[Owasp-royalholloway] Final Reminder: Next OWASP London Event - December Chapter Meeting - Next Thursday, 12th December 2013, 6:30pm-8:30pm

Justin Clarke justin.clarke at owasp.org
Tue Dec 10 14:32:58 UTC 2013


All,

In the run up to the holiday break we have one more OWASP meeting, coming up on Thursday this week at Morgan Stanley, 25 Cabot Square, Canary Wharf, London E14 4QA.

Talks are confirmed, and once again we’ve lucked out being in London with catching an international OWASP speaker in London, Ofer Maor.
	
• IAST: Runtime Code & Data Security Analysis – Beyond SAST/DAST - Ofer Maor
Until recently, SAST/DAST dominated the application security testing market, each with its own pros and cons. We present IAST, a new approach, analysing code execution, memory and data in runtime, allowing for accurate inspection of the application. The presentation will present the basic IAST technology building blocks and their benefits, followed by discussing advanced IAST data analysis capabilities, which allow for a deeper analysis of the application and its business logic. We will discusses different approaches and implementations of IAST and Runtime code analysis, discussing the benefits of each. The presentation will include practical samples (including code!) of how IAST can be used to accurately detect both simple and complicated vulnerabilities, including SQL Injection, Parameter Tampering, Persistent XSS, CSRF, and more…

• OWASP Cornucopia - Colin Watson
Microsoft's Escalation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for common web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help software architects and developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. He will also provide a brief introduction about how to contribute ideas and content to OWASP projects, and how to start a project.

Bio:
• Ofer Maor
Ofer Maor has over 18 years of experience in information and application security and penetration testing. In his current role as Founder and CTO of Quotium, Mr. Maor is leading Seeker® - the new generation of application security, allowing organisations to effectively protect their business and data from application threats. He was previously the Founder and CTO of Hacktics™, where he helped create a world-class leading professional security services group, later acquired by EY to become a global excellence centre, and has also served as the Chairman of OWASP Israel and a member of the OWASP Global Membership Committee.

• Colin Watson
Colin Watson is an application security consultant based in London. He is project leader for the OWASP Codes of Conduct and OWASP Cornucopia projects, co-leader for the OWASP AppSensor project, wrote the Application Logging Cheat sheet. He is currently writing the new AppSensor Guide which is due for publication in early 2014.

I've setup the Eventbrite page to RSVP here - http://owasp-london.eventbrite.co.uk/  Please note that RSVPs close tomorrow evening so we get names on the door!

See you all there :)

Justin


More information about the Owasp-royalholloway mailing list