Open Source Security and Top Hacks of 2015

OWASP Belfasts' March session has two great talks planned, along with the usual pizza and beers (kindly sponsored by Vertical Structure).

Open Source Security – What Security Testing Tools Miss

Mike Pittenger - VP of Security Strategy for Blackduck

Static analysis, dynamic analysis, and other testing tools are all essential weapons against adversaries. But for the 80%+ of companies worldwide that use open source software in their application development these tools are ineffective in identifying and mitigating open source security risks . This presentation will cover:
• The value of static and dynamic tools, and where they best fit in the Secure Development Lifecycle
• Why these tools are not useful in identifying known vulnerabilities in open source components
• Controls development and security professionals can deploy to select, detect, manage and monitor open source for existing and newly disclosed vulnerabilities.

Top 10 WebHacks of 2015

Kuskos - Threat Center Manager at Whitehat

Every year the security community produces a stunning number of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivalents. Beyond individual vulnerabilities with CVE numbers or system compromises, we are solely focused on new and creative methods of Web-based attack. Now in its tenth year, the Top 10 Web Hacking Techniques list encourages information sharing, provides a centralized knowledge base, and recognizes researchers who contribute excellent research.