Difference between revisions of "Manchester"

Jump to: navigation, search
Line 7: Line 7:
==== Next Meeting  ====
==== Next Meeting  ====
'''Date:''' Wednesday 24th August in Manchester
'''Date:''' Wednesday November 16th in Manchester
'''Location:''' KPMG Offices Manchester
'''Location:''' TBA
'''Registration:''' This event is now '''FULLY BOOKED''', but you can add yourself to the waiting list here: '''[http://www.eventbrite.com/event/2035414981?ref=elink Eventbrite]''' in case anyone cancels.
'''Registration:''' TBA
'''Schedule: 18:00 for 18:20 start'''
'''Schedule:''' TBA
Please get in touch if you would like to speak at this event.
OWASP Chapter introduction. OWASP values and membership. Chapter information.
OWASP Manchester board member
'''Talk: SSL: Paved with Good Intentions'''
At first glance, SSL seems very complicated to add to your site.
Once you become a little more knowledgeable you know that it's a simple matter of getting a certificate from a trusted CA and installing it.
Unfortunately you were right the first time, and it is actually very complicated to do correctly.
This talk aims to explain how the various parts of SSL fit together to provide users with decent security, showing the problems components like OCSP and certificates
As well as explaining the evolution of SSL over time, it will cover enhancements that are just reaching deployment such as Server Name Indication and OCSP stapling.
Finally, it will also highlight various ways that everyone from SSL implementers, system
administrators, browser developers to users can manage to undo all
this hard work and make it insecure anyway.
'''Speaker: Richard Moore, CTO [http://www.westpoint.ltd.uk/ Westpoint Ltd ]'''
Richard is CTO of Westpoint Ltd, a security testing company based in
Manchester. He has been working in the security industry for many
years providing services to a wide range of clients including
multi-nationals and banks.
Richard has extensive experience in SSL
from both the point of view of a software developer as one of the
maintainers of the SSL support in Nokia's Qt library and KDE, and also
from a security testing perspective.
'''Talk: Forensic Readiness – Give your investigators a fighting chance'''
Investigators are often faced with poorly configured systems which thwart the investigative process.
This leads commonly leads to incident response reports with fragmented timelines of attack and
leaves risk managers having to make difficult decisions based on incomplete information.
Companies that consider Forensic Readiness put their investigators in a much stronger position and
can expect considerably more accurate outcomes from a forensic investigation.
This talk looks at the same web application attack, carried out on systems with differing audit
controls. The first system has ‘out of the box’ logging and the second has had logging improved
through a Forensic Readiness process carried out before the attack.
We approach the machines as an Incident Response Specialist would and compare the evidence
stores and the ability of the investigators to make accurate conclusions based on the evidence
available. We will look at the contrasting final reports which are produced with the differing levels
of forensic evidence, highlighting the decisions that have to be made based on the varying level of
detail provided in the reports.
Someone for whom forensic investigation of web application exploits is a new topic will gain an
understanding of some of the forensic techniques possible. Whilst attendees who already have some
forensic investigation knowledge will understand how forensic readiness can have a massive effect
on the outcome of investigations.
'''Speaker: Ryan Jones, [https://www.trustwave.com/spiderLabs.php SpiderLabs] Incident Response Team leader'''
Ryan Jones currently leads the SpiderLabs Incident Response Team in EMEA. The team commonly
manages data compromises related to cardholder data but are also regularly involved in other
projects such as ATM compromises and data breaches caused by internal staff. The Incident
Response team also carry out proactive engagements to ensure that customers have an effective
incident response plan; drawing upon extensive knowledge of how it goes wrong in real data
security breaches to improve companies’ approach to Incident Response.
During Ryan’s incident response career Ryan has worked for both UK National Law enforcement
and private companies. He has been involved with both criminal and corporate investigations with
scope ranging from a single mobile telephone to multinational networks. For the past 4 years,
Ryan has been a corporate first responder involved with a wide variety of businesses from small
companies to multinationals during times when they have been struggling to react to a rapidly
changing data compromise situation. Ryan firmly believes that a consultative approach coupled with
the appropriate technical knowledge is key to successful incident response engagements.
Ryan graduated from the University of Kent with a First Class BSc in Computer Science. He is also a
PCI QSA. In his spare time he can be found skydiving at various dropzones around the country.
1 more talk TBA: Please get in touch if you would like to speak at this event.
Everyone is welcome to join us at our chapter meetings.
Everyone is welcome to join us at our chapter meetings.
==== Upcoming Events  ====
==== Upcoming Events  ====
August 24th 2011
November 16th 2011
November 16th 2011
Line 115: Line 32:
'''2011 Dates'''
'''2011 Dates'''
[[2011_08_24_Manchester|24th August]]
[https://www.owasp.org/index.php/Leeds_UK 22nd June]
[https://www.owasp.org/index.php/Leeds_UK 22nd June]
Line 148: Line 67:
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-Manchester Manchester mailing list] to publicise related events.
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-Manchester Manchester mailing list] to publicise related events.
__NOTOC__ <headertabs/>
__NOTOC__ <headertabs />
[[Category:OWASP Chapter]]
[[Category:OWASP Chapter]]
[[Category:United Kingdom]]
[[Category:United Kingdom]]

Revision as of 06:29, 12 September 2011

OWASP Manchester

Welcome to the Manchester chapter homepage. This is a new chapter, having grown out of the successful Leeds_UK chapter.
Click here to join the local chapter mailing list.


OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.


Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

Next Meeting

Date: Wednesday November 16th in Manchester

Location: TBA

Registration: TBA

Schedule: TBA

Please get in touch if you would like to speak at this event.

Everyone is welcome to join us at our chapter meetings.

Upcoming Events

November 16th 2011

Please get in touch if you would like to speak at a Manchester event - we would be delighted to hear from you.

Everyone is welcome to join us at our chapter meetings.

Past Events

Although we have yet to have our first meeting as OWASP Manchester, there have already been 2 events held in Manchester as part of the Leeds_UK chapter:

2011 Dates

24th August

22nd June

2010 Dates

8th December

Chapter Leaders

The chapter leaders are:

We are actively seeking more chapter leaders - please get in touch if you would like to become one!

Local Organisations

Other related organisations in the Manchester area:

Please get in touch with one of the chapter leaders to get your organisation listed here.

And feel free to use the Manchester mailing list to publicise related events.