OWASP London Chapter Meetup [IN-PERSON]
Details
PLEASE REGISTER ON EventBrite: https://www.eventbrite.co.uk/e/owasp-london-chapter-in-person-meetup-tickets-550592004507
This event is kindly sponsored and hosted by Monzo. There is limited seating available for in-person attendees. Registration required. Please note that this event will be live-streamed on YouTube for the online audience.
Live-Stream URL: https://www.youtube.com/watch?v=xtGHg3vegOE
Venue Location: Monzo, 5 Appold St, London, EC2A 2AG
Nearest Tube: Liverpool Street - 4 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time).
TALKS
OWASP Introduction, Welcome and News - Sam Stepanyan, Sherif Mansour and Andra Lezza
Welcome and a brief update on OWASP Projects & Events from the OWASP London Chapter Leaders
Lightning Talk: The Need for Data Security, Mike Andrews (special guest)
Talk 1: What I Found When Modelling Threats In The Open (Source), Dan Conn
Secure development is hard. Throughout the entire development of an open source project, security needs to be top of mind due to a potential myriad threats. Some open source orgs are starting to ask for security matrices, and expect some threat modelling to have taken place, so that the threats of a system can be evaluated. This however, can be difficult. Considering the different use cases of a project that may be running in different architectures can be quite a struggle, combined with sometimes working with developers that may not be familiar with threat modelling in general. This talk will explore how to make threat modelling easier for open source developers through using open source tools such as OWASP Threat Dragon and Threagile, and where each is better suited than the other.
Talk 2: An AppSec Point of View On Synthetic Identities, Timur Yunusov
In the era of neobanks with no branches and broadly adopted eKYC standards, the entry barriers for cybercriminals are extremely low. How could FinTech win in this ongoing cat-and-mouse game? How criminals utilise gaps in workflows of the modern payment ecosystem? After looking at mobile applications and the API workflows of dozens of FinTech companies across Europe, the USA and Asia, I will provide real-world examples from both sides of the battle.
SPEAKERS
Mike Andrews(@ma)
Mike is Chief Architect and First Engineer at Open Raven. Mike is a true industry veteran - his previous roles include: Engineering Manager for Microsoft Azure storage, Co-founder of the Azure SRE team, Director of Engineering for Microsoft Strategic engagement team and Bing Security Strategist. Architect at McAfee and consultant at Foundstone. Mike has a PhD in computer science from University of Kent and is an assistant professor at Florida Institute of Technology. Roadie for stadium rock bands in the 90s.
Dan Conn (@danjconn)
Dan Conn likes to sit in the point between cyber security and development and over the past 10 years has worked as a developer in small startups, large corporates and many in between, catering for clients both public and private sector from SME size to enterprise. He has also had a strong interest in cybersecurity for just as long culminating in a postgraduate certificate in Advanced Security and Digital Forensics. Dan is now a Developer Advocate for Sonatype. When not coding, hacking, or talking about these things… you can find Dan running, skateboarding, DJ-ing or making music!
Timur Yunusov (@a66ot)
Timur Yunusov, Payment security researcher, an application security expert with a focus on FinTech, and one of the Payment Village organisers. Some of Timur's research in the field of application security includes "Bruteforce of PHPSESSID" and "XML Out-Of-Band" shown at the Black Hat EU back in 2013 . Timur has previously spoken at conferences such as Black Hat EU, BlackHat USA, HackInTheBox, Nullcon, NoSuchCon, CanSecWest, Hack In Paris, ZeroNights, Positive Hack Days and at OWASP meetups.
TICKETS
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the guest list.
CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously.