[Owasp-royalholloway] Next OWASP London Event - Full Day Conference - Monday, 3rd June 9am-4:45pm
justin.clarke at owasp.org
Wed May 22 13:25:59 UTC 2013
Since the initial announcement, we've filled the schedule out with speakers and talks, and only have a last couple of speaking slots to confirm. We're also seeing some good response from you and your colleagues as we already have about 40 of you who have RSVPd. Make sure you forward this email if you think someone would be interested in attending.
To recap in case you missed the original announcement - we're kicking off again for 2013 - this time with a FREE one-day conference, as part of the OWASP 2013 EU Tour (https://www.owasp.org/index.php/EUTour2013).
Details so far are:
Date: Monday 3rd of June 2013
Venue: Lion Court Conference Centre, 25 Procter Street, Holborn, London, WC1V 6NY (nearest tube Holborn)
Cost: FREE, and open to all
We have a maximum capacity on the day of 100 people, so I've setup the Eventbrite page to RSVP here - http://owasp-london.eventbrite.co.uk/
I'll update the EUTour2013 page as we confirm speakers and topics, but this is an ideal opportunity to see the kinds of talks you can see at the OWASP global AppSec conferences, locally and for free. Schedule for the day so far:
9:00 am Registration and Tea/Coffee
9:45 am Introduction & Welcome
PCI for Developers (Fabio Cerullo, OWASP Ireland)
The PCI-DSS and PA DSS standards are well known to security professionals and auditors, but how are these interpreted by software development teams? Usually is not clear whether all requirements are necessary and most importantly, how these should be implemented. This talk aims to help developers understanding the key points of these standards in a simple and fast approach and be able to implement them during the software development cycle.
Teaching an Old Dog New Tricks: Securing Development with PMD (Justin Clarke - London OWASP Chapter Leader)
Using static analysis to identify software bugs is not a new paradigm. For years, developers have used static analysis tools to identifying code quality issues. While these tools may not be specifically designed for identifying security bugs. This presentation will discuss how custom security rules can be added to existing code quality tools to identify potential software security bugs. Writing custom software security rules for the popular Java code scanning tool PMD will be the focus of the presentation.
Your framework will fail you (Rory McCune - OWASP Scotland)
A lot of reliance for Web Application Security is put in the framework that’s used. But here’s the bad news … it will fail you. There’s no such thing as perfect code, and web application frameworks are no exception. So how do you avoid the panic upgrades when a security alert hits your e-mail Inbox? This talk aims to give you some ideas about what you can do reduce reliance on individual security mechanisms and allow you to sleep more easily at night.
2:45PM Tea/Coffee Break and Networking
OWASP Cornucopia (Colin Watson - Project Leader)
Microsoft's Elevation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for typical web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. The project is now referenced by a PCIDSS information supplement.
Secure Coding, some simple steps help (Steven van der Baan - OWASP Cambridge)
Secure coding is often perceived as difficult and complex.
While it is true that 'good security' should be embedded into the design, there are a couple of steps a developer can take which lead to a more secure application. In this presentation we will go to the basics of secure application development and demonstrate these principles which help you build security into your application.
Best regards, and see you all there
More information about the Owasp-royalholloway