Difference between revisions of "Newcastle"

From OWASP
Jump to: navigation, search
(Added Neil Dixley as leader)
(Past Events)
 
(58 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Chapter Template|chaptername=Newcastle|extra=
+
{{Chapter Template|chaptername=Newcastle|extra=The chapter leaders are [mailto:connor.carr@owasp.org Connor Carr] and [mailto:mike.goodwin@owasp.org Mike Goodwin]
 
+
This [[UK]] chapter was started this year (2012), having grown out of the successful [[Leeds_UK]] and [[Manchester]] chapters.
+
  
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}
 
|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-Newcastle|emailarchives=http://lists.owasp.org/pipermail/owasp-newcastle}}
Line 7: Line 5:
 
= Next Meeting  =
 
= Next Meeting  =
  
None currently scheduled, please watch this space for updates soon.
+
The next event will be run in January 2016, date and time to be confirmed and we might have a new and exciting location! We have two great talks in mind, but they are not 100% confirmed. Details TBC so watch this space.
  
If you would like to talk at future meetings then please get in touch via the mailing list or one of the chapter leaders.
+
= Upcoming Events  =
  
Everyone is welcome to join us at our chapter meetings.
+
The next event will be run in January 2016, date and time to be confirmed and we might have a new and exciting location! We have two great talks in mind, but they are not 100% confirmed. Details TBC so watch this space.
  
= Upcoming Events  =
+
= Past Events  =
  
To be confirmed.
+
'''2015 Dates'''
  
Please get in touch if you would like to speak at a Newcastle event - we would be delighted to hear from you.
+
24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002
  
Everyone is welcome to join us at our chapter meetings.
+
The long talk by '''Ben Lee''' and '''Ross Dargan''':
  
= Past Events  =
+
'''The problems with proving identity.'''
  
'''2012 Dates'''
+
In this talk Ross  (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.
  
None currently, we are a new chapter.
+
The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*
 +
 
 +
(*Talk may not be historically accurate! ;))
 +
 
 +
[[Media: OWASPNewcastle_the_problem_with_proving_identity.pptx]]
 +
 
 +
The short talks:
 +
 
 +
'''Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks'''
 +
 
 +
The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.
 +
 
 +
Take a copy of the game away with you - it is suitable for developers of all sizes.
 +
 
 +
[[Media: Owaspnewcastle-snakesandladders.pptx]]
 +
 
 +
'''Michael Haselhurst - Automated Security Testing Using The ZAP API'''
 +
 
 +
This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.
 +
 
 +
[[Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx]]
 +
 
 +
'''Mike Goodwin - Real world defence in depth (part 1)'''
 +
 
 +
Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.
 +
 
 +
[[Media: Owaspnewcastle-real_world_defence_in_depth.pptx]]
 +
 
 +
----
 +
 
 +
29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002
 +
 
 +
We changed the format for this meeting and has 3 short talks (approx 20 mins) and then one long one (60 mins).
 +
 
 +
Speakers:
 +
 
 +
* '''John Beddard''' on Securing Real-Time Networks (short talk) [[Media: PassiveDefense_Newcastle_Chapter_Sept_2015.pdf]]
 +
* '''Ian Oxley''' on Content Security Policy (short talk) [[Media: CSP_Newcastle_Chapter_Sept_2015.pdf ]]
 +
* '''Mike Goodwin''' on Threat Dragon - a new threat modelling tool project from OWASP (short talk) [[Media: OWASP_Threat_Dragon_Newcastle_Chapter_Sept_2015.pptx]]
 +
* '''Neil Dixley''' on 'OWASP Top 10 Mobile Risks' (long talk) [[Media: OWASP_Mobile_Security_Project_Newcastle_Chapter_Sept_2015.pptx]]
 +
 
 +
----
 +
 
 +
28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.
 +
 
 +
Speakers:
 +
* '''Andrew Waite: Honeypots; from research to the Enterprise.''' 
 +
[[Media: OWASP_Honeypots.odp]]
 +
 
 +
* '''George Chlapoutakis: Security in the World of Containerisation.'''
 +
[[Media: OWASP_Security_Containerisation.ppt]]
 +
 
 +
----
 +
 
 +
29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.
 +
 
 +
Speakers:
 +
* '''Robin Fewster: An introduction to basic application penetration testing.'''
 +
An introduction to penetration testing, using several OWASP projects as well as other open source and free programs.
 +
[[Media: An_introduction_to_penetration_testing.pptx]]
 +
 
 +
* '''Neil Dixley: The Elevation of Privilege Threat Modelling Tool.'''
 +
An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises.
 +
[[Media: Threat_Modeling_Presentation.pptx]]
 +
 
 +
----
 +
 
 +
24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.
 +
 
 +
Speakers:
 +
 
 +
* '''Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering.''' An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. [[Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx]]
 +
* '''Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?.''' Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. [[Media: OWASP_Compliance_for_Devs.pptx]]
  
 
= Chapter Leaders  =
 
= Chapter Leaders  =
Line 31: Line 101:
 
The chapter leaders are:
 
The chapter leaders are:
  
* [[User:Simon Bennetts|Simon Bennetts]]
+
* [[User:Connor Carr|Connor Carr]]
* [[User:Daniel Turner|Daniel Turner]]
+
* [[User:Michael Goodwin|Mike Goodwin]]
*[mailto:neil.dixley@owasp.org Neil Dixley]
+
 
We are actively seeking more chapter leaders - please get in touch if you would like to become one!
+
Once the group is up and running we will be looking for more leaders.
 +
 
 +
= Sponsorship =
 +
 
 +
The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.
 +
 
 +
[[File:sage-logo.jpg]]
 +
 
 +
Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas.  Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:
 +
 
 +
* Platinum sponsor (£1200)
 +
* Gold sponsor (£600)
 +
* Silver sponsor (£300)
  
 +
Any other donation is also gratefully received.
  
