OWASP Suffolk

Welcome

Welcome to the Suffolk chapter homepage. The chapter leaders are Wojciech T Cichon and Abhinav Sejpal.

Please follow as on Twitter and please subscribe to our Youtube channel.

Meeting Sponsors

The following is the list of organisations who supported OWASP Suffolk chapter by providing funds or venue.

IWIC OCCAMSEC

Call For Speakers

If you would like to present a talk on Application Security at future OWASP Suffolk Chapter events - please email the proposed talk title, abstract and speaker bio to one of the Chapter Leader

Next Meeting/Event(s)

OWASP Suffolk Chapter - March Meetup

TBA

Location: virtual

Agenda:

  • This could be your slot

    If you want to be our next speaker, please drop email to our chapter leader


Code of Conduct:

We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: https://www.owasp.org/index.php/Governance/Conference_Policies


Past Meeting/Event(s)

Friday, May 15, 2020 (Virtual event)

Location: virtual

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Detecting secrets in code committed to Gitlab (in real time) - Chandrapal Badshah [ Video ]

    There are so many open source tools that can detect sensitive API keys (secrets) in git repos. But theres no single tool that can be integrated to help you achieve real time secrets detection. This talk is about the experiment on how we implemented a real time git secrets monitoring solution.

    This talk will cover the following:
     * Problem we had
     * Techniques to solve that
     * Existing tools that can help us
     * Comparison of tools
     * Final architecture and product
     * What we learnt from the experiment
     * Future enhancements
    

#### Speakers

Chandrapal Badshah is a Security Engineer by day who manages security of a rapidly scaling company. He manages “Hack with GitHub” – an initiative to showcase open source security tools on GitHub. He has given multiple talks including those at null community monthly meets. Even during his busy days, he spends some time reading books not limited to philosophy and exploring nature.

Friday, April 24, 2020 (Virtual event)

Location: virtual

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Living In A World of Zero Trust - Vandana Verma [ Video ]

    As now everything is moving to cloud, all the applications are accessible from anywhere and everywhere. However, No one wants their private information to be compromised and openly available for the world. We have been taking so many precautions, however breaches continue to happen. How should we fix this?

    Organisations have been talking about Zero Trust lately and this has become a buzzword. The talk will explore Zero Trust beyond the buzzword and describe what exactly is Zero Trust and why it is so important to keep organisations safe. How can we implement or deploy Zero Trust in an organisation while keeping the current and future state of an organization in mind. What should be the business model to move any organisation towards Zero Trust Architecture and what all policies need to be implemented to achieve the same. #### Speakers

Vandana has over 14 years of experience and comes from strong application security background and has been working on Cloud Security, Application security, Vulnerability assessment, secure code review, threat profiling and remediation support for web/client server applications on different technologies based on Secure Design/Development guidelines and OWASP standards/guidelines.

Vandana has been a speaker and trainer at security events including Blackhat USA 2019, BSides LV 2019, Diana Initiative, Defcon (AppSec Village), AppSec California 2019, Global Appsec EU 2018, Global Appsec USA 2018, Global AppSec Tel Aviv, BSides Delhi 2018, c0c0n 2017 and Nullcon etc. She has trained over 3000+ Women in cybersecurity.

Friday, April 3, 2020 (Virtual event)

Location: virtual

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Security Testing for all - David Flint

    Security testing isn’t just for the professional penetration tester hired to check the software before go-live. Everyone in the SDLC can take part in security. In this talk David Flint discusses the benefits of building security into the SDLC and how you can acquire security testing skills for free in a fun way avoiding the need for expensive courses and qualifications. Packed with examples from his career this talk will also show how these skills should be a part of everyone’s skillset. #### Speakers Davd Flint is a professional contract Tester with over 20-years experience testing IT products and services. With a background in electronics, programming and technical testing, David has tested the quality and security of products and services for a wide range of clients.

Wednesday, March 25, 2020 (Virtual event)

Location: virtual

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • how to prevent Dev from committing secrets and credentials into git repositories - Abhinav Sejpal [ Video ]

    Sensitive information such as the AWS keys, access tokens, SSH keys etc. are often erroneously leaked via the public source code repositories due to accidental git commits. This can be avoided by using pre-commit hooks like “Talisman” which checks for sensitive information in the files before commits or push activity.

Monday, 16 December 2019 (Ipswich)

Location: The Briarbank Bar

Agenda:

  • Secure Beer tasting.

    We will enjoy beer, socialise and discuss various aspects of InfoSec. Additionally, we will also summarise what we achieved this year and set up goals for next year.

4 November 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Practical Threat Analysis – Martin Russ [ Slides ][ Video ]

    Martin Russ shows you how to actually do Threat Analysis using a simple spreadsheet as a guide. The key to successful threat analysis and modelling is to have a clear idea of how to get to the end-point, and not to get overwhelmed with how you are going to get there! Having a simple guide makes this much easier, but there aren’t many examples out there - this turns to be one of those rare topics where Google searches don’t return much that is particularly useful. So we will be using a very straight-forward approach that isn’t scary or hard to understand, and which doesn’t require a brain the size of a planet. or the services of an expensive consultant!

Speakers

  • Martin Russ passed the CISSP exam in just over four hours (you are allowed to take six!), but has just lapsed and returned to the status of mere mortal. He worked in the Security Engineering department of a major US utility metering company for nearly ten years, and knows too much about hacking devices that measure, or web front-ends that interface to the real world, or cloud back-ends that assume that replication is a substitute for backups… He has always wanted a t-shirt that says: ‘There’s no way that could ever happen…’ because he has heard it too many times in security workshops…

30 September 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • What could possibly go wrong? Threat modelling in the 21st century. – Phil Ashby [ Slides ][ Video ]

    Introduction to threat modeling what it is, why is needed and how to do it right. Why and how threat modeling should evolve to be ready for 21st century threats. We will discuss potential threats in each stage of SDLC, and how to approach them.

Speakers

  • Phil Ashby has over 30+ years experience in tech. He is currently working for an identity intelligence company, trying to evolve it from a single location, sub-300 people business to a global 1000+ people corporate.

Monday 15th July 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Your only as strong as your weakest link – Edward Ogden [ Slides ] [ Video ]

    Servers are the root of all web apps and sites, it’s the central point that your clients/customers will connect to and where you put your code. Many small and under resource companies that do there own hosting don’t normally put the time and investment in there hosting technology and this is where it starts to go wrong. This talk will discuss what some of the dangers are and what could happen if an attacker gets into your infrastructure, we will also talk about how some simple changes to the infrastructure can reduce the risk of being attacked.

  • Discussion about future of OWASP Suffolk

    We will have open discussion about what we are doing, and what YOU expecting us to do.

Speakers

  • Edward Ogden has been in the IT industry for only 6 years and has learnt most of his skill on the job. He started his career as a web developer progressing on to operations side of the industry. Currently he is working for SETL Ltd as a DevOps engineer automating code deploys for client around the world. As a young child he was always interested in servers starting off by hosting gaming servers from his bedroom at the age of 14.

Tuesday, 21 May 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Windows Active Directory Security Lowlights - Barry Myles

    Once an attacker is inside your organisation they very often will misuse Windows Active Directory for almost total compromise of every aspect of an organisation’s computing infrastructure and the data it holds. This talk will describe how an attacker might do this, when they have done so in the past, the kinds of tools they would use, what common mistakes enable this, and how organisations could go about defending themselves both through changes in behaviour and changes to their setup.

Speakers

  • Barry Myles leads an internal penetration testing team at BT, although tries to stay away from very traditional views of pen testing as much as possible. After becoming somewhat bored and jaded with project management work in 2006 he decided the life on an attacker was a very much more fun, but perhaps less constructive way of life. He enjoys large scale scanning, reverse engineering, cryptography, hardware hacking and network protocols a bit too much.

Tuesday, 23rd April 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Data Protection Act 2018 - Rebecca Moran [ PDF ] [ Video ]

    An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

Speakers

  • Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

Tuesday, 19th March 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ PDF ] [ Video ]

    Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

Speakers

  • Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

Monday, 25th February 2019 (Ipswich)

Location:  Connexions, 159 Princess Street, Ipswich

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

- Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Yet another talk on OWASP Top 10 - WTC [PDF]

    Brief overview of OWASP Top 10.

Category:OWASP Chapter Category:Europe