OWASP London Chapter Meeting - December 2013
Thursday, 12 December 2013 from 18:30 to 20:30 (GMT)
London, United Kingdom
Loading your connections...
OWASP London chapter meetings are free and open to all, however please RSVP so we can have your name at the door for building security, and we know how many to cater for.
- IAST: Runtime Code & Data Security Analysis – Beyond SAST/DAST - Ofer Maor
- Until recently, SAST/DAST dominated the application security testing market, each with its own pros and cons. We present IAST, a new approach, analysing code execution, memory and data in runtime, allowing for accurate inspection of the application. The presentation will present the basic IAST technology building blocks and their benefits, followed by discussing advanced IAST data analysis capabilities, which allow for a deeper analysis of the application and its business logic. We will discusses different approaches and implementations of IAST and Runtime code analysis, discussing the benefits of each. The presentation will include practical samples (including code!) of how IAST can be used to accurately detect both simple and complicated vulnerabilities, including SQL Injection, Parameter Tampering, Persistent XSS, CSRF, and more...
- OWASP Cornucopia - Colin Watson
- Microsoft's Escalation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for common web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help software architects and developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. He will also provide a brief introduction about how to contribute ideas and content to OWASP projects, and how to start a project.
- Ofer Maor
- Ofer Maor has over 18 years of experience in information and application security and penetration testing. In his current role as Founder and CTO of Quotium, Mr. Maor is leading Seeker® - the new generation of application security, allowing organisations to effectively protect their business and data from application threats. He was previously the Founder and CTO of Hacktics™, where he helped create a world-class leading professional security services group, later acquired by EY to become a global excellence centre, and has also served as the Chairman of OWASP Israel and a member of the OWASP Global Membership Committee.
- Colin Watson
- Colin Watson is an application security consultant based in London. He is project leader for the OWASP Codes of Conduct and OWASP Cornucopia projects, co-leader for the OWASP AppSensor project, wrote the Application Logging Cheat sheet. He is currently writing the new AppSensor Guide which is due for publication in early 2014.
Do you have questions about OWASP London Chapter Meeting - December 2013? Contact OWASP London Chapter