OWASP Dorset
Welcome to the Dorset Chapter.
Our chapter leaders are Alexios Mylonas, Mike Warner, Nigel Kay and Oliver Ide.
We are a welcoming and inclusive chapter no matter your background, our community is made up of cyber security professionals, students, enthusiasts and newcomers, all are welcome. We aim to educate, inform and entertain with every event!
Participation
Welcome to the Dorset chapter, whether this is your first time thinking about security, or you have been involved in security for decades; everyone is welcome. All events are free to attend thanks to the generous support of our sponsors. OWASP Dorset is a volunteer led and run chapter with everyone involved donating, their time and expertise including our attendees.
OWASP Dorset is a welcoming community, to facilitate inclusion we have a code of conduct to ensure everyone feels comfortable and benefits from participation. If you face any issues at an event or with one of our participants please contact one of the chapter leaders and we will endeavour to address your issue as swiftly as possible.
Chapter Sponsor
We do not currently have any active Chapter Sponsors. If you would like to support OWASP Dorset’s activities generally, please contact one of our chapter leaders.
Event Sponsor
These organisations have generously supported one of our events
Speaking at OWASP Dorset Chapter Events
Call For Speakers is open - if you would like to present a talk on any aspect of cyber security at an OWASP Dorset Chapter event please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to the Chapter Leaders via e-mail. We also welcome people new to public speaking and can offer advice and coaching. We are a friendly and supportive community, come give your first talk with us!
Code of Conduct
We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP Dorset is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here.
Upcoming Events
Previous Leadership
Daniel Warden (Founder): 01/2019 - 07/2021
Mark Davison: 01/2019 - 06/2023
Past Events
2023-06 Introduction to OWASP ModSecurity CRS (Meetup #21)
Location: Hays Recruitment Bournemouth
Time: 18:30 - 20:00
— OWASP Dorset are proud to bring our latest in-person event, hosted with Hays Recruitment Bournemouth.
Andrew Howe
— Andrew Howe is a locally based technical author, architect and Linux load balancer engineer. He is an advocate of open source software and a fellow member of OWASP. Andrew is a developer for the OWASP ModSecurity Core Rule Set (CRS) project.
The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Local File Inclusion, etc.(PDF)
James Walsh
— James Walsh of Hays Recruitment will be recaping their Global Cyber Security Report for 2023. A look at trends and changes across the industry.
2023-03 Social Engineering & Physical Penetration Testing (Meetup #20)
Location: Bournemouth Gateway Building
Time: 18:30 - 20:00
— Two seasoned Penetration Testers will walk us through some real life physical penetration test case studies; discussing the vulnerabilities, exploits and possible mitigations and resolutions.
2022-12 OWASP Dorset CTF walkthrough (Meetup #19)
Location: Online
Time: 19:00 - 20:00
— OWASP Dorset will be hosting an Online Capture the Flag Walkthrough. This will be a run through of the box which the players of the CTF tournament tackled demonstrating both attack and defense.
2022-12 OWASP Dorset CTF (Meetup #18)
Location: Online
Time: 19:00 - 20:30
— OWASP Dorset will be hosting an Online Capture the Flag event. This will be a King of the Hill tournament with both attacking and defending requred. Attendees are limited due to available resources.
2022-10 Deepfakes: A Growing Cybersecurity Concern (Meetup #17)
Location: Online
Time: 18:30 - 19:30
— Join us for a look at Deepfakes with Mike Warner (one of our OWASP Dorset Chapter Leads)
Mike Warner
Deepfakes; an emergent type of threat falling under the greater and more pervasive umbrella of synthetic media, utilise a form of Artificial Intelligence/Machine Learning (AI/ML) to create believable, realistic videos, pictures, audio, and text of events which never happened.
Criminals are already starting to utilise deepfake technology to impersonate executives’ voices on phone calls and even their likenesses over video to add an air of legitimacy to their attacks. As deepfakes become more lifelike, phone calls, video chats and other forms of communication will be more vulnerable to abuse.
This talk with look at the origins of Deepfake technology, how they work, the threats and ethical quandaries they pose, and potential mitigations, with a handful of demos.(PDF)(VIDEO)
2022-03 OWASP Dorset Secure Coding (Meetup #16)
Location: Online
Time: 18:15 - 19:45
— OWASP Dorset will be hosting an Secure Coding Tournament with Secure Code Warriror. In partnership with OWASP Bristol and OWASP Suffolk
2021-11 OWASP Dorset CTF (Meetup #15)
Location: Online
Time: 18:00 - 22:00
— OWASP Dorset will be hosting an Online Capture the Flag event with Security Innovation. In collaboration with OWASP Diversity and Inclusion Committee and many OWASP UK Chapters (including: Bristol, Cambridge, London, Newcastle and Reading)
2021-09 Respect in Security (Meetup #14)
Location: Online
Time: 18:00 - 19:00
— Joint event with OWASP Bristol and OWASP Reading
Varun Kulkarni
— Replacing JavaScript with Python in an interactive server-side UI framework that builds upon an MVC framework. The framework allows all the user data and code to be stored on the server while transmitting the information between the client and the server over a secure WebSocket (VIDEO)
Nikki Webb
— Respect In Security, three very simple yet important words, it may sound like a fairly obvious statement but sadly it is not, according to our research, more than a third of Infosec professionals have experienced harassment or abuse from their peers. The other founders of Respect in Security and I, have taken a stand to help encourage more positive and inclusive behaviour and to help support those victims of harassment. I will be telling you all a little more about how we are planning on doing just that. (VIDEO)
If you have been a victim of online harassment you can contact The Cyber Helpline for immediate advice. If you are a victim of cyber crime you are advised to report the crime immediately to Action Fraud or in Scotland to Police Scotland
2021-06 Enforcing Code & Security Standards with Semgrep (Meetup #13)
Location: Online
Time: 18:00 - 20:00
— Joint event lead by OWASP Bristol, with OWASP Suffolk, and OWASP Reading
Clint Gibler
— In this talk, we’ll present Semgrep, an open source, lightweight static analysis tool. It’s like a code-aware grep, enabling you to easily search for complicated code patterns without writing painful abstract syntax tree (AST) visitors or using heavyweight, expensive, proprietary traditional SAST tools. (VIDEO)
2021-04 Defensive Programming (Meetup #12)
Location: Online
Time: 19:00 - 20:00
Nigel Kay (Full-Stack Software Developer)
— Nigel will be discussing defensive programming and how to avoid common security web vulnerabilities. Nigel will be exploiting some basic vulnerabilities live on a test application and showing how simple changes to the code can prevent them. (VIDEO)
2021-02 Cyber Security Policing (Meetup #11)
Location: Online
Time: 19:00 - 20:00
Mantas Sasnauskas (Senior Information Security Researcher @ CyberNews)
— Mantas will be explaining how a recent Facebook phishing campaign was uncovered. (PDF)(VIDEO)
Chris Conroy (Cyber Protect Officer @ Dorset Police)
— Chris will be talking us through Cyber Pursue, Protect and Prevent (investigative, safeguarding and intervention strategies) as well as the type, scale and cost of crimes reported locally (Dorset) and nationally. (PDF)(VIDEO)
2020-11 OWASP Dorset CTF (Meetup #10)
Location: Online
Time: 18:00 - 21:00
— OWASP Dorset will be hosting an Online Capture the Flag event with Security Innovation.
