What we’re about
OWASP London Chapter
OWASP (The Open Worldwide Application Security Project) is a worldwide not-for-profit organisation focused on improving the security of software. With over 250 local Chapters worldwide and 110,000+ volunteers OWASP's open community is dedicated to enabling organisations and individuals to develop and maintain applications that can be trusted. OWASP's meet-ups, tools, standards, guidelines, documents and forums are free and open to anyone interested in improving application security.
Visit OWASP London webpage here: https://www.owasp.org/london
Follow us on Twitter: https://twitter.com/OWASPLondon
Follow us on LinkedIN: https://www.linkedin.com/company/owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch recordings of talks presented at our events on our YouTube channel: https://www.youtube.com/OWASPLondon
^Please subscribe to our YouTube channel to get notified when the latest video recordings of our talks get published.
We also have a mailing list, sign-up here: https://groups.google.com/a/owasp.org/forum/#!forum/london-chapter/join
We usually run 7-10 events per year: meet-ups ("Chapter Meetings"), Capture The Flag (CTF) tournaments, Hackathons, workshops and hacking/cyber-security themed pub quizzes.
Please note that while we do advertise our meetups here on Meetup[.]com due to the Meetup platform limitation we do not use the Meetup's RSVP system and instead use Eventbrite for free tickets and registration to attend our events. If you have an account on EventBrite you can follow us there as well: https://owasplondon.eventbrite.co.uk/
You don't have to be an OWASP member to attend any of our meetups or CTFs - they are free and open to everyone interested in Application Security, booking is required.
There is a paid membership, which is a donation to the OWASP Foundation - it gives you discounts on many cyber-security conferences around the world, voting rights, @owasp.org email address and many other benefits like free access to paid training platforms. Join OWASP Global Foundation as a paid member here: https://www.owasp.org/index.php/Membership
Upcoming events (1)See all
- OWASP London Chapter Meetup [IN-PERSON]Thought Machine, HQ, London
This event is kindly sponsored and hosted by Thought Machine. There is limited seating available for in-person attendees. Registration required. Please note that all our events are live-streamed on YouTube for the online audience. Recordings will be available on the OWASP London YouTube channel.
Venue Location: Thought Machine, 7 Herbrand St, London WC1N 1EX
Nearest Tube: Russell Square (Piccadilly Line) - 2 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time).
OWASP Introduction, Welcome and News - Sam Stepanyan
"E2E Detection Testing" - George Gilligan
How do you make sure your detections work in a cloud native organisation? Software engineers have integration tests, reliability engineers have chaos engineering frameworks. Detection engineers lack an equivalent standardised approach to E2E testing. A natural approach is a binary that generates a suspicious event, validates that a suitable alert is generated in your SIEM, closes it, and reports the result. An open source Datadog tool named Threatest does just this. We are working on extending this to work with Elasticsearch, with the hope of automating a huge portion of the work of the red team, and providing constant validation for our detections.
"5 Open Source Security Tools All Developers Should Know About" - Raz Probstein
The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls - and the great part? It’s easily achievable through open-source tooling. In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, which will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that come with time, as well as increased experience with your deployments, stacks, and security posture. Code examples & demos will be showcased as part of this session.
"I Will IDOR Myself In" - Vangelis Stykas
How could attackers gain control of hundreds of million devices? In this talk Vangelis explains how attackers can exploit a series of simple, yet critical API flaws that are typical “rush to market” flaws which allow an attacker to control and even use them as an initial foothold in millions of networks. Devices vary from routers to alarms and car chargers. It seems that the era of “central platform” handling that solves a variety of problems (like port forwarding) backfired by re-introducing a number of vulnerabilities that were thought to be long gone.
George Gilligan (@ggilligan12)
George Gilligan is a security engineer at Thought Machine, where his work includes securing Kubernetes clusters, container security, intrusion detection, security testing, and implementing security policies. George participates in various CTF competitions and his CTF achievements include the Deloitte CTF Qualifier, Scottish Universities Cybersecurity Challenge and Hack Harvard 2018.
George holds an Offensive Security Certified Professional (OSCP) certification and a BSc (Honours) degree in Computer Science and Mathematics from the University of Edinburgh.
Raz Probstein (@RazProbstein)
Vangelis Stykas (@evstykas)
Vangelis is a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet.
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the guest list.
CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct