[Owasp-royalholloway] Announcement: Next OWASP London Event - May Chapter Meeting - Thursday, 15th May 2014, 6:30pm-8:30pm

Justin Clarke justin.clarke at owasp.org
Mon Apr 28 21:26:54 UTC 2014


Our next meeting in May is at our new venue sponsor for the year, Skype, at their offices at 2 Waterhouse Square, 140 Holborn, London, EC1N 2ST.  

Both talks are confirmed:


• Application Security with Hardware Roots of Trust - Rick Doten

Hardware-based security is an unfortunately seldom-leveraged solution to protect our enterprises by bringing a root of trust for system, user identity, and encryption of data. By insuring that only authorised users authenticate using cryptological certificates stored in secure hardware chips of PCs, tablets, and phones, we can also provide more granular application control of data to increase privacy.

The core of trusted computing already exists in most PC systems today. Many PC’s include a dormant Trusted Platform Module (TPM) that uses a standard from the Trusted Computing Group (TCG). The TPM can be activated to encrypt hard drives on the hardware level, provide controlled network access, and deliver measurements on boot process for unauthorised changes. With an abstraction layer called the Trusted Software Stack (TSS) specification, we can leverage this strong authentication into applications. We can also use this credential for data encryption that can’t be man-in-the-middle attacked like SSL, while giving the opportunity to digitally sign data and documents. Further, we can utilize hardware measurements to provide a level of system trust, which we could use to dynamically alter application access and functionality based on that trust level.

This presentation will provide an overview of these current and future application security capabilities, and how developers will soon be able to leverage hardware roots of trust to make more secure applications.

• AppSensor 2.0 - Colin Watson

Abstract to come.


• Rick Doten

Rick Doten is CISO for Digital Management Inc (DMI). He has over 23 years of experience in the IT industry, the last 16 focused on cyber security Before DMI, Rick was a Risk Management Consultant at Gartner. He was Chief Scientist at the Lockheed Martin Center for Cyber Security Innovation (CCSI). Rick was Managing Principal for Verizon Business’s East Coast Professional Security Services practice. Earlier his career, he was an “Ethical Hacker” at Global Integrity. Rick has been quoted in dozens of security articles such as Dark Reading, SC Magazine, Infosecurity Professional magazine, and Mashable, and has appeared on CNN, TechTV, and the National Insider as a cyber security expert. Rick also holds a Patent for Wireless Intrusion Detection technology.

• Colin Watson

Bio to come.

I've setup the Eventbrite page to RSVP here - http://owasp-london.eventbrite.co.uk/  Please note that RSVPs close the evening before the event so we get names on the door!

See you all there :)


More information about the Owasp-royalholloway mailing list