[Owasp-london] Reminder - next meeting: March 12th, KPMG, Canary Wharf
justin at justinclarke.com
Tue Mar 3 09:58:50 EST 2009
This is a reminder for the forthcoming OWASP London chapter meeting to be
held on March 12th (Thursday), at the earlier time of 6:30pm (like the
The location is the same as for the previous meeting, at KPMG who have
kindly agreed to sponsor the evening:
KPMG, 39th Floor, One Canada Sq, E14 5AG
We have the following talks confirmed. I will send out one final reminder
next week before the meeting.
* OWASP Global Industry Committee - Colin Watson
- The Global Industry Committee was one of six new OWASP committees created
during the EU Summit in Portugal last year. Colin Watson will talk about the
committee's aims, plan, how to get involved, who it has been engaging with
and what else it has been doing in the first few months.
Colin Watson's initial work was in the production and process engineering
fields, but since completing an MSc in Computation at the University of
Oxford in 1995, he has been employed in web software development, with an
increasing focus on the security aspects. He is now a consultant in London
working with developers, testers, auditors and people from a non-IT
background such as business owners, managers, marketers, project specifiers
and designers to improve security practices. Colin joined the OWASP Global
Industry Committee in January.
* The Software Assurance Maturity Model - Introduction and a Use Case - Matt
- The OWASP CLASP Project has been going through modification to move more
towards a maturity model. As a result, the Software Assurance Maturity Model
(SAMM) project has been released in a beta version. The goal is to "define a
usable security framework with sequential, measurable goals that can be used
by small, medium, and large organisations in any line of business that
involves software development". This talk will introduce SAMM and give a
brief overview of its contents. We will then discuss how SAMM is currently
being used to measure the level of information security activities within an
EU based financial organisation's development methodology and providing the
framework for implementing such activities into their everyday development
Matt Bartoldus is an information risk management professional with over 10
years of experience managing and delivering information security projects.
Service delivery experience spans the scope of security penetration and
vulnerability assessments; regulatory compliance and information security
governance consulting; policy and standard development; and security
business transformation. Matt is a Co-Founder of and Director at Gotham
Digital Science in London.
* SQL injection: Not only AND 1=1 - Bernardo Damele A. G.
The presentation will cover a quick preamble on SQL injection definition,
sqlmap and its key features. It will then illustrate the details of common
and uncommon problems and respective solutions with examples that a
penetration tester or a SQL injection tool developer faces when he wants to
take advantage of any kind of web application SQL injection flaw on real
world web applications, for instance SQL injection in ORDER BY and LIMIT
clauses, single entry UNION query SQL injection, blind SQL injection
algorithm speed enhancements, specific web application technologies IDS
bypasses and more.
Bernardo Damele A. G. is an IT security engineer based in London (United
Kingdom) currently employed as penetration tester and security researcher
for a renowned security company. Bernardo spent most of his research time on
web application and database management systems security. He is currently
the lead developer of sqlmap, a MySQL UDF repository developer and a
As last time, we should have plenty of time to talk and network, and it
looks like we could have a very good turnout from the number of RSVPs we've
received so far.
If you are planning to attend please RSVP in an email to Hayley French from
KPMG (hayley.french at kpmg.co.uk) and CC me (justin at justinclarke.com).
As always, the details and schedule for the night is available on the
See you there!
More information about the Owasp-london