Difference between revisions of "Manchester"

From OWASP
Jump to: navigation, search
(32 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{Chapter Template|chaptername=Manchester|extra=
 
{{Chapter Template|chaptername=Manchester|extra=
  
This is a new chapter, having grown out of the successful [[Leeds_UK]] chapter.
+
This [[UK]] chapter was started last year (2011), having grown out of the successful [[Leeds_UK]] chapter.
  
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Manchester|emailarchives=http://lists.owasp.org/pipermail/owasp-Manchester}}
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Manchester|emailarchives=http://lists.owasp.org/pipermail/owasp-Manchester}}
  
==== Next Meeting  ====
+
= Next Meeting  =
  
'''Date:''' Wednesday 24th August in Manchester, link to RSVP will be made available closer to the date
+
'''Date:''' September 11th
  
'''Location:''' KPMG Offices Manchester
+
'''Location:''' PwC
  
'''Registration:''' [http://www.eventbrite.com/event/2035414981?ref=elink Eventbrite] Note that you must register in order to attend!
+
'''Registration:''' Via [http://www.eventbrite.com/event/4091812722 Eventbrite]
  
'''Schedule: 18:00 for 18:20 start'''
+
Schedule: Doors open at 18:00, talks start at 18:30 prompt - please make sure you are there on time.
  
'''18:20-18:30'''
+
And please let us know if you book tickets but then cant make it. In the past we have had people who couldnt book on and then had empty seats on the night.
  
OWASP Chapter introduction. OWASP values and membership. Chapter information.
 
  
OWASP Manchester board member
+
'''Talk: CVE-2012-2122 - MySQL authentication bypass and code analysis'''
  
'''Talk: SSL: Paved with Good Intentions'''
+
'''Speaker: Campbell Murray - A UK pen tester & community contributor. Tech Director of Encription Limited, Director and member of the Technical Panel for Tigerscheme'''
  
At first glance, SSL seems very complicated to add to your site.  
+
Campbell will give a proper tekky talk on CVE-2012-2122, more readily known as the MySQL authentication bypass and code analysis.
  
Once you become a little more knowledgeable you know that it's a simple matter of getting a certificate from a trusted CA and installing it.
 
  
Unfortunately you were right the first time, and it is actually very complicated to do correctly.  
+
'''Talk: The OWASP Zed Attack Proxy''' - note this is a change to the previously announced talk.
  
This talk aims to explain how the various parts of SSL fit together to provide users with decent security, showing the problems components like OCSP and certificates
+
'''Speaker: Simon Bennetts - Mozilla Security Team and OWASP ZAP Project Leader'''
solve.
+
  
As well as explaining the evolution of SSL over time, it will cover enhancements that are just reaching deployment such as Server Name Indication and OCSP stapling.  
+
Simon will explain what ZAP is, how you can use it, recently added features and features planned..  
  
Finally, it will also highlight various ways that everyone from SSL implementers, system
 
administrators, browser developers to users can manage to undo all
 
this hard work and make it insecure anyway.
 
  
'''Speaker: Richard Moore, CTO [http://www.westpoint.ltd.uk/ Westpoint Ltd ]'''
+
'''Open mic: bring a topic!'''
  
Richard is CTO of Westpoint Ltd, a security testing company based in
+
Depending how things go theres an optional session where anyone can stand up and talk (or start a discussion) for up to (say) 5 mins about any security topic they like.
Manchester. He has been working in the security industry for many
+
years providing services to a wide range of clients including
+
multi-nationals and banks.  
+
  
Richard has extensive experience in SSL
+
You can either put your name forward via the mailing list before hand or just speak up at the meeting.  
from both the point of view of a software developer as one of the
+
maintainers of the SSL support in Nokia's Qt library and KDE, and also
+
from a security testing perspective.
+
  
 +
Its the first time we'll have tried it, so no idea how it will work out, but it sounded like a good idea :)
  
'''Talk: Forensic Readiness – Give your investigators a fighting chance'''
 
  
Investigators are often faced with poorly configured systems which thwart the investigative process.
 