2020-10 SemGrep (Meetup #9)
Location: Online Only
Time: 18:30 - 20:00
Talks
Bence Nagy (Software Engineer)
— Detect complex code patterns using semantic grep (PDF) (VIDEO)
2020-07 Security of Containers (Meetup #8)
Location: Online Only
Time: 18:30 - 20:00
Talks
Shruti Kulkarni (Enterprise Security Architect)
— Security of Containers (PDF) (VIDEO)
2020-04 Open Source Intelligence (Meetup #7)
Location: Online Only
Time: 18:30 - 20:00
Talks
Mark Davison (OWASP Dorset Chapter Leader) (VIDEO)
— Larabee the Reveal: Mark will reveal how to pop Larabee the only box which wasn’t beaten at the CTF
Miltiadis Kandias (Red Team Analyst)
— Red Teaming - OSINT - Phishing (PDF)
2020-01 Meetup Collider (Meetup #6)
Location: 1 Chaseside, Bournemouth BH7 7DA
Time: 18:00 - 21:00
Talks
Daniel Warden (OWASP Dorset Chapter Leader)
— Will walk us through OWASP Zed Attack Proxy (ZAP) (PDF)
Mike Warner (Software Engineer @ JPMC)
— Wireless De-auth attacks and handshake captures (PDF)
Anthony Grimes (Software Engineer @ JPMC)
— WebAuthn: A new standard in securing ourselves online (PDF)
Sophia McCall (Cyber Hunter)
— Hunted? Hunter! (An insight into my time on Hunted (Channel 4) as a cyber hunter, detailing the techniques we used to find the fugitives on the show)
2019-10 OWASP Dorset CTF (Meetup #5)
Location: 1 Chaseside, Bournemouth BH7 7DA
Time: 18:00 - 21:00
OWASP Dorset will be hosting a Capture the Flag event. It is scenario based and we would like to see people pairing up to tackle the challenges and share knowledge, we welcome all skill levels and have experienced volunteers on hand to provide advice guidance and clues! The event will open with a crash course on CTF strategy. We are very fortunate to be granted access to Bournemouth University’s cyber lab and equipment so all tools will be provided. Hope to see you there!
2019-09 Meetup Collider (Meetup #4)
TALKS:
Daniel Warden (OWASP Dorset Chapter Leader)
— An Introduction to OWASP - An introduction to OWASP what it does and how to make use of some of it’s resources from Daniel Warden & Mark Davison
Mark Davison (OWASP Dorset Chapter Leader)
— Making use of OWASP resources: Cheat sheets
James Riley (Specialist Penetration Tester Recruiter for ARM)
— Routes to becoming a Penetration Tester - A talk about the ways people come to penetration testing and how what you expect may not always be true. (PDF)
Mike Warner (Software Engineer @ JPMC) AppSec 101
–– A break down of the theory behind web application vulnerabilities and provides a handful of payload examples to exploit the most common weaknesses: SQL Injection, Cross site scripting (XSS), Path Traversal, and Command “OS” injection from Mike Warner
2019-06 Try Harder (Meetup #3)
Location: Barclays Eagle Lab - County Gates House, 300 Poole Road, Bournemouth, BH12 1AZ
Time: 1830-2100
TALKS:
Mark Davison (OSCP Certified Cyber Security Consultant @ Ronin IT Consulting Ltd)
— A whistle stop guide to preparing yourself for the OSCP (Offensive Security Certified Professional) certification from a recent graduate. (PDF)
Mantas Sasnauskas (Research Assistant and Student @ Bournemouth University)
— Mining data dumps and leaks for treasure - passwords, complexity and statistical data gathered from research conducted at Bournemouth University.
FEEDBACK
— A session to discuss what you would like OWASP Dorset to be doing, the type of content and style of events. Led by the OWASP Dorset Chapter Leads, we are keen to hear your thoughts.
2019-04 Cyber Kill Chains (Meetup #2)
Location: Executive Business Centre, Bournemouth University, 89 Holdenhurst Road, Bournemouth, BH8 8EB
Time: Doors Open at 6:30pm for registration, pizza, drinks and networking. The talks start at 7:15pm (we start on time), close meeting by 9.00pm
TALKS:
David P (Cyber Threat Intelligence Analyst Trained in the Royal Corps of Signals, David went onto Microsoft and then ICL (Fujitsu) as a network administrator, he later moved into Threat Intelligence.)
— Cyber Kill Chains: Understanding how intelligence works can give you the edge when your website, data or email service is being hacked. With a real life case study, we’ll be exploring three analysis tools - Cyber Kill Chains, Diamond Models and the Intelligence cycle. David will show how you can use these tools to understand what your adversary is actually doing, how close to ‘the Crown Jewels’ they’ve got, how to find their identity, their attributes and most importantly of all, what you can do to stop them. (PDF)
2019-01 Hello World (Meetup #1)
Location: 3 Sided Cube, Telephone House, 18 Christchurch Road, Bournemouth, Dorset, England, BH1 3NE
Time: Doors Open at 6:30pm for registration, pizza, drinks and networking. The talks start at 7:00pm (we start on time), close meeting by 9.00pm
TALKS:
Daniel Warden (OWASP Dorset Chapter Leader)
— OWASP Dorset Introduction, Welcome and News — OWASP Projects - Open Source Security at its finest(PDF) Overview of OWASP Projects Top 3 Flagship, Lab and Incubator | Focusing on how to fire up your stance on security with minimal investment.
