OWASP London Chapter Meeting 30th March 2017 · 2017. 3. 30. · • Lightning Talk: Bypassing CSRF...
Transcript of OWASP London Chapter Meeting 30th March 2017 · 2017. 3. 30. · • Lightning Talk: Bypassing CSRF...
-
OWASPLondonChapterMeeting 30thMarch2017
-
LondonChapter
ChapterLeaders:• SamStepanyan(@securestep9)• SherifMansour(@kerberosmansour) KeepingInTouch: ➤ JointheOWASPLondonmailinglist ➤ Follow@OWASPLondononTwitter ➤ “Like”OWASPLondononFacebook ➤ SubscribetoOWASPLondonChannelonYouTube ➤ Chatwith#chapter-londonteamowasp.Slack.com
http://owasp.slack.com
-
Agenda
• Networking,pizza&drinks• WelcomeandOWASPUpdate-SamStepanyan&SherifMansour• HeroesvsVillains:BuildinganApplicationSecurityProgram
thatScales-KevinDelaney• LightningTalk:BypassingCSRFProtections:ADoubleDefeat
oftheDouble-SubmitCookie-DavidJohansson ------------break-------------------------------
• PostMessageSecurityinChromeExtensions-ArsenyReutov• Networking&Beer
-
OWASP
• WeareaGlobalnot-for-profitcharitableorganisation
• Focusedonimprovingthesecurityofsoftware• Vendor-NeutralCommunity• CollectiveWisdomoftheBestMindsinApplicationSecurityWorldwide
• Providefreetools,guidance,standards• Allmeetingsarefreetoattend(*freebeerincluded)
-
BecomeaMember
WeareallVOLUNTEERS!(45,000worldwide)
-
Membership
$50/year!
-
LondonChapterSupporters
-
OWASPCorporateMembers
-
PremierMembers
Premiermembers
-
FREEeBook
https://bit.ly/freenodejsbook
EssentialNode.jsSecurityforExpressJSWebApplications
Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.
https://bit.ly/freenodejsbook
-
AppSecEurope2017
8-12May2017,Belfast NorthernIreland
-
Belfast,Belfast!
AppSecEurope2017-CallForPapersisOPEN!Submityourproposals!
-
Training@ApPSecEU2017
ExploitingWebsitesbyusingoffensiveHTML,SVG,CSSandotherBrowser-Evil-MarioHeiderichSecurecodinginJava-RobertSeacordHands-onMobileApplicationExploitation-iOS&Android-DineshShettyHandsonWebExploitationwithPython-MichaelBornandFredDonovanSystematicallyBreakingandFixingSingleSign-On-VladislavMladenovandChristianMainkaWhiteboardHackingakaHands-onThreatModeling-SebastienDeleersnyderMaking&BreakingMachineLearningSystems-AntoJosephClarenceChioAutomatingyourownAppSecPipelinewithDockerandServerlessComputing-AaronWeaverandMattTesauroWebApplicationSecurityEssentials-FabioCerulloHands-onWorkshoponSecurityinDevOps(SecDevOps)v2.0-AbhayBhargavSmartlockpicking-hands-onexploitingsoftwareflawsinIoT-SlawomirJasek
-
OWASPSummit2017
-
SUMMITWorkshops
-
BSIDESLondon
BSidesLondon2017BiggestCommunity-Driven InfoSecConference
07.June.2017
ILECConferenceCentre47LillieRoadLondonSW61UD
WEWILLBETHERE!
-
OWASPCodeSprint2017
Flipbits!Notburgers!
GoalTheOWASPCodeSprint2017isaprogramthataimstoprovideincentivestostudentstocontributetoOWASPprojects.ByparticipatingintheOWASPCodeSprint2017astudentcangetreallifeexperiencewhilecontributingtoanopensourceproject.Astudentthatsuccessfullycompletestheprogramwillreceiveintotal$1500.
Duration:2monthsoffull-timeengagement.
-
Talktime
MainTalks:
• KevinDelaney• DavidJohansson• ArsenyReutov
-
FREEeBook
https://bit.ly/freenodejsbook
EssentialNode.jsSecurityforExpressJSWebApplications
Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.
https://bit.ly/freenodejsbook
-
StayinginTouch OWASPLondon
KeepinTouch–getinformedaboutfutureevents:
JoinTheOWASPLondonMailingList:http://lists.owasp.org/mailman/listinfo/owasp-london
WatchusonYouTube:YouTube.com/OWASPLondon
Slack:owasp.slack.com#chapter-london
VisitOWASPLondonChapterwebpagehttps://www.owasp.org/index.php/London
OWASPLondonSaveTheDatesofFuture
meetings:
18May2017
FollowusonTwitter@owasplondon
“Like”usonFacebook https://www.facebook.com/OWASPLondon
http://owasp.slack.comhttps://www.owasp.org/index.php/London
-
PresentYourTalk
CallForSpeakersForFutureEvents
DoyouhaveagreatWebApplicationSecurityRelatedTalk?
3Tracks:
•Breakers•Defenders•Builders
Submittheabstractofyourtalkandyourbioto:
-
ThankYou!
Speakers:
• DavidJohansson• KevinDelaney• ArsenyReutov
AllslideswillbepublishedonOWASP.ORGandvideorecordingswillbeonYouTubeinafewdays
Hostsforthisevent• TelegraphMediaGroup
• Attendees(you!)
http://owasp.org
-
PubTime!
• NetworkingandDrinksat THEVICTORIA 1LowerBelgraveStreet