[Owasp-scotland] Fwd: OWASP Scotland November Chapter Meeting

Rob Jansson rob.jansson at owasp.org
Tue Oct 30 12:45:23 UTC 2018


November chapter meeting invite updated with speaker details below.

We are in for a treat in the final OWASP Scotland chapter meeting for 2018
with presenters from the USA and Spain. We have Matt Nelson, Lee
Christensen and Brian Reitz from SpecterOps as well as Simon Goldsmith from
EY’s Cyber Security Hub presenting.

*Cyber Infusion: Security in Innovation for Financial Services*
Speaker: Simon Goldsmith, EY

It's almost become a cliché to say that "digital transformation (DX) is
changing the way we do things". Technology enabled transformation is
changing the way we interact, how we do business and the speed at which we
innovate. It´s also changing the way we need to look at security.

Cyber Infusion is about ensuring security is embedded into how we innovate,
rather than the more costly and practically ineffective approach of
“bolting it on”. It means security has to operate less as the external
“policeman” and more as a “guide” within the team to help chart a course.
While there are business imperatives, digital and Open Banking inherently
brings cyber risks: with greater connectivity, more data, more parties and
more identities to manage, there is greater opportunity for increasingly
industrialised and innovative threats to compromise systems, as well as
greater regulatory attention and the potential for vulnerabilities to exist.

In this discussion, we will outline the nature and issues around Cyber
Infusion in financial services innovation and a case study from an Open
Banking programme showing where good practice can not only ensure a
compliant and secure capability, but also add value through differentiation.

Bio: Simon leads the Innovation and Infusion team in EY’s EMEIA Financial
Services Cyber Centre of Excellence. His team’s role is to develop new
security approaches for EY’s financial services clients and integrate with
EY´s digital transformation and financial crime capabilities to help other
teams secure their innovation.

*Outlander: Traveling Back in Time for Windows Attack Paths*
Speaker: Matt Nelson (@enigma0x3), Lee Christensen (@tifkin_) and Brian
Reitz (@brian_psu), SpecterOps

Microsoft Windows is built on a number of technologies that seemed like
good ideas at the time.
In practice these were often poorly implemented, overly ambitious,
difficult to understand, and insecure by default: a great combination for
We'll examine two technologies in the Windows graveyard, COM and RPC, that
are still in modern versions of Windows and provide multiple attack paths
for pentesters.
We'll go over our methodology for enumerating and discovering the
lesser-known features of these technologies, and how the attack surface
still remains largely untested in 2018.

When: Thursday 15th November
Time: 18:00 – 20:00
Location: Ernst & Young, 144 Morrison St, Edinburgh EH3 8EX

Tickets available here: https://owasp-scotland-november.eventbrite.co.uk

Many thanks to EY for hosting this event.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-scotland/attachments/20181030/537db966/attachment.html>

More information about the Owasp-scotland mailing list