 
= Local Organisations  =
 
= Local Organisations  =
Line 41: Line 124:
 
Other related organisations in the Newcastle area:
 
Other related organisations in the Newcastle area:
  
* Coming soon...
+
* '''(ISC)2 North East Chapter''' - for information, contact the chapter secretary, [mailto:robin.fewster@sage.com Robin Fewster], the chapter president [mailto:ken.walls@rpmi.co.uk Ken Walls], the chapter membership officer [mailto:scott.wakeling@atos.net Scott Wakeling] or the chapter treasurer [mailto:gleishman@secnetics.com Gordon Leishman].
  
Please get in touch with one of the chapter leaders to get your organisation listed here.
+
Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.
  
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events.
+
And feel free to use the [https://lists.owasp.org/mailman/listinfo/owasp-newcastle Newcastle mailing list] to publicise related events (this list is moderated).
  
 
__NOTOC__ <headertabs />
 
__NOTOC__ <headertabs />

Latest revision as of 16:00, 30 November 2015

OWASP Newcastle

Welcome to the Newcastle chapter homepage. The chapter leaders are Connor Carr and Mike Goodwin
Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

Sponsorship/Membership

Btn donate SM.gif to this chapter or become a local chapter supporter.

Or consider the value of Individual, Corporate, or Academic Supporter membership. Ready to become a member? Join Now BlueIcon.JPG

[edit]

The next event will be run in January 2016, date and time to be confirmed and we might have a new and exciting location! We have two great talks in mind, but they are not 100% confirmed. Details TBC so watch this space.

The next event will be run in January 2016, date and time to be confirmed and we might have a new and exciting location! We have two great talks in mind, but they are not 100% confirmed. Details TBC so watch this space.

2015 Dates

24/11/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002

The long talk by Ben Lee and Ross Dargan:

The problems with proving identity.

In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.

The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*

(*Talk may not be historically accurate! ;))

Media: OWASPNewcastle_the_problem_with_proving_identity.pptx

The short talks:

Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks

The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.

Take a copy of the game away with you - it is suitable for developers of all sizes.

Media: Owaspnewcastle-snakesandladders.pptx

Michael Haselhurst - Automated Security Testing Using The ZAP API

This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.

Media: OWASPNewcastle_automated_security_testing_using_ZAP_API.pptx

Mike Goodwin - Real world defence in depth (part 1)

Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.

Media: Owaspnewcastle-real_world_defence_in_depth.pptx


29/09/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002

We changed the format for this meeting and has 3 short talks (approx 20 mins) and then one long one (60 mins).

Speakers:


28/07/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.

Speakers:

  • Andrew Waite: Honeypots; from research to the Enterprise.

Media: OWASP_Honeypots.odp

  • George Chlapoutakis: Security in the World of Containerisation.

Media: OWASP_Security_Containerisation.ppt


29/05/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA102B.

Speakers:

  • Robin Fewster: An introduction to basic application penetration testing.

An introduction to penetration testing, using several OWASP projects as well as other open source and free programs. Media: An_introduction_to_penetration_testing.pptx

  • Neil Dixley: The Elevation of Privilege Threat Modelling Tool.

An introduction to threat modelling and using the 'Elevation of Privilege' card game to facilitate and improve team threat modelling exercises. Media: Threat_Modeling_Presentation.pptx


24/03/2015 from 18:00 to 21:00 at Northumbria University Ellison Building EBA002.

Speakers:

  • Neil Dixley: Cognitive Bias and Security Vulnerabilities: The psychology of software engineering. An introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities. A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security. Media:Cognitive_Bias_and_Security_Vulnerabilities__Presentation.pptx
  • Andy Ward: Security Compliance for Developers - Are we Certified... or Certifiable?. Against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust. But how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'! After a quick reminder of "what's the worst that can happen...", Andy will introduce some of the security Compliance and Certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams. Media: OWASP_Compliance_for_Devs.pptx

The chapter leaders are:

Once the group is up and running we will be looking for more leaders.

The Newcastle chapter is very grateful to Sage (platinum sponsor) for its generous support.

Sage-logo.jpg

Chapter sponsorship helps pay for venue hire, pizzas, speaker travel expenses, pizzas, giveaway swag for meetings and pizzas. Also, a proportion of the sponsorship goes to support the OWASP global mission. If you would like to sponsor the chapter, please contact one of the chapter leaders. The corporate sponsorship costs are:

  • Platinum sponsor (£1200)
  • Gold sponsor (£600)
  • Silver sponsor (£300)

Any other donation is also gratefully received.

Other related organisations in the Newcastle area:

Please get in touch with one of the OWASP Newcastle chapter leaders to get your organisation listed here.

And feel free to use the Newcastle mailing list to publicise related events (this list is moderated).