OWASPLondonChapterMeeting
30thMarch2017

LondonChapter

ChapterLeaders:• SamStepanyan(@securestep9)• SherifMansour(@kerberosmansour) 

KeepingInTouch:
➤ JointheOWASPLondonmailinglist
➤ Follow@OWASPLondononTwitter 
➤ “Like”OWASPLondononFacebook
➤ SubscribetoOWASPLondonChannelonYouTube
➤ Chatwith#chapter-londonteamowasp.Slack.com

http://owasp.slack.com

Agenda

• Networking,pizza&drinks• WelcomeandOWASPUpdate-SamStepanyan&SherifMansour• HeroesvsVillains:BuildinganApplicationSecurityProgram

thatScales-KevinDelaney• LightningTalk:BypassingCSRFProtections:ADoubleDefeat

oftheDouble-SubmitCookie-DavidJohansson 

------------break-------------------------------

• PostMessageSecurityinChromeExtensions-ArsenyReutov• Networking&Beer

OWASP

• WeareaGlobalnot-for-profitcharitableorganisation

• Focusedonimprovingthesecurityofsoftware• Vendor-NeutralCommunity• CollectiveWisdomoftheBestMindsinApplicationSecurityWorldwide

• Providefreetools,guidance,standards• Allmeetingsarefreetoattend(*freebeerincluded)

BecomeaMember

WeareallVOLUNTEERS!(45,000worldwide)

Membership

$50/year!

LondonChapterSupporters 


OWASPCorporateMembers

PremierMembers

Premiermembers

FREEeBook

https://bit.ly/freenodejsbook

EssentialNode.jsSecurityforExpressJSWebApplications

Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.

https://bit.ly/freenodejsbook

AppSecEurope2017

8-12May2017,Belfast
NorthernIreland

Belfast,Belfast!

AppSecEurope2017-CallForPapersisOPEN!Submityourproposals!

Training@ApPSecEU2017

ExploitingWebsitesbyusingoffensiveHTML,SVG,CSSandotherBrowser-Evil-MarioHeiderichSecurecodinginJava-RobertSeacordHands-onMobileApplicationExploitation-iOS&Android-DineshShettyHandsonWebExploitationwithPython-MichaelBornandFredDonovanSystematicallyBreakingandFixingSingleSign-On-VladislavMladenovandChristianMainkaWhiteboardHackingakaHands-onThreatModeling-SebastienDeleersnyderMaking&BreakingMachineLearningSystems-AntoJosephClarenceChioAutomatingyourownAppSecPipelinewithDockerandServerlessComputing-AaronWeaverandMattTesauroWebApplicationSecurityEssentials-FabioCerulloHands-onWorkshoponSecurityinDevOps(SecDevOps)v2.0-AbhayBhargavSmartlockpicking-hands-onexploitingsoftwareflawsinIoT-SlawomirJasek

OWASPSummit2017


SUMMITWorkshops

BSIDESLondon

BSidesLondon2017BiggestCommunity-Driven
InfoSecConference

07.June.2017

ILECConferenceCentre47LillieRoadLondonSW61UD

WEWILLBETHERE!

OWASPCodeSprint2017

Flipbits!Notburgers!

GoalTheOWASPCodeSprint2017isaprogramthataimstoprovideincentivestostudentstocontributetoOWASPprojects.ByparticipatingintheOWASPCodeSprint2017astudentcangetreallifeexperiencewhilecontributingtoanopensourceproject.Astudentthatsuccessfullycompletestheprogramwillreceiveintotal$1500.

Duration:2monthsoffull-timeengagement.

Talktime

MainTalks:

• KevinDelaney• DavidJohansson• ArsenyReutov

FREEeBook

https://bit.ly/freenodejsbook

EssentialNode.jsSecurityforExpressJSWebApplications

Hands-onandabundantwithsourcecodeforapracticalguidetoSecuringNode.jswebapplications.

https://bit.ly/freenodejsbook

StayinginTouch
OWASPLondon

KeepinTouch–getinformedaboutfutureevents:

JoinTheOWASPLondonMailingList:http://lists.owasp.org/mailman/listinfo/owasp-london

WatchusonYouTube:YouTube.com/OWASPLondon


Slack:owasp.slack.com#chapter-london 



VisitOWASPLondonChapterwebpagehttps://www.owasp.org/index.php/London

OWASPLondonSaveTheDatesofFuture

meetings:

18May2017

FollowusonTwitter@owasplondon

“Like”usonFacebook
https://www.facebook.com/OWASPLondon

http://owasp.slack.comhttps://www.owasp.org/index.php/London

PresentYourTalk

CallForSpeakersForFutureEvents

DoyouhaveagreatWebApplicationSecurityRelatedTalk?

3Tracks:

•Breakers•Defenders•Builders

Submittheabstractofyourtalkandyourbioto:

owasplondon@owasp.org

ThankYou!

Speakers:


• DavidJohansson• KevinDelaney• ArsenyReutov

AllslideswillbepublishedonOWASP.ORGandvideorecordingswillbeonYouTubeinafewdays

Hostsforthisevent• TelegraphMediaGroup




• Attendees(you!)

http://owasp.org

PubTime!

• NetworkingandDrinksat
THEVICTORIA
1LowerBelgraveStreet