OWASP London Chapter Meeting, Thursday 24th November 2016, 6:30pm

Event Details

This event is kindly sponsored and hosted by Empiric.

Location: Empiric offices, 1 Old Jewry, London EC2R 8DN

Nearest Tube: Bank (2 minute walk, take the Tube Exit 1 at Bank station towards Poultry)

Doors Open at 6pm, the talks start at 6:30pm (we start on time).

Talks:

• Introduction and OWASP News - Sam Stepanyan and Sherif Mansour
  Welcome and OWASP updates from the OWASP London Chapter Leaders

• PCI - The View from the Bridge - Jeremy King
  The International Director of the PCI Security Standards Council will take us on a journey around some wonderful sights of Europe using the images to reflect on and relate to the challenges and successes that we all face in protecting data. In his talk Jeremy will talk about the potential impact of Brexit on security and will discuss the latest changes in PCI DSS related to TLS, Multi-Factor Authentication and Secure Software Development Requirements.
  

• Lightning Talk 1 - OWASP ZAP Official Jenkins Plugin walkthrough & Demo - Goran Sarenkapa
  
  
• Lightning Talk 2 - myBBC Security Council - What It Means To You - Shane Kelly

• JSON Hijacking - Gareth Heyes
  JSON hijacking is supposedly dead after the Array constructor and "Object.prototype" setter bugs have been patched or is it? This talk will show how it's still possible to steal JSON data cross domain using various browser bugs. Gareth will take us on an epic journey of bug discovery and if we have time he may even bypass CSP for fun.
  
  

Speakers:

Jeremy King

Jeremy is the International Director of the PCI Security Standards Council. He leads the PCI Council's efforts in increasing adoption and awareness of the PCI Security Standards internationally. In this role, Mr. King works closely with the Council's General Manager and representatives of its policy-setting executive committee from American Express, Discover, JCB International, MasterCard, and Visa, Inc. His chief responsibilities include gathering feedback from the merchant and vendor community, coordinating research and analysis of PCI SSC managed standards through all international markets, and driving education efforts and Council membership recruitment through active involvement in local and regional events, industry conferences, and meetings with key stakeholders. He also serves as a resource for Approved Scanning Vendors, Qualified Security Assessors, Internal Security Assessors, PCI Forensic Investigators, and related staff in supporting regional training, certification, and testing programs.

Gareth Heyes

Gareth works as a researcher at Portswigger and loves breaking sandboxes and anything to do with JavaScript. He has developed various free online tools such as Hackvertor and Shazzer. He also created MentalJS a free JavaScript sandbox that provides a safe DOM environment for sandboxed code. Gareth has been a speaker at many security conferences including the Microsoft BlueHat, Confidence Poland, and OWASP Application Security Conferences. Gareth also co-authored the "Web Application Obfuscation" book, which was named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews

RSVP

This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and information security. Please note that you MUST book your place to be admitted to the event by the building security.