This leads commonly leads to incident response reports with fragmented timelines of attack and
 
leaves risk managers having to make difficult decisions based on incomplete information.
 
  
Companies that consider Forensic Readiness put their investigators in a much stronger position and
+
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.
can expect considerably more accurate outcomes from a forensic investigation.
+
  
This talk looks at the same web application attack, carried out on systems with differing audit
 
controls. The first system has ‘out of the box’ logging and the second has had logging improved
 
through a Forensic Readiness process carried out before the attack.
 
  
We approach the machines as an Incident Response Specialist would and compare the evidence
+
Everyone is welcome to join us at our chapter meetings.
stores and the ability of the investigators to make accurate conclusions based on the evidence
+
available. We will look at the contrasting final reports which are produced with the differing levels
+
of forensic evidence, highlighting the decisions that have to be made based on the varying level of
+
detail provided in the reports.
+
  
Someone for whom forensic investigation of web application exploits is a new topic will gain an
+
= Upcoming Events  =
understanding of some of the forensic techniques possible. Whilst attendees who already have some
+
forensic investigation knowledge will understand how forensic readiness can have a massive effect
+
on the outcome of investigations.
+
  
'''Speaker: Ryan Jones, [https://www.trustwave.com/spiderLabs.php SpiderLabs] Incident Response Team leader'''
+
November 2012
  
Ryan Jones currently leads the SpiderLabs Incident Response Team in EMEA. The team commonly
+
Please get in touch if you would like to speak at a Manchester event - we would be delighted to hear from you.
manages data compromises related to cardholder data but are also regularly involved in other
+
projects such as ATM compromises and data breaches caused by internal staff. The Incident
+
Response team also carry out proactive engagements to ensure that customers have an effective
+
incident response plan; drawing upon extensive knowledge of how it goes wrong in real data
+
security breaches to improve companies’ approach to Incident Response.
+
 
+
During Ryan’s incident response career Ryan has worked for both UK National Law enforcement
+
and private companies. He has been involved with both criminal and corporate investigations with
+
scope ranging from a single mobile telephone to multinational networks. For the past 4 years,
+
Ryan has been a corporate first responder involved with a wide variety of businesses from small
+
companies to multinationals during times when they have been struggling to react to a rapidly
+
changing data compromise situation. Ryan firmly believes that a consultative approach coupled with
+
the appropriate technical knowledge is key to successful incident response engagements.
+
 
+
Ryan graduated from the University of Kent with a First Class BSc in Computer Science. He is also a
+
PCI QSA. In his spare time he can be found skydiving at various dropzones around the country.
+
 
+
 
+
1 more talk TBA: Please get in touch if you would like to speak at this event.
+
  
 
Everyone is welcome to join us at our chapter meetings.
 
Everyone is welcome to join us at our chapter meetings.
  
==== Upcoming Events  ====
+
= Past Events  =
  
August 24th 2011
+
'''2012 Dates'''
  
November 16th 2011
+
[[2012_05_30_Manchester|30th May]]
  
Please get in touch if you would like to speak at a Manchester event - we would be delighted to hear from you.
+
[[2012_02_01_Manchester|1st February]]
  
Everyone is welcome to join us at our chapter meetings.
+
'''2011 Dates'''
  
==== Past Events  ====
+
[[2011_11_16_Manchester|16th November]]
  
Although we have yet to have our first meeting as OWASP Manchester, there have already been 2 events held in Manchester as part of the [[Leeds_UK]] chapter:
+
[[2011_08_24_Manchester|24th August]] As part of the Leeds Chapter
 
+
'''2011 Dates'''
+
  
[https://www.owasp.org/index.php/Leeds_UK 22nd June]
+
[https://www.owasp.org/index.php/Leeds_UK 22nd June] As part of the Leeds Chapter
  
