OWASP Suffolk

Welcome

Welcome to the Suffolk chapter homepage. The chapter leaders are Wojciech T Cichon and Abhinav Sejpal.

Please follow as on Twitter and please subscribe to our Youtube channel.

Meeting Sponsors

The following is the list of organisations who supported OWASP Suffolk chapter by providing funds or venue.

IWIC OCCAMSEC

Call For Speakers

If you would like to present a talk on Application Security at future OWASP Suffolk Chapter events - please email the proposed talk title, abstract and speaker bio to one of the Chapter Leader

 wojciech.cichon@owasp.org
 
 abhinav.sejpal@owasp.org

Next Meeting/Event(s)

OWASP Suffolk Chapter - March Meetup

Date : Wednesday, March 25, 2020, 7:00 PM to 7:15 PM

Venue : Remote (Before the meetup will start, We will email link to everyone whoever registred)

  • OWASP Suffolk Introduction, Welcome and News - WTC

Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • how to prevent Dev from committing secrets and credentials into git repositories by Abhinav Sejpal

Abstract: Sensitive information such as the AWS keys, access tokens, SSH keys etc. are often erroneously leaked via the public source code repositories due to accidental git commits. This can be avoided by using pre-commit hooks like “Talisman” which checks for sensitive information in the files before commits or push activity.

Presentation : https://slides.com/abhinavsejpal/git-secrets-pre-hook/

Speaker Social Info :

Website : https://www.bugwrangler.in/

Twitter : https://twitter.com/AbhinavSejpal

TICKETS:

All our events are free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list. Register to attend this event at OWASP Suffolk Chapter - Meetup - RSVP to attend


Code of Conduct:

We hope you enjoy our events, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: https://www.owasp.org/index.php/Governance/Conference_Policies


Past Meeting/Event(s)

Monday, 16 December 2019 (Ipswich)

Location: The Briarbank Bar

Agenda:

  • Secure Beer tasting.

    We will enjoy beer, socialise and discuss various aspects of InfoSec. Additionally, we will also summarise what we achieved this year and set up goals for next year.

4 November 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Practical Threat Analysis – Martin Russ [ Slides ][ Video ]

    Martin Russ shows you how to actually do Threat Analysis using a simple spreadsheet as a guide. The key to successful threat analysis and modelling is to have a clear idea of how to get to the end-point, and not to get overwhelmed with how you are going to get there! Having a simple guide makes this much easier, but there aren’t many examples out there - this turns to be one of those rare topics where Google searches don’t return much that is particularly useful. So we will be using a very straight-forward approach that isn’t scary or hard to understand, and which doesn’t require a brain the size of a planet. or the services of an expensive consultant!

Speakers

  • Martin Russ passed the CISSP exam in just over four hours (you are allowed to take six!), but has just lapsed and returned to the status of mere mortal. He worked in the Security Engineering department of a major US utility metering company for nearly ten years, and knows too much about hacking devices that measure, or web front-ends that interface to the real world, or cloud back-ends that assume that replication is a substitute for backups… He has always wanted a t-shirt that says: ‘There’s no way that could ever happen…’ because he has heard it too many times in security workshops…

30 September 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • What could possibly go wrong? Threat modelling in the 21st century. – Phil Ashby [ Slides ][ Video ]

    Introduction to threat modeling what it is, why is needed and how to do it right. Why and how threat modeling should evolve to be ready for 21st century threats. We will discuss potential threats in each stage of SDLC, and how to approach them.

Speakers

  • Phil Ashby has over 30+ years experience in tech. He is currently working for an identity intelligence company, trying to evolve it from a single location, sub-300 people business to a global 1000+ people corporate.

Monday 15th July 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Your only as strong as your weakest link – Edward Ogden [ Slides ] [ Video ]

    Servers are the root of all web apps and sites, it’s the central point that your clients/customers will connect to and where you put your code. Many small and under resource companies that do there own hosting don’t normally put the time and investment in there hosting technology and this is where it starts to go wrong. This talk will discuss what some of the dangers are and what could happen if an attacker gets into your infrastructure, we will also talk about how some simple changes to the infrastructure can reduce the risk of being attacked.

  • Discussion about future of OWASP Suffolk

    We will have open discussion about what we are doing, and what YOU expecting us to do.

Speakers

  • Edward Ogden has been in the IT industry for only 6 years and has learnt most of his skill on the job. He started his career as a web developer progressing on to operations side of the industry. Currently he is working for SETL Ltd as a DevOps engineer automating code deploys for client around the world. As a young child he was always interested in servers starting off by hosting gaming servers from his bedroom at the age of 14.

Tuesday, 21 May 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Windows Active Directory Security Lowlights - Barry Myles

    Once an attacker is inside your organisation they very often will misuse Windows Active Directory for almost total compromise of every aspect of an organisation’s computing infrastructure and the data it holds. This talk will describe how an attacker might do this, when they have done so in the past, the kinds of tools they would use, what common mistakes enable this, and how organisations could go about defending themselves both through changes in behaviour and changes to their setup.

Speakers

  • Barry Myles leads an internal penetration testing team at BT, although tries to stay away from very traditional views of pen testing as much as possible. After becoming somewhat bored and jaded with project management work in 2006 he decided the life on an attacker was a very much more fun, but perhaps less constructive way of life. He enjoys large scale scanning, reverse engineering, cryptography, hardware hacking and network protocols a bit too much.

Tuesday, 23rd April 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Data Protection Act 2018 - Rebecca Moran [ PDF ] [ Video ]

    An overview of the requirements of the new Data Protection Act 2018 (GDPR) and it’s influence in development and project management.

Speakers

  • Rebecca Moran is owner of ReMo InfoSec - qualified ISO27001 lead implementer and auditor – preacher of the ISO27001 bible. Registered GDPR practitioner and all round data protection whiz.

Tuesday, 19th March 2019 (Ipswich)

Location:   University of Suffolk, Waterfront Building, 19 Neptune Quay, Ipswich IP4 1QJ

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

    Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Understanding how to prevent Sensitive Data Exposure - Simon Greatrix [ PDF ] [ Video ]

    Sensitive data is often the target of any attack, and its exposure has the greatest risk of long-term damage. OWASP and the PCI DSS provide many recommendations. The internet provides even more. These can be hard to understand, hard to implement, and contradictory. I will be sharing my understanding of how the cryptographic algorithms work and how they should best be used.

Speakers

  • Dr Simon Greatrix has been writing software since the late 70s and has worked as a security expert for e-commerce for nearly 20 years. He is currently working on SETL’s block chain product. Java has been his preferred programming language since 1996.

Monday, 25th February 2019 (Ipswich)

Location:  Connexions, 159 Princess Street, Ipswich

Agenda:

  • OWASP Suffolk Introduction, Welcome and News - WTC

- Welcome and an update on OWASP Projects & Events from the OWASP Suffolk Chapter Leader.

  • Yet another talk on OWASP Top 10 - WTC [PDF]

    Brief overview of OWASP Top 10.

Category:OWASP Chapter Category:Europe