Security Culture and Behaviour - security is still often seen as a technology problem
Speaker: Louise MacDougall
This presentation will focus on the culture and behaviours surrounding cyber security and explore the 'People layer' of defence. Louise will discuss how organisations should be approaching cyber security leadership and how they can drive the right security behaviours within their staff. Particular focus will be on the role of senior leadership and behavioural models that can be applied to cyber security.
- Or, how I actioned the incident and learned more about the malware to help our organization weather one of the largest malware events to occur in recent history.
Driving remediation in large organisations
Speaker: Andrew Scott
Congratulations! Your vulnerability scanning, penetration testing and bug bounty programmes are all running really well. But what about remediation? When it comes to fixing the problems identified by the various assurance programmes it’s easy to become swamped by the sheer volume and not make enough progress on actual fixes. How do you sort the must fixes from the nice to haves and how do you push the fix rate up and the time to fix down? I’ll look at a number of the challenges here and some solutions.
Please note that registration is required for the event via Eventbrite: https://owaspscotlandaugust2017.eventbrite.co.uk
- Or, how I actioned the incident and learned more about the malware to help our organization weather one of the largest malware events to occur in recent history.
Driving remediation in large organisations
Speaker: Andrew Scott
Congratulations! Your vulnerability scanning, penetration testing and bug bounty programmes are all running really well. But what about remediation? When it comes to fixing the problems identified by the various assurance programmes it’s easy to become swamped by the sheer volume and not make enough progress on actual fixes. How do you sort the must fixes from the nice to haves and how do you push the fix rate up and the time to fix down? I’ll look at a number of the challenges here and some solutions.
We have an excellent talk lined up by Boglarka on MFA and a second speaker should be confirmed in the near future. If you are attending please register so we can keep an eye on the numbers.
To attend, please register here for the event.
Twice the pride, double the fall – why 2FA / MFA isn’t the cure we all thought it was.
Speaker: Boglarka Ronto
The security industry has been preaching the mantra of MFA for almost a decade. Indeed, many implementations have surfaced, some better than others, with all of these intending to add to the level of security of an existing solution (i.e. external logon interface).
The trust in such services appears to be unquestioned: companies are looking for cheap, simple and easily manageable solutions and rarely consider the actual level of security associated with the product of their choice.
This talk discusses ways of testing MFA solutions and includes a few case studies of broken and poor MFA implementations, including one which allowed SMS validation to be bypassed completely at an application level (no physical proximity or cloned phones required).
We have an excellent talk lined up by Boglarka on MFA and a second speaker should be confirmed in the near future. If you are attending please register so we can keep an eye on the numbers.
To attend, please register here for the event.
----------------------------------------------
Twice the pride, double the fall – why 2FA / MFA isn’t the cure we all thought it was.
Speaker: Boglarka Ronto
The security industry has been preaching the mantra of MFA for almost a decade. Indeed, many implementations have surfaced, some better than others, with all of these intending to add to the level of security of an existing solution (i.e. external logon interface).
The trust in such services appears to be unquestioned: companies are looking for cheap, simple and easily manageable solutions and rarely consider the actual level of security associated with the product of their choice.
This talk discusses ways of testing MFA solutions and includes a few case studies of broken and poor MFA implementations, including one which allowed SMS validation to be bypassed completely at an application level (no physical proximity or cloned phones required).
We have an excellent talk lined up by Boglarka on MFA and a second speaker should be confirmed in the near future. If you are attending please register so we can keep an eye on the numbers.
To attend, please register here for the event.
---------------------
Twice the pride, double the fall – why 2FA / MFA isn’t the cure we all thought it was.
Speaker: Boglarka Ronto
The security industry has been preaching the mantra of MFA for almost a decade. Indeed, many implementations have surfaced, some better than others, with all of these intending to add to the level of security of an existing solution (i.e. external logon interface).
The trust in such services appears to be unquestioned: companies are looking for cheap, simple and easily manageable solutions and rarely consider the actual level of security associated with the product of their choice.
This talk discusses ways of testing MFA solutions and includes a few case studies of broken and poor MFA implementations, including one which allowed SMS validation to be bypassed completely at an application level (no physical proximity or cloned phones required).
The Open Web Application Security Project is an online community dedicated to web application security. The OWASP community includes corporations, educational organizations, and individuals from around the world.
A shorter OWASP East Scotland session is now set for Thursday the 17th at our usual place, the Edinburgh University's Informatics Department.
After having his flights cancelled in April, Mario Heiderich is keen to reclaim his bottle of Malt Whisky and so we will be opening the doors at 18:00; talk starts at 18:30.
Tea, coffee, cakes and crisps provided.
The Inner HTML Apocalypse: How mXSS Attacks Change Everything we Believed so Far, by Dr.-Ing. Mario Heiderich
Everything about Reflected, Persistent and DOM based Cross Site Scripting attacks have already been discussed, so why the need for another talk on the subject? In his talk, Mario will introduce and demonstrate this recent technique called mutation-XSS, proving there is still a lot to be discussed about XSS attacks.
Mario is a researcher at Ruhr University Bochum and the director of Cure53, a security consultancy and penetration testing company. He has presented in many conferences, including the AppSec Research OWASP Conference in Hamburg, August 2013.
The introductory meeting in Glasgow of OWASP Scotland. We've got a couple of talks lined up. One as an introduction to what OWASP is and how it could be of use and a second one on ActiveX security.
Expired changed:Not ExpiredEdited at by Sarah Lister
Twitter changed:OWASPScotlandEdited at by gorzilla