Past Events

2023-06 Introduction to OWASP ModSecurity CRS (Meetup #21)

Location: Hays Recruitment Bournemouth

Time: 18:30 - 20:00

— OWASP Dorset are proud to bring our latest in-person event, hosted with Hays Recruitment Bournemouth.

Andrew Howe

— Andrew Howe is a locally based technical author, architect and Linux load balancer engineer. He is an advocate of open source software and a fellow member of OWASP. Andrew is a developer for the OWASP ModSecurity Core Rule Set (CRS) project.

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Local File Inclusion, etc.(PDF)

James Walsh

— James Walsh of Hays Recruitment will be recaping their Global Cyber Security Report for 2023. A look at trends and changes across the industry.

2023-03 Social Engineering & Physical Penetration Testing (Meetup #20)

Location: Bournemouth Gateway Building

Time: 18:30 - 20:00

— Two seasoned Penetration Testers will walk us through some real life physical penetration test case studies; discussing the vulnerabilities, exploits and possible mitigations and resolutions.

2022-12 OWASP Dorset CTF walkthrough (Meetup #19)

Location: Online

Time: 19:00 - 20:00

— OWASP Dorset will be hosting an Online Capture the Flag Walkthrough. This will be a run through of the box which the players of the CTF tournament tackled demonstrating both attack and defense.

2022-12 OWASP Dorset CTF (Meetup #18)

Location: Online

Time: 19:00 - 20:30

— OWASP Dorset will be hosting an Online Capture the Flag event. This will be a King of the Hill tournament with both attacking and defending requred. Attendees are limited due to available resources.

2022-10 Deepfakes: A Growing Cybersecurity Concern (Meetup #17)

Location: Online

Time: 18:30 - 19:30

— Join us for a look at Deepfakes with Mike Warner (one of our OWASP Dorset Chapter Leads)

Mike Warner

Deepfakes; an emergent type of threat falling under the greater and more pervasive umbrella of synthetic media, utilise a form of Artificial Intelligence/Machine Learning (AI/ML) to create believable, realistic videos, pictures, audio, and text of events which never happened.

Criminals are already starting to utilise deepfake technology to impersonate executives’ voices on phone calls and even their likenesses over video to add an air of legitimacy to their attacks. As deepfakes become more lifelike, phone calls, video chats and other forms of communication will be more vulnerable to abuse.

This talk with look at the origins of Deepfake technology, how they work, the threats and ethical quandaries they pose, and potential mitigations, with a handful of demos.(PDF)(VIDEO)

2022-03 OWASP Dorset Secure Coding (Meetup #16)

Location: Online

Time: 18:15 - 19:45

— OWASP Dorset will be hosting an Secure Coding Tournament with Secure Code Warriror. In partnership with OWASP Bristol and OWASP Suffolk

2021-11 OWASP Dorset CTF (Meetup #15)

Location: Online

Time: 18:00 - 22:00

— OWASP Dorset will be hosting an Online Capture the Flag event with Security Innovation. In collaboration with OWASP Diversity and Inclusion Committee and many OWASP UK Chapters (including: Bristol, Cambridge, London, Newcastle and Reading)

2021-09 Respect in Security (Meetup #14)

Location: Online

Time: 18:00 - 19:00

— Joint event with OWASP Bristol and OWASP Reading

Varun Kulkarni

— Replacing JavaScript with Python in an interactive server-side UI framework that builds upon an MVC framework. The framework allows all the user data and code to be stored on the server while transmitting the information between the client and the server over a secure WebSocket (VIDEO)

Nikki Webb

— Respect In Security, three very simple yet important words, it may sound like a fairly obvious statement but sadly it is not, according to our research, more than a third of Infosec professionals have experienced harassment or abuse from their peers. The other founders of Respect in Security and I, have taken a stand to help encourage more positive and inclusive behaviour and to help support those victims of harassment. I will be telling you all a little more about how we are planning on doing just that. (VIDEO)
If you have been a victim of online harassment you can contact The Cyber Helpline for immediate advice. If you are a victim of cyber crime you are advised to report the crime immediately to Action Fraud or in Scotland to Police Scotland

2021-06 Enforcing Code & Security Standards with Semgrep (Meetup #13)

Location: Online

Time: 18:00 - 20:00

— Joint event lead by OWASP Bristol, with OWASP Suffolk, and OWASP Reading

Clint Gibler

— In this talk, we’ll present Semgrep, an open source, lightweight static analysis tool. It’s like a code-aware grep, enabling you to easily search for complicated code patterns without writing painful abstract syntax tree (AST) visitors or using heavyweight, expensive, proprietary traditional SAST tools. (VIDEO)

2021-04 Defensive Programming (Meetup #12)

Location: Online

Time: 19:00 - 20:00

Nigel Kay (Full-Stack Software Developer)

— Nigel will be discussing defensive programming and how to avoid common security web vulnerabilities. Nigel will be exploiting some basic vulnerabilities live on a test application and showing how simple changes to the code can prevent them. (VIDEO)

2021-02 Cyber Security Policing (Meetup #11)

Location: Online

Time: 19:00 - 20:00

Mantas Sasnauskas (Senior Information Security Researcher @ CyberNews)

— Mantas will be explaining how a recent Facebook phishing campaign was uncovered. (PDF)(VIDEO)

Chris Conroy (Cyber Protect Officer @ Dorset Police)

— Chris will be talking us through Cyber Pursue, Protect and Prevent (investigative, safeguarding and intervention strategies) as well as the type, scale and cost of crimes reported locally (Dorset) and nationally. (PDF)(VIDEO)

2020-11 OWASP Dorset CTF (Meetup #10)

Location: Online

Time: 18:00 - 21:00

— OWASP Dorset will be hosting an Online Capture the Flag event with Security Innovation.

