owasp london chapter meeting 30th march 2017...making & breaking machine learning systems - anto...
TRANSCRIPT
OWASPLondonChapterMeeting30thMarch2017
LondonChapter
ChapterLeaders:• SamStepanyan(@securestep9)
• SherifMansour(@kerberosmansour) KeepingInTouch:➤ JointheOWASPLondonmailinglist➤ Follow@OWASPLondononTwitter ➤ “Like”OWASPLondononFacebook➤ SubscribetoOWASPLondonChannelonYouTube➤ Chatwith#chapter-londonteamowasp.Slack.com
Agenda
• Networking,pizza&drinks• WelcomeandOWASPUpdate-SamStepanyan&SherifMansour
• HeroesvsVillains:BuildinganApplicationSecurityProgramthatScales-KevinDelaney
• LightningTalk:BypassingCSRFProtections:ADoubleDefeatoftheDouble-SubmitCookie-DavidJohansson ------------break-------------------------------
• PostMessageSecurityinChromeExtensions-ArsenyReutov• Networking&Beer
OWASP
• WeareaGlobalnot-for-profitcharitableorganisation
• Focusedonimprovingthesecurityofsoftware
• Vendor-NeutralCommunity
• CollectiveWisdomoftheBestMindsinApplicationSecurityWorldwide
• Providefreetools,guidance,standards
• Allmeetingsarefreetoattend(*freebeerincluded)
BecomeaMember
WeareallVOLUNTEERS!(45,000worldwide)
Membership
$50/year!
LondonChapterSupporters
OWASPCorporateMembers
PremierMembers
Premiermembers
FREEeBook
https://bit.ly/freenodejsbook
EssentialNode.jsSecurityforExpressJSWebApplications
Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.
AppSecEurope2017
8-12May2017,BelfastNorthernIreland
Belfast,Belfast!
AppSecEurope2017-CallForPapersisOPEN!Submityourproposals!
Training@ApPSecEU2017
ExploitingWebsitesbyusingoffensiveHTML,SVG,CSSandotherBrowser-Evil-MarioHeiderichSecurecodinginJava-RobertSeacordHands-onMobileApplicationExploitation-iOS&Android-DineshShettyHandsonWebExploitationwithPython-MichaelBornandFredDonovanSystematicallyBreakingandFixingSingleSign-On-VladislavMladenovandChristianMainkaWhiteboardHackingakaHands-onThreatModeling-SebastienDeleersnyderMaking&BreakingMachineLearningSystems-AntoJosephClarenceChioAutomatingyourownAppSecPipelinewithDockerandServerlessComputing-AaronWeaverandMattTesauroWebApplicationSecurityEssentials-FabioCerulloHands-onWorkshoponSecurityinDevOps(SecDevOps)v2.0-AbhayBhargavSmartlockpicking-hands-onexploitingsoftwareflawsinIoT-SlawomirJasek
OWASPSummit2017
SUMMITWorkshops
BSIDESLondon
BSidesLondon2017BiggestCommunity-DrivenInfoSecConference
07.June.2017
ILECConferenceCentre47LillieRoadLondonSW61UD
WEWILLBETHERE!
OWASPCodeSprint2017
Flipbits!Notburgers!
GoalTheOWASPCodeSprint2017isaprogramthataimstoprovideincentivestostudentstocontributetoOWASPprojects.ByparticipatingintheOWASPCodeSprint2017astudentcangetreallifeexperiencewhilecontributingtoanopensourceproject.Astudentthatsuccessfullycompletestheprogramwillreceiveintotal$1500.
Duration:2monthsoffull-timeengagement.
Talktime
MainTalks:
• KevinDelaney
• DavidJohansson
• ArsenyReutov
FREEeBook
https://bit.ly/freenodejsbook
EssentialNode.jsSecurityforExpressJSWebApplications
Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.
StayinginTouchOWASPLondon
KeepinTouch–getinformedaboutfutureevents:
JoinTheOWASPLondonMailingList:http://lists.owasp.org/mailman/listinfo/owasp-london
WatchusonYouTube:YouTube.com/OWASPLondon
Slack:owasp.slack.com#chapter-london
VisitOWASPLondonChapterwebpagehttps://www.owasp.org/index.php/London
OWASPLondonSaveTheDatesofFuture
meetings:
18May2017
FollowusonTwitter@owasplondon
“Like”usonFacebookhttps://www.facebook.com/OWASPLondon
PresentYourTalk
CallForSpeakersForFutureEvents
DoyouhaveagreatWebApplicationSecurityRelatedTalk?
3Tracks:
•Breakers•Defenders•Builders
Submittheabstractofyourtalkandyourbioto:
ThankYou!
Speakers:
• DavidJohansson• KevinDelaney• ArsenyReutov
AllslideswillbepublishedonOWASP.ORGandvideorecordingswillbeonYouTubeinafewdays
Hostsforthisevent• TelegraphMediaGroup
• Attendees(you!)
PubTime!
• NetworkingandDrinksatTHEVICTORIA1LowerBelgraveStreet