[Owasp-royalholloway] Reminder - Next Central London OWASP meeting on Thursday the 29th of March, at Morgan Stanley in Canary Wharf

Justin Clarke justin.clarke at owasp.org
Thu Mar 15 12:18:06 UTC 2012


**** Please forward this on to any of your colleagues/friends who may be interested in attending! ****

This is a reminder for the forthcoming OWASP Central London chapter meeting to be held on Thursday March 29th, at 6:30pm-8:30pm (show up at venue between 6:00pm-6:30pm).  We have a special treat in the form of an international OWASP Speaker being in town (Jim Manico) who has kindly agreed to speak. 

We're at a new location this time, at Morgan Stanley who have kindly agreed to let us use their facilities:

- Morgan Stanley, 25 Cabot Square, Canary Wharf, London E14 4QA (Wordsworth and Yeats rooms, Level 12)

Note that we're back to our normal time!

As always, we should have plenty of time to talk and network, and should have some time after the talks to have some more chatting time as well and/or head out to a local pub afterwards.

Even though this meeting is free and open to all, if you are planning to attend you must RSVP at http://owasp-london.eventbrite.com. Please enter your real name, as this will be given to Morgan Stanley building security. If you don't RSVP, you may not be let into the building. Also note that RSVPs close the day before the event (so we can get names on the door), so make sure you RSVP in advance.

Also, if you are no longer able to attend, please email Justin at justin.clarke at owasp.org so your space can be released for someone else.

==Talks==

• Deep Access Control Best Practices and Anti-Patterns - Jim Manico
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.

• IronWASP - Manish Saindane
IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripting expertise would be able to make full use of the platform, a lot of the tool's features are simple enough to be used by absolute beginners.

==Speakers==

• Jim Manico is the VP of Security Architecture for WhiteHat Security, a web security firm. Jim is a participant and project manager of the OWASP Developer Cheatsheet series. He is also the producer and host of the OWASP Podcast Series.
• Manish Saindane is a Senior Security Consultant at Gotham Digital Science. He also co-authors a security research website and blog http://andlabs.org. He has actively contributed towards conceptualising IronWASP and also maintains the Ruby plug-in repository for this framework.

As always, the details and schedule for the night will be available on the chapter page (https://www.owasp.org/index.php/London).

See you there!

Justin Clarke


More information about the Owasp-royalholloway mailing list