OWASPLondonChapterMeeting30thMarch2017

LondonChapter

ChapterLeaders:• SamStepanyan(@securestep9)

• SherifMansour(@kerberosmansour) KeepingInTouch:➤ JointheOWASPLondonmailinglist➤ Follow@OWASPLondononTwitter ➤ “Like”OWASPLondononFacebook➤ SubscribetoOWASPLondonChannelonYouTube➤ Chatwith#chapter-londonteamowasp.Slack.com

Agenda

• Networking,pizza&drinks• WelcomeandOWASPUpdate-SamStepanyan&SherifMansour

• HeroesvsVillains:BuildinganApplicationSecurityProgramthatScales-KevinDelaney

• LightningTalk:BypassingCSRFProtections:ADoubleDefeatoftheDouble-SubmitCookie-DavidJohansson ------------break-------------------------------

• PostMessageSecurityinChromeExtensions-ArsenyReutov• Networking&Beer

OWASP

• WeareaGlobalnot-for-profitcharitableorganisation

• Focusedonimprovingthesecurityofsoftware

• Vendor-NeutralCommunity

• CollectiveWisdomoftheBestMindsinApplicationSecurityWorldwide

• Providefreetools,guidance,standards

• Allmeetingsarefreetoattend(*freebeerincluded)

BecomeaMember

WeareallVOLUNTEERS!(45,000worldwide)

Membership

$50/year!

LondonChapterSupporters

OWASPCorporateMembers

PremierMembers

Premiermembers

FREEeBook

https://bit.ly/freenodejsbook

EssentialNode.jsSecurityforExpressJSWebApplications

Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.

AppSecEurope2017

8-12May2017,BelfastNorthernIreland

Belfast,Belfast!

AppSecEurope2017-CallForPapersisOPEN!Submityourproposals!

Training@ApPSecEU2017

ExploitingWebsitesbyusingoffensiveHTML,SVG,CSSandotherBrowser-Evil-MarioHeiderichSecurecodinginJava-RobertSeacordHands-onMobileApplicationExploitation-iOS&Android-DineshShettyHandsonWebExploitationwithPython-MichaelBornandFredDonovanSystematicallyBreakingandFixingSingleSign-On-VladislavMladenovandChristianMainkaWhiteboardHackingakaHands-onThreatModeling-SebastienDeleersnyderMaking&BreakingMachineLearningSystems-AntoJosephClarenceChioAutomatingyourownAppSecPipelinewithDockerandServerlessComputing-AaronWeaverandMattTesauroWebApplicationSecurityEssentials-FabioCerulloHands-onWorkshoponSecurityinDevOps(SecDevOps)v2.0-AbhayBhargavSmartlockpicking-hands-onexploitingsoftwareflawsinIoT-SlawomirJasek

OWASPSummit2017

SUMMITWorkshops

BSIDESLondon

BSidesLondon2017BiggestCommunity-DrivenInfoSecConference

07.June.2017

ILECConferenceCentre47LillieRoadLondonSW61UD

WEWILLBETHERE!

OWASPCodeSprint2017

Flipbits!Notburgers!

GoalTheOWASPCodeSprint2017isaprogramthataimstoprovideincentivestostudentstocontributetoOWASPprojects.ByparticipatingintheOWASPCodeSprint2017astudentcangetreallifeexperiencewhilecontributingtoanopensourceproject.Astudentthatsuccessfullycompletestheprogramwillreceiveintotal$1500.

Duration:2monthsoffull-timeengagement.

Talktime

MainTalks:

• KevinDelaney

• DavidJohansson

• ArsenyReutov

FREEeBook

https://bit.ly/freenodejsbook

EssentialNode.jsSecurityforExpressJSWebApplications

Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.

StayinginTouchOWASPLondon

KeepinTouch–getinformedaboutfutureevents:

JoinTheOWASPLondonMailingList:http://lists.owasp.org/mailman/listinfo/owasp-london

WatchusonYouTube:YouTube.com/OWASPLondon

Slack:owasp.slack.com#chapter-london

VisitOWASPLondonChapterwebpagehttps://www.owasp.org/index.php/London

OWASPLondonSaveTheDatesofFuture

meetings:

18May2017

FollowusonTwitter@owasplondon

“Like”usonFacebookhttps://www.facebook.com/OWASPLondon

PresentYourTalk

CallForSpeakersForFutureEvents

DoyouhaveagreatWebApplicationSecurityRelatedTalk?

3Tracks:

•Breakers•Defenders•Builders

Submittheabstractofyourtalkandyourbioto:

owasplondon@owasp.org

ThankYou!

Speakers:

• DavidJohansson• KevinDelaney• ArsenyReutov

AllslideswillbepublishedonOWASP.ORGandvideorecordingswillbeonYouTubeinafewdays

Hostsforthisevent• TelegraphMediaGroup

• Attendees(you!)

PubTime!

• NetworkingandDrinksatTHEVICTORIA1LowerBelgraveStreet