2020-10 SemGrep (Meetup #9)

Location: Online Only

Time: 18:30 - 20:00

Talks

Bence Nagy (Software Engineer)

— Detect complex code patterns using semantic grep (PDF) (VIDEO)

2020-07 Security of Containers (Meetup #8)

Location: Online Only

Time: 18:30 - 20:00

Talks

Shruti Kulkarni (Enterprise Security Architect)

— Security of Containers (PDF) (VIDEO)

2020-04 Open Source Intelligence (Meetup #7)

Location: Online Only

Time: 18:30 - 20:00

Talks

Mark Davison (OWASP Dorset Chapter Leader) (VIDEO)

— Larabee the Reveal: Mark will reveal how to pop Larabee the only box which wasn’t beaten at the CTF

Miltiadis Kandias (Red Team Analyst)

— Red Teaming - OSINT - Phishing (PDF)

2020-01 Meetup Collider (Meetup #6)

Location: 1 Chaseside, Bournemouth BH7 7DA

Time: 18:00 - 21:00

Talks

Daniel Warden (OWASP Dorset Chapter Leader)

— Will walk us through OWASP Zed Attack Proxy (ZAP) (PDF)

Mike Warner (Software Engineer @ JPMC)

— Wireless De-auth attacks and handshake captures (PDF)

Anthony Grimes (Software Engineer @ JPMC)

— WebAuthn: A new standard in securing ourselves online (PDF)

Sophia McCall (Cyber Hunter)

— Hunted? Hunter! (An insight into my time on Hunted (Channel 4) as a cyber hunter, detailing the techniques we used to find the fugitives on the show)

2019-10 OWASP Dorset CTF (Meetup #5)

Location: 1 Chaseside, Bournemouth BH7 7DA

Time: 18:00 - 21:00

OWASP Dorset will be hosting a Capture the Flag event. It is scenario based and we would like to see people pairing up to tackle the challenges and share knowledge, we welcome all skill levels and have experienced volunteers on hand to provide advice guidance and clues! The event will open with a crash course on CTF strategy. We are very fortunate to be granted access to Bournemouth University’s cyber lab and equipment so all tools will be provided. Hope to see you there!

2019-09 Meetup Collider (Meetup #4)

TALKS:

Daniel Warden (OWASP Dorset Chapter Leader)

— An Introduction to OWASP - An introduction to OWASP what it does and how to make use of some of it’s resources from Daniel Warden & Mark Davison

Mark Davison (OWASP Dorset Chapter Leader)

— Making use of OWASP resources: Cheat sheets

James Riley (Specialist Penetration Tester Recruiter for ARM)

— Routes to becoming a Penetration Tester - A talk about the ways people come to penetration testing and how what you expect may not always be true. (PDF)

Mike Warner (Software Engineer @ JPMC) AppSec 101

–– A break down of the theory behind web application vulnerabilities and provides a handful of payload examples to exploit the most common weaknesses: SQL Injection, Cross site scripting (XSS), Path Traversal, and Command “OS” injection from Mike Warner

2019-06 Try Harder (Meetup #3)

Location: Barclays Eagle Lab - County Gates House, 300 Poole Road, Bournemouth, BH12 1AZ

Time: 1830-2100

TALKS:

Mark Davison (OSCP Certified Cyber Security Consultant @ Ronin IT Consulting Ltd)

— A whistle stop guide to preparing yourself for the OSCP (Offensive Security Certified Professional) certification from a recent graduate. (PDF)

Mantas Sasnauskas (Research Assistant and Student @ Bournemouth University)

— Mining data dumps and leaks for treasure - passwords, complexity and statistical data gathered from research conducted at Bournemouth University.

FEEDBACK

— A session to discuss what you would like OWASP Dorset to be doing, the type of content and style of events. Led by the OWASP Dorset Chapter Leads, we are keen to hear your thoughts.

2019-04 Cyber Kill Chains (Meetup #2)

Location: Executive Business Centre, Bournemouth University, 89 Holdenhurst Road, Bournemouth, BH8 8EB

Time: Doors Open at 6:30pm for registration, pizza, drinks and networking. The talks start at 7:15pm (we start on time), close meeting by 9.00pm

TALKS:

David P (Cyber Threat Intelligence Analyst Trained in the Royal Corps of Signals, David went onto Microsoft and then ICL (Fujitsu) as a network administrator, he later moved into Threat Intelligence.)

