[Owasp-cambridge] Reminder - OWASP Cambridge Chapter Secure Coding Tournament and Seminar Event Tuesday 12th September 2017 17:00 – 21:00

Adrian Winckles adrian.winckles at owasp.org
Tue Aug 29 13:47:01 UTC 2017

*OWASP Cambridge Chapter Secure Coding Tournament and Seminar Event *

Tuesday 12th September 2017 17:00 – 21:00, Coslett Building COS404/405 &
COS124, Anglia Ruskin University, Cambridge.

Hosted by the Cyber Security & Networking Research Group (Department of
Computing & Technology), Anglia Ruskin University & OWASP (Open Web
Application Security Project) Cambridge Chapter

Secure Code Warrior kindly sponsoring tournament and T-Shirt/Hoodies as

OWASP Cambridge sponsoring the Beer, OWASP Swag and Other Prizes

Pizza kindly sponsored by Anglia Ruskin and Others TBD

*OWASP Cambridge – Secure Coding Tournament*

Compete against your peers to become the ‘Secure Code Warrior.’

*OWASP Cambridge Secure Coding Champion 2017.*

*Secure Coding tournament – what is it all about?*

Join this live interactive tournament which is sure to be a fun,
challenging learning experience for all.  Whether you are eager to prove
your web application AppSec knowledge of the OWASP Top 10 and more…. and
watch as you climb to the top of the leaderboard or simply want to learn
more about how to code more securely – everyone is welcome and there will
be prizes / SWAG for the winner(s).

Participants are presented with any of three kinds of vulnerable code
challenges - identify the problem, locate the insecure code, and fix the
vulnerability. Gamification helps to make the exercise a fun, engaging and
interactive experience. Participants can select from various software
languages to complete the tournament, including:

Java EE, Java Spring, C# MVC, C# WebForms, Ruby on Rails, Python Django &

*Who should take part?*

Any developer with an interest in secure coding!

In past tournaments, developers from varying levels of experience, skill
levels and various job roles have competed, but all have a common interest
in security and the future of security.

The aim of this event is to connect the OWASP Cambridge Chapter in a more
open and engaging setting. Security experts will be on-hand to chat and
help people during the event.

Guaranteed to be a fun and insightful evening!

*Why should I take part?*

Becoming the first ever OWASP Cambridge Secure Code Champion should be
enough to whet the appetite. However, there will also be prizes, pizza and
beer on hand. It is a great opportunity to test your skill levels and have
fun on the Secure Code Warrior platform, connect with like-minded folks
interested in secure coding and get industry insight from Peter Lawrey’s
keynote speech – all free of charge.

*Why is Secure Coding a big deal?*

If you look at some of the most significant breaches over the last four
years, Capgemini, Amazon, Yahoo and more locally the NHS, the common attack
vector was vulnerable code. The striking reality is that these were not
zero day vulnerabilities with no immediate remediation’s, these attacks
targeted known vulnerabilities with known remediation.

As companies move to more agile development, more and more code releases
occur daily, if not, on an hourly basis. It is paramount that developers
writing the code become the first line of defense. But, for this to happen,
developers must build their secure coding skillset. Once a developer builds
those skills, they will start to write less vulnerabilities and reduce the
possible attack surface of their organisation. From an agility and cost
point of view, if less vulnerabilities are included from the start of the
SDLC, the organization can save money and precious time – truly enabling
agile performance.


1st Prize Raspberry Pi Kit, Hoodie & OWASP Swag (TBD)

2nd Prize Hoodie/T Shirt & OWASP Swag

Plus Other T-Shirts

Student 1st Prize

Free Entry to Cambridge Wireless’s “Inclusive Innovation Conference” 19th
September at the Bradfield Centre, Cambridge Science Park (worth £75)


Many other Prizes!!

*Please ensure you bring your laptop (not a tablet) to take part.*


*Guest Speaker: **Peter Lawrey – CEO at Higher Frequency Trading Ltd &
Chronicle Software*

*Biography: **Peter Lawrey *

Peter Lawrey likes to inspire developers to improve the craftmanship of
their solutions, engineer their systems for simplicity and performance, and
enjoy their work more by being creative and innovative.

He has a popular blog “Vanilla Java” which gets 120K page views per months,
is 3rd on StackOverflow.com for [Java] and 2nd for [concurrency], and is
lead developer of the OpenHFT project which includes support for off heap
memory, thread pinning and low latency persistence and IPC (as low as 100

*Abstract – “Secure Coding” TBC*


OWASP (Open Web Application Security Project is a 501(c)(3) not-for-profit
worldwide charitable organisation focused on improving the security of
application software. Their mission is to make application security
visible, so that people and organisations can make informed decisions about
true application security risks.

The *Cyber Security and Networking (CSN)* research group has close working
strategic relationships with industry, professional bodies, law
enforcement, government agencies and academia in the delivery of
operationally focused applied information and application security research.
We have strong international links with professional organizations such as
OWASP, BCS, ISC2, IISP & the UK Cyber Security Forum amongst others.  The
primary aims of CSNRG are to help the UK and partner nations to tackle
cybercrime, be more resilient to cyber-attacks and educate its users for a
more secure cyberspace and operational business environment.  These will be
achieved through the investigation of threats posed to information systems,
understanding the impact of attacks and creation of cyber-based warning
systems which include gathering threat intelligence, automate threat
detection, alert users and neutralize attacks.  For network security we are
researching securing the next generation of software defined
infrastructures from the application API and control/data plane attacks.
Other key work includes computer forensic analysis, digital evidence crime
scenes and evidence visualisation as well as cyber educational approaches
such as developing Capture the Flag (CTF) resources and application
security programs.

The Department of Computing & Technology at Anglia Ruskin University is
enhancing its curricula and capabilities in information security following
its successful BSc(Hons) Information Security and Forensic Computing
pathway. Establishing a joint professional networking group with OWASP
concentrating on aspects of computing and application security is a key
part of this enhancement. A key aim the department is working towards is
developing a MSc Information Security specialising in Application Security
and as part of this activity looking to develop and a local Information
Security Student Society.


17:00 – 17:45: Pizza/Beer & Networking in COS 404/405

17:45 – 18:00: Welcome from the OWASP Cambridge Chapter Leader, Adrian
Winckles, Course Leader in Information Security & Forensic Computing,
Anglia Ruskin University

18:00 – 18.45: Talk from Peter Lawrey CEO of Higher Frequency Trading Ltd &
Chronicle Software

18:45 – 19.00: Registration/on-boarding of participants to the SCW

19:00 – 21.00* Tournament

•15 minutes at end to wrap up and hand out prizes


To register for this free event, please register online at


The networking and refreshments will be held in Coslett Building (Room
COS404/405 on the 4th Floor) whilst the following talk and tournament will
be held in the Coslett Building Large Lecture theatre, Room COS124

Please enter through the Helmore Building and ask at reception.

There will be a reception desk on the ground floor of Coslett Building

Anglia Ruskin University,

Cambridge Campus
East Road


Get further information on travelling to the university.


To find the Cambridge East Road Campus please see the following map


The Coslett building is at the rear of the campus, also accessible from the
Mill Road entrance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cambridge/attachments/20170829/07261fb6/attachment-0001.html>

More information about the Owasp-cambridge mailing list