OWASP London Chapter Meeting - September 2017

The next OWASP London Chapter Meeting will take place on Thursday 28th September 2017 at 18:30 (doors/registration 6:00pm)

This event is kindly sponsored and hosted by John Lewis Partnership.

Location: John Lewis Partnership Head Office, 171 Victoria Street, London, SW1E 5NN

Nearest Tube: Victoria (3 minute walk)

Doors Open at 6pm, the talks start at 6:30pm (we start on time).


Talks:

* OWASP Introduction, Welcome and News - Sam Stepanyan and Sherif Mansour
Welcome and an Update on OWASP Projects & Events from the OWASP London Chapter Leaders

* Application Level Vulnerabilities in Containerized Applications - Benjy Portnoy

Docker containers are transforming the way applications are developed and deployed. Closely tied to DevOps and Continuous Delivery, containers introduce both risks and opportunities to security management in Web applications. This talk will introduce the basic concepts of containers and micro services, how companies use them today, and how to support this technology while elevating the security posture of your application stacks. Various OWASP tools that leverage containers will also be presented.

* Hunting Security Bugs In Web Apps - Suleman Malik
There are so many web applications that work in the background but it can be difficult to know about them. In this talk I’m going to show you some bug hunting techniques and how I exploited vulnerabilities in some major websites. I will cover some topics, which includes bypassing Content security policy (CSP), API endpoint vulnerability, PostMessage vulnerability, CSRF, XSS, Session/Authentication flaws and exploiting some other OWASP Top 10 vulnerabilities


Speakers:

* Benjy Portnoy
Benjy is a seasoned cyber security professional with over 15 years experience in consulting, designing, and implementing strategic information security projects for organizations across EMEA. He is currently the director of DevSecOps at Aqua Security, helping enterprises streamline security into their DevOps processes to secure their containerized applications. Prior to joining Aqua Security, Benjy held senior security architect roles at CA, BlueCoat, and Symantec where he worked closely with CSO’s and security operations teams focusing on vulnerability management, datacenter security, and incident response. Benjy holds both CISA (Certified Information Systems Auditor) and CISSP (Certified Information Systems Security Professional) certifications and is currently completing his master's degree in Information Security and Digital Forensics

* Suleman Malik
Suleman Malik is an independent security researcher and author specialising in web application security, IOS and Android application security. He has reported so many security issues under the industry practice of coordinated disclosure that he is listed in more than 50 Halls of Fame including Google, Microsoft, Intel, Sony, LinkedIN, Blackberry, Apple, Oracle, Huawei, US Department of Defense and so on. He has been featured in top cyber security magazines including hakin9 & Pentest magazine and also has been declared among the top ten highest paid security researchers in the world. HackerOne CEO also has acknowledged his work and invited him to visit the United States of America. Donald Freese, the director of FBI's cyber crime unit (NCIJTF) has also endorsed his skills. Suleman is currently a full time student working toward his degree in computer forensics and security

Code of Conduct:
www.owasp.org

to (Europe/London time) Lasts 2 hours.

More details: www.owasp.org

Tickets: www.eventbrite.co.uk

More Information

About OWASP London

Open Web Application Security Project - London Chapter