— Cyber Kill Chains: Understanding how intelligence works can give you the edge when your website, data or email service is being hacked. With a real life case study, we’ll be exploring three analysis tools - Cyber Kill Chains, Diamond Models and the Intelligence cycle. David will show how you can use these tools to understand what your adversary is actually doing, how close to ‘the Crown Jewels’ they’ve got, how to find their identity, their attributes and most importantly of all, what you can do to stop them. (PDF)

2019-01 Hello World (Meetup #1)

Location: 3 Sided Cube, Telephone House, 18 Christchurch Road, Bournemouth, Dorset, England, BH1 3NE

Time: Doors Open at 6:30pm for registration, pizza, drinks and networking. The talks start at 7:00pm (we start on time), close meeting by 9.00pm

TALKS:

Daniel Warden (OWASP Dorset Chapter Leader)

— OWASP Dorset Introduction, Welcome and News — OWASP Projects - Open Source Security at its finest(PDF) Overview of OWASP Projects Top 3 Flagship, Lab and Incubator | Focusing on how to fire up your stance on security with minimal investment.

Dr. Alexios Mylonas (Program Leader for the BSc (Hons) Forensic Computing and Security @ Bournemouth University. Lecturer in Computing.)

— I Know What You Did Last Summer: New persistent tracking mechanisms used in the wild Web Storage, Indexed Database API and Web SQL Database allow web browsers to store information in the client in a much more advanced way compared to other techniques, such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. The presentation will be divided into two parts. First, it will quantify the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The second part reviews the effectiveness of the removal of client-side storage data in modern browsers.(PDF])

Presenter Resources

OWASP Presenter Agreement

All presenters should review and agree to the OWASP Speaker Agreement

OWASP Powerpoint Templates

• Google Slides and Microsoft PowerPoint are available on the OWASP Branding Guideline page

Old Versions

• owasp_ppt_2013_1
• owasp_ppt_2013_2
• owasp_ppt_2013_3
• owasp_ppt_2015_1
• owasp_ppt_2015_2
• owasp_ppt_2015_3

Your support helps OWASP Dorset to put on events and atract speakers from around the world as well as helping us to engage the community and improve everyone’s Cyber Security Awareness.

Individuals

Becoming a supporter of OWASP Dorset is a great way to meet people, discover careers and support your community.

You can support OWASP Dorset in a variety of ways:

Attend our meetups and other events - the more people who attend our chapter events the more sponsorship we can atract and the better funded our chapter will be to keep bringing you great events.

Become a speaker - giving a talk at our meetups is a great way to get involved and share your knowledge, everyone has something new to teach us and we love to have a diversity of content. We also offer support and guidance on giving a talk if you fancy taking the plunge for the first time and aren’t sure what you’d like to talk about. We know you are working on some incredible things, we’d love to be able to share your knowledge and build a stronger, safer community.

Donate membership- You can support OWASP Dorset to put on events by becoming an OWASP member and donating your membership fee to us (we will receive up to 90%).

Donate - You can also donate directly to the Chapter

Businesses

Becoming a supporter of OWASP Dorset is a great way to gain brand recognition, demonstrate to customers and staff that you are serious about security, attract talent and boost your local community.

There are many ways you can help:

Donate space - Donate some of your work space, breakout areas or other space to an OWASP Dorset event. We will add your logo to the Event Sponsor section of our main webpage and thank you at the event, you are also welcome to operate a small booth at the event (subject to conditions)

Event Sponsor - Our event sponsors provide a specific one off donation for an individual event which will be used to supply that event with refreshments with any remaining funds going towards covering travel costs of speakers where appropriate and similar expenses. We will add your logo to the Event Sponsor section of our main webpage (for at least 1 year) and thank you at the event, you are also welcome to operate a small booth at the event (subject to conditions)

Chapter Sponsorship - You can sponsor the Dorset Chapter and it’s activities in general by becoming a Chapter Sponsor either with a one off donation or regularly for a year or more. Your donation will help us to fund events, specifically; “Event Services, Catering, and Space for Chapter Meetings”. And in exceptional, Guest Speaker, cases travel expenses dependent on approval from the OWASP Executive Director. As a chapter sponsor we will place your logo on our main chapter page under the Chapter Sponsor heading (for the duration of your sponsorship) and thank your company at our events. You will also be able to send representatives to attend the events and operate a booth at events (subject to conditions).

Speaker – Encourage your staff to give a talk at one of our meetups, it’s amazing what businesses in Dorset are doing and how they are helping to protect against cyber threats, there is a huge amount of work being done in Dorset and sharing your knowledge helps to make us all more secure.

*Please be assured that the leaders of OWASP Dorset are volunteers who are not paid for their time or personal expenses. Speakers are also volunteers who are only reimbursed for expenses directly related to the event they are participating in, should they request it, but in most cases our speakers generously cover their own costs. You can read OWASP’s expense policy here and review OWASP’s finances here. As a chapter we can receive up to 90% of your donation with 10% going directly to OWASP Global.