[Owasp-royalholloway] Reminder: Next OWASP London Event - January Chapter Meeting - Thursday, 16th January 2014, 6:30pm-8:30pm
justin.clarke at owasp.org
Fri Jan 10 15:06:59 UTC 2014
Back into 2014 with a bash - and with a meeting in January at our new venue sponsor for the year, Skype, at their offices at 2 Waterhouse Square, 140 Holborn, London, EC1N 2ST. Note - the 16th is Thursday next week!
Talks are both confirmed, and both are ones that were a couple of my favourites from AppSecUSA late last year:
• Pushing CSP to Prod: Case Study of a Real-World Content-Security Policy Implementation - Justin Clarke
• 2013 AppSec Guide and CISO Survey: Making OWASP Visible to CISOs - Marco Morana and Tobias Gondrom
Recognising the important role that the CISO has in managing application security processes within the organisations, OWASP sponsored a project in 2012 to develop guidance specifically for CISOs. The aim of the OWASP guide is to provide useful guidance to CISOs for effectively managing the risks of insecure web applications and software by planning the application security activities, investing in countermeasures to mitigate threats and considering the costs and the benefits for the organisation. Recognising that a CISO guide has first and for most capture the needs of CISO in managing application security from information security governance, risk and compliance perspectives a survey was developed in parallel with the draft of the CISO Guide. As the results of the 2013 CISO survey have become available, they have been used to tailor the guide to the specific CISOs needs. One of the most important aspects covered in the CISO guide are to making the business case for application security investments by helping CISOs in translating technical risks such as the OWASP top ten into business impacts, compliance with standards and regulations and risk management. Specifically the version of the guide that is presented at OWASP AppSec USA will be the first version that highlights the results of the CISO survey and seek to introduce CISOs to projects/resources that can help them in rolling out an application security program whose main goal is managing web application security risks.
• Justin Clarke
Justin Clarke is a co-founder and Director at Gotham Digital Science, based in the United Kingdom. He has many years of experience in assessing the security of networks, web applications, and wireless networks for large financial, retail, technology and government clients in the United States, the United Kingdom and New Zealand. Justin is the the technical editor and lead author of “SQL Injection Attacks and Defense” (Syngress 2009, 2012), co-author of "Network Security Tools: Writing, Hacking, and Modifying Security Tools" (O’Reilly 2005), a contributing author to "Network Security Assessment: Know Your Network, 2nd Edition" (O’Reilly 2007), as well as a speaker at a number of conferences and events on security topics, including Black Hat USA, EuSecWest, OSCON, ISACA, RSA, SANS, OWASP, and the British Computer Society. He is the author of the open source SQLBrute blind SQL injection testing tool, and is the Chapter Leader for the London chapter of OWASP.
• Marco Morana
In his current position, Marco runs the application architecture security program globally for one of the largest Financial Institutions (FI) of the world in London U.K. He is also technical advisory for security technology start up and contributor of EU projects for cyber security. During his 15+ years of distinguished career in security, he specialised in application and software security consulting services for major Fortune 500 companies and contributed to the secure design of business critical applications and security tools. Among the notable contributions in application security, include the development of first secure email with S-MIME (1996) and the first Intrusion Detection System (IDS) tool (1998). Marco current interests are in the research of cyber threat analysis and attack modelling processes and processes to better manage the risk of emerging cyber threats. Marco academic credentials include a Masters Degree in Computer Systems Engineering from Northwestern Polytechnic University and an Engineering Doctorate Degree (Dr. Ing.) in Mechanical Engineering from University of Padova, Italy. Marco is also a Certified Software Security Lifecycle Professional (CSSLP).
• Tobias Gondrom
Tobias Gondrom is a global board member of OWASP, the project lead of the OWASP CISO Survey and CEO at Thames Stanley, a boutique Global CISO and Information Security & Risk Management Advisory based in Hong Kong, Germany and United Kingdom.
I've setup the Eventbrite page to RSVP here - http://owasp-london.eventbrite.co.uk/ Please note that RSVPs close the afternoon before the event so we get names on the door!
See you all there :)
More information about the Owasp-royalholloway