[Owasp-royalholloway] Reminder - Next Central London OWASP meeting next week, Thursday the 8th of November, at Morgan Stanley in Canary Wharf

Justin Clarke justin.clarke at owasp.org
Mon Nov 5 11:04:27 UTC 2012

This is a reminder for the forthcoming OWASP Central London chapter meeting to be held next week on Thursday November 8th, at 6:30pm-8:30pm (show up at venue between 6:00pm-6:30pm).  This meeting we have a special treat in the form of well known security researcher and practioner Petko D. Petkov (pdp) talking.

We're back at Morgan Stanley who have kindly agreed to let us use their facilities:

- Morgan Stanley, 25 Cabot Square, Canary Wharf, London E14 4QA

Note - this is the same building as we were in earlier in the year, this is NOT the building next to the Heron Quays DLR station. Make sure you have a look on Google Maps or similar to make sure you're heading to the right building!

As always, we should have plenty of time to talk and network, and should have some time after the talks to have some more chatting time as well and/or head out to a local pub afterwards.

Even though this meeting is free and open to all, if you are planning to attend you must RSVP athttp://owasp-london.eventbrite.com. Please enter your real name, as this will be given to Morgan Stanley building security. If you don't RSVP, you may not be let into the building. Also note that RSVPs close at midday the day before the event (so we can get names on the door), so make sure you RSVP in advance.

Also, if you are no longer able to attend, please email Justin at justin.clarke at owasp.org so your space can be released for someone else.


	• A Short History of The JavaScript Security Arsenal - Petko D. Petkov
In 2006 we had the first JavaScript port scanner. The same year we saw the incarnation of more advanced tools such as AttackAPI, Carnaval and Backframe. A year later we saw several decent attempts to create complete security tools designed to run with nothing else but web technologies. That was just the start.
This presentation aims to show the progress that has been made in the past six years in terms of security tools developed entirely with the help of browser technologies. The presentation will take you on a journey through the years, exploring some of the interesting attack techniques used in the past, bringing back some of the important discussions and eventually reaching the culmination when modern tools and technologies will be shown and explained.

	• The continuously evolving threat landscape call CISOs to consider new application security measures, how OWASP can help? - Marco Morana
The aim of this 20 minute talk is how to introduce Chief Information Security Officers (CISO) to the OWASP Application Security Guide. OWASP has developed a guidance to specifically to address the needs of CISOs to help them in prioritizing the risk mitigation of web application vulnerabilities might severely and negatively impact the organization and jeopardizing the business.

I will also give a short update on what's been going on in the OWASP world since our last meeting, if we have time remaining.


	• Petko D. Petkov
pdp is the founder and leading member of the GNUCITIZEN Information Security Think Tank. He is a recognised information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books, numerous popular blogs and online magazines. pdp’s current endeavour is an ambitious project called Websecurify – a unique web application security testing toolkit designed with simplicity in mind. In his own words: "Websecurify is revolutionising the way we use web application security testing tools, opening a whole new world of possibilities".

	• Marco Morana
Marco Morana serves the OWASP organization as a project lead and member of the Global Industry Commitee. In his current professional role, Marco is a SVP at large Financial Institution in London, U.K. where he is responsible for managing information security governance, risk and compliance of architecturally significant programs globally. Marco's contributions to OWASP include the application threat modelling methodology of the OWASP secure coding guide, and the introduction to the security testing methodology and value the real risk section of the OWASP security testing guide. As project reviewer, Marco has contributed to reviewing the OWASP Source Code Review Project and the OWASP Security Analysis of Core J2EE Design Patterns Project. Marco has presented on the topic of software and application security at several local chapter meetings and OWASP organized conferences in the USA and Italy, as well as at the CSI and Blackhat security conferences. Marco's work on application and software security has been published in In-secure magazine, Secure Enterprise, ISSA Journal and the C/C++ Users journal as well as in DHS Software Security Assurance and is currently co-authoring a book on Application Threat Modelling and the Application Security Guide for CISOs.

As always, the details and schedule for the night will be available on the chapter page (https://www.owasp.org/index.php/London).

See you there!

Justin Clarke

More information about the Owasp-royalholloway mailing list