OWASP London Chapter Meeting at the Microsoft Reactor
Description changed:
This event is kindly hosted and sponsored by Microsoft
Location: Microsoft Reactor, 70 Wilson Street, London, EC2A 2DB
Nearest Tubes: Old Street (7-minute walk), Moorgate (7-minute walk), Liverpool Street (7-minute walk)
Doors Open at 6:00pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time)
TALKS:
OWASP Introduction, Welcome and News - Sam Stepanyan, Sherif Mansour & Greg Fragkos
Welcome and a brief update on OWASP Projects,Events and Conferences from the OWASP London Chapter Leaders.
"From zero to hero: building security from scratch" - Anthi Gilligan
Breaches mean financial, regulatory, legal, and above all reputational repercussions. Organisations are quick to react, however with security professionals in high demand and low supply, there has been an increase in individuals jumping on the “cybersecurity” bandwagon. In this talk, we discuss the pitfalls of the inadequately qualified “cybersecurity expert”, and examine the building blocks of a solid information security management system
Dapps and many ICOs run on smart contracts and tend to process a substantial amount of funds. This makes them a target, and therefore they often undergo attacks. Combined with the blockchain immutability, vulnerabilities undiscovered during development will exist forever in the blockchain. This talk will dive into the most common smart contract security vulnerabilities and provide in-depth knowledge on how these issues occur and their mitigation. Real world examples will be discussed and vulnerabilities like re-entrancy, overflows, gas limit attacks etc. will be demonstrated.
Lightnining Talk - "Driving OWASP ZAP using Selenium" - Mark Torrens
OWASP ZAP is great tool but it's not magic! When used in a CI/CD pipeline, ZAP needs some help to discover the routes through a web application. Basic authentication, user logins and form validation can all stop ZAP in its tracks. I show how to drive ZAP using Selenium scripts and increase the security coverage of a web application.
SPEAKERS:
Anthi Gilligan
Anthi (@AnGreagach) is an application security engineer at Logitech and has sole responsibility for the company’s vulnerability management, penetration testing and security engineering functions. She has previously held the position of principal security architect for a large Irish banking institution, and acted as a lead pen tester for a consultancy company. Anthi is on the organising committee of Security Bsides Athens and is currently leading the efforts to bring Security Bsides conference to Dublin. She holds a number of academic and professional security qualifications, and loves dogs.
Evangelos Deirmentzoglou
Evangelos Deirmentzoglou (@edeirme) joined the open source community in the winter of 2015 by contributing to Ncrack. In the summer of 2017 he took part in Google Summer of Code 2017 under the guidance of Fotis Chantzis in order to work on Nmap and Ncrack. He currently works as a Security Engineer at Positive Technologies, conducting code auditing, mobile & web penetration testing and smart contract security assessments. He is researching a cybersecurity PhD and focuses on source code analysis, which he has applied for a number of major U.S technology vendors, Fortune 500 companies, banks and medical institutions.
Mark Torrens
Mark Torrens works for Kainos as a Security Architect and this year is completing an MSc in Cyber Security at the University of York.