Dr. Alexios Mylonas (Program Leader for the BSc (Hons) Forensic Computing and Security @ Bournemouth University. Lecturer in Computing.)
— I Know What You Did Last Summer: New persistent tracking mechanisms used in the wild Web Storage, Indexed Database API and Web SQL Database allow web browsers to store information in the client in a much more advanced way compared to other techniques, such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. The presentation will be divided into two parts. First, it will quantify the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The second part reviews the effectiveness of the removal of client-side storage data in modern browsers.(PDF])
Presenter Resources
OWASP Presenter Agreement
All presenters should review and agree to the OWASP Speaker Agreement
OWASP Powerpoint Templates
- Google Slides and Microsoft PowerPoint are available on the OWASP Branding Guideline page
Old Versions
Your support helps OWASP Dorset to put on events and atract speakers from around the world as well as helping us to engage the community and improve everyone’s Cyber Security Awareness.
Individuals
Becoming a supporter of OWASP Dorset is a great way to meet people, discover careers and support your community.
You can support OWASP Dorset in a variety of ways:
Attend our meetups and other events - the more people who attend our chapter events the more sponsorship we can atract and the better funded our chapter will be to keep bringing you great events.
Become a speaker - giving a talk at our meetups is a great way to get involved and share your knowledge, everyone has something new to teach us and we love to have a diversity of content. We also offer support and guidance on giving a talk if you fancy taking the plunge for the first time and aren’t sure what you’d like to talk about. We know you are working on some incredible things, we’d love to be able to share your knowledge and build a stronger, safer community.
Donate membership- You can support OWASP Dorset to put on events by becoming an OWASP member and donating your membership fee to us (we will receive up to 90%).
Donate - You can also donate directly to the Chapter
Businesses
Becoming a supporter of OWASP Dorset is a great way to gain brand recognition, demonstrate to customers and staff that you are serious about security, attract talent and boost your local community.
There are many ways you can help:
Donate space - Donate some of your work space, breakout areas or other space to an OWASP Dorset event. We will add your logo to the Event Sponsor section of our main webpage and thank you at the event, you are also welcome to operate a small booth at the event (subject to conditions)
Event Sponsor - Our event sponsors provide a specific one off donation for an individual event which will be used to supply that event with refreshments with any remaining funds going towards covering travel costs of speakers where appropriate and similar expenses. We will add your logo to the Event Sponsor section of our main webpage (for at least 1 year) and thank you at the event, you are also welcome to operate a small booth at the event (subject to conditions)
Chapter Sponsorship - You can sponsor the Dorset Chapter and it’s activities in general by becoming a Chapter Sponsor either with a one off donation or regularly for a year or more. Your donation will help us to fund events, specifically; “Event Services, Catering, and Space for Chapter Meetings”. And in exceptional, Guest Speaker, cases travel expenses dependent on approval from the OWASP Executive Director. As a chapter sponsor we will place your logo on our main chapter page under the Chapter Sponsor heading (for the duration of your sponsorship) and thank your company at our events. You will also be able to send representatives to attend the events and operate a booth at events (subject to conditions).
Speaker – Encourage your staff to give a talk at one of our meetups, it’s amazing what businesses in Dorset are doing and how they are helping to protect against cyber threats, there is a huge amount of work being done in Dorset and sharing your knowledge helps to make us all more secure.
*Please be assured that the leaders of OWASP Dorset are volunteers who are not paid for their time or personal expenses. Speakers are also volunteers who are only reimbursed for expenses directly related to the event they are participating in, should they request it, but in most cases our speakers generously cover their own costs. You can read OWASP’s expense policy here and review OWASP’s finances here. As a chapter we can receive up to 90% of your donation with 10% going directly to OWASP Global.