+
Please book your place quickly as we expect a big turnout!
  
''Jason Steer - Solution Architect at Veracode''
+
'''6.00pm - Networking Drinks'''
  
The CWE/SANS list of the Top 25 Most Dangerous Programming Errors is becoming the standard for developing secure applications in large enterprises. Even the State of New York and the Depository Trust & Clearing Corporation (DTCC) plan to implement procurement contracts that include language mandating application security. Whether you manage internal development activities, work with third party developers or are developing commercial-of-the-shelf (COTS)  applications for enterprises, your mandate is clear- safeguard your code and avoid the CWE/SANS Top 25 Most Dangerous Programming Errors.  
+
We will be arriving from 6pm with an opportunity to chat over a beer before we formally start at 6.20pm in the conservatory room.
  
During this presentation, Jason will discuss:
+
'''6.20pm - Introduction'''
  
Prevalence of attacks using vulnerabilities listed in the CWE/SANS Top 25
+
About OWASP and NUKSG, who we are and what we do. How you can get involved and how you can support NUKSG and the work of OWASP. We'll also have a brief update on the NUKSG team entry to White Hat Rally's 2013 pirates and smugglers themed rally - Pieces of V8 - places are available on the team and corporate sponsors needed.
  
CWE categories illustrated with code snippets in .NET, Java, and other languages
+
'''6.30pm - Food!'''
  
Impact of attacks on your application and your customers
+
'''6.45pm - Arron "Finux" Finnon - What is OSNIF?'''
  
Methods to identify, track and remediate these vulnerabilities
+
"Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for a while, and i get either "that's awesome" or "they've been done to death". The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation.
  
Session attendees will leave armed with the necessary steps to ensure that they’re building secure applications.
+
For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF?"
  
'''20:00 - 20:45'''
+
Arron "Finux" Finnon is a Research Consultant at Activity Information Management Limited.
  
OWASP Zed Attack Proxy
+
'''7.45pm - Break'''
  
''Simon Bennetts - Project Lead and technical team lead at Sage UK''
+
'''8.00pm - Campbell Murray - API's, creating and abusing'''
 +
 
 +
This talk looks at the rise of the API and its increasing prevalence in web services.  As APIs' are more commonly understood their use is growing, but as with all technology, the more people doing it, the more opportunities for getting it wrong.  We will take a rapid look into creating, abusing and fixing the Application Programming Interface.
 +
 
 +
'''8.55pm - Closing remarks'''
 +
 
 +
'''9.00pm - Retire to bar'''
  
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
 
It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing.
 
  
In this presentation Simon will explain why it was released, who it is aimed at and where it is headed.
 
  
 
== Past Events ==
 
== Past Events ==
 +
 +
'''2012 Dates'''
 +
 +
[[Leeds_UK/Feb_2012]]
 +
 +
[[Leeds_UK/June_2012]]
 +
 +
'''2011 Dates'''
 +
 +
[[Leeds_UK/October_2011_Leeds]]
 +
 +
[[June_2011]]
  
 
'''2010 Dates'''
 
'''2010 Dates'''
 +
 +
[[8th_December_Leeds]]
  
 
[[15th_September_Leeds]]
 
[[15th_September_Leeds]]
Line 100: Line 110:
  
 
[[Category:United Kingdom]]
 
[[Category:United Kingdom]]
 +
[[Category:Europe]]

Latest revision as of 06:24, 15 March 2013

Contents

OWASP Leeds UK

Welcome to the Leeds UK chapter homepage. This is a new chapter and we are looking for enthusiatic new members to make this one of the best OWASP chapters. We are hoping to accumalate a good proportion of subject matter experts who will in turn be able to provide guidance and presentations for the benefit of all chapter members. So please join the mailing list and contribute.

Details of your chapter Board members can be found here Leeds_UK_chapter_leaders

The chapter email address is owaspleeds@gmail.com
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

funds to OWASP earmarked for Leeds_UK.

Sponsors

Many thanks to our first silver sponsor, Activity Information Management Ltd.

Activity logo.png






Planned Meetings

Nov 2012

Jan 2013

April 2013

July 2013

October 2013

Next Meeting

UKSG and OWASP meetings are free to attend and are open to all those interested in web application and information security.

This is our first combined meeting of the NUKSG and OWASP Leeds groups. We hope that this will encourage new friendships and new interest between the two groups. You can subscribe to both groups to be notified of future events via their websites. Buffet food and a drink on arrival are kindly provided by our sponsors DVV Solutions and Activity IM (http://www.activityim.com). Please bring your ticket! Further drinks are available for purchase at the venue.

Please book your place quickly as we expect a big turnout!

6.00pm - Networking Drinks

We will be arriving from 6pm with an opportunity to chat over a beer before we formally start at 6.20pm in the conservatory room.

6.20pm - Introduction

About OWASP and NUKSG, who we are and what we do. How you can get involved and how you can support NUKSG and the work of OWASP. We'll also have a brief update on the NUKSG team entry to White Hat Rally's 2013 pirates and smugglers themed rally - Pieces of V8 - places are available on the team and corporate sponsors needed.

6.30pm - Food!

6.45pm - Arron "Finux" Finnon - What is OSNIF?

"Yeah great, I know its not a silver bullet! NIPS/NIDS have issues, and that's putting it lightly. I've talked about their limitations for a while, and i get either "that's awesome" or "they've been done to death". The truth is, we achieved nothing in fixing the problem. We can moan about how rubbish they are, we can pretend it's not our problem, or we can start to address the situation.

For too long we've moaned, we've made comments and done little to make them better. Vendors are making money off products we all know could be doing a better job. Here's a crazy idea, let's talk about the issues, why they suck, and this time actually do something! What is to be lost by trying something new? Let's accept they fail and instead, turn that frown upside down. This talk isn't an answer, it's a beginning. Looking at some of the common and uncommon issues faced in trying to make NIDS/NIPS better, and why we fail at finding solutions. I don't have all the answers, however I intend to answer one simple question; What is OSNIF?"

Arron "Finux" Finnon is a Research Consultant at Activity Information Management Limited.

7.45pm - Break

8.00pm - Campbell Murray - API's, creating and abusing

This talk looks at the rise of the API and its increasing prevalence in web services. As APIs' are more commonly understood their use is growing, but as with all technology, the more people doing it, the more opportunities for getting it wrong. We will take a rapid look into creating, abusing and fixing the Application Programming Interface.

8.55pm - Closing remarks

9.00pm - Retire to bar


Past Events

2012 Dates

Leeds_UK/Feb_2012

Leeds_UK/June_2012

2011 Dates

Leeds_UK/October_2011_Leeds

June_2011

2010 Dates

8th_December_Leeds

15th_September_Leeds

16th_june_Leeds

17th March - Leeds

2009 Dates

14th October 2009 - Leeds