 
'''2010 Dates'''
 
'''2010 Dates'''
  
[[8th_December_Leeds|8th December]]
+
[[8th_December_Leeds|8th December]] As part of the Leeds Chapter
  
==== Chapter Leaders  ====
+
= Chapter Leaders  =
  
 
The chapter leaders are:
 
The chapter leaders are:
Line 129: Line 82:
 
* [[User:Simon Ward|Simon Ward]]
 
* [[User:Simon Ward|Simon Ward]]
 
* [[User:Andy_Hornsby-Jones|Andy Hornsby-Jones]]
 
* [[User:Andy_Hornsby-Jones|Andy Hornsby-Jones]]
 +
* Ben Fountain
  
 
We are actively seeking more chapter leaders - please get in touch if you would like to become one!
 
We are actively seeking more chapter leaders - please get in touch if you would like to become one!
  
  
==== Local Organisations  ====
+
= Local Organisations  =
  
 
Other related organisations in the Manchester area:
 
Other related organisations in the Manchester area:
Line 142: Line 96:
 
* [http://libreplanet.org/wiki/Manchester Manchester Free Software]
 
* [http://libreplanet.org/wiki/Manchester Manchester Free Software]
 
* [http://www.manlug.org/ Manchester Linux Users Group]
 
* [http://www.manlug.org/ Manchester Linux Users Group]
 +
* [http://nuksg.org/ Northern UK Security Group]
 
* [http://nwdc.org.uk/ North West Digital Communities (NWDC)]
 
* [http://nwdc.org.uk/ North West Digital Communities (NWDC)]
 +
* [http://www.meetup.com/North-West-Tester-Gathering North West Tester Gathering]
  
 
Please get in touch with one of the chapter leaders to get your organisation listed here.
 
Please get in touch with one of the chapter leaders to get your organisation listed here.

Revision as of 08:03, 5 September 2012

OWASP Manchester

Welcome to the Manchester chapter homepage. This UK chapter was started last year (2011), having grown out of the successful Leeds_UK chapter.
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

[edit]

Date: September 11th

Location: PwC

Registration: Via Eventbrite

Schedule: Doors open at 18:00, talks start at 18:30 prompt - please make sure you are there on time.

And please let us know if you book tickets but then cant make it. In the past we have had people who couldnt book on and then had empty seats on the night.


Talk: CVE-2012-2122 - MySQL authentication bypass and code analysis

Speaker: Campbell Murray - A UK pen tester & community contributor. Tech Director of Encription Limited, Director and member of the Technical Panel for Tigerscheme

Campbell will give a proper tekky talk on CVE-2012-2122, more readily known as the MySQL authentication bypass and code analysis.


Talk: The OWASP Zed Attack Proxy - note this is a change to the previously announced talk.

Speaker: Simon Bennetts - Mozilla Security Team and OWASP ZAP Project Leader

Simon will explain what ZAP is, how you can use it, recently added features and features planned..


Open mic: bring a topic!

Depending how things go theres an optional session where anyone can stand up and talk (or start a discussion) for up to (say) 5 mins about any security topic they like.

You can either put your name forward via the mailing list before hand or just speak up at the meeting.

Its the first time we'll have tried it, so no idea how it will work out, but it sounded like a good idea :)


If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.


Everyone is welcome to join us at our chapter meetings.

November 2012

Please get in touch if you would like to speak at a Manchester event - we would be delighted to hear from you.

Everyone is welcome to join us at our chapter meetings.

2012 Dates

30th May

1st February

2011 Dates

16th November

24th August As part of the Leeds Chapter

22nd June As part of the Leeds Chapter

2010 Dates

8th December As part of the Leeds Chapter

The chapter leaders are:

We are actively seeking more chapter leaders - please get in touch if you would like to become one!


Other related organisations in the Manchester area:

Please get in touch with one of the chapter leaders to get your organisation listed here.

And feel free to use the Manchester mailing list to publicise related events.