Showing posts with label AppSec. Show all posts
Showing posts with label AppSec. Show all posts

Wednesday, 28 November 2018

Guest Speaker at the University of South Wales

Invited by USW Cyber Security Society and Information Security Research Group in University of South Wales to present my talk "A holistic view on Cyber Security in evolutionary terms (food-for-thought)". This is also part of our OWASP (OWASP London Chapter) initiative to reach out to Universities and share expert knowledge in the security and cybersecurity space. 

"Thank you very much for all your sharing today at USW. Just wanted to say you are such an inspiration to me and many others" Maria Peng Wang

See Talk Details --->

Guest Speaker at Cardiff University

Invited by Complex Systems Research Group in University of Cardiff to present my talk "A holistic view on Cyber Security in evolutionary terms (food-for-thought)". This is also part of our OWASP (OWASP London Chapter) initiative to reach out to Universities and share expert knowledge in the security and cybersecurity space.

Feedback:
"The talk was one of the most useful I have attended during my PhD because it is unusual to speak to someone who can relate between research and industry in cyber security. It was really encouraging and made me look forward to working in the space after my PhD" Matilda Rhode 

"Very Inspiring and a Great Talk" Irene Anthi

See Talk Details --->

Tuesday, 6 November 2018

OWASP Cambridge at Anglia Ruskin

I was invited by OWASP Cambridge and Adrian Winckles to present my talk "A holistic view on Cyber Security in evolutionary terms" hosted by the Cyber Security Networking & Big Data Research Group, Anglia Ruskin University. 

This evening is part of a series of evening events on raising awareness for local businesses & organisations on the issues of cyber security and cybercrime, what regulations and legislation do organisations need to be aware to protect themselves and what is considered best practice in these challenging times. read more

“Greg is an extremely motivational speaker in the cyber security sector who speaks with a passion accentuating the key messages and issues that the community needs to hear and understand” Adrian Winckles

Adrian Winckles
MSc BEng CEng CITP MBCS
Cyber Lead & Director of Cyber Security & Networking Research Group
(OWASP Cambridge Chapter Leader)
(UK Cyber Security Forum - Cambridge Cluster Chair)
(BCS Cybercrime Forensics Vice Chair)
Anglia Ruskin University
Twitter:  @botflowking

See Talk Details --->

Wednesday, 24 October 2018

OWASP London at JP Morgan (NCSAM 2018)

Due to the fact October is considered National Cyber Security Awareness Month (aka NCSAM) we were planing an OWASP London Chapter meetup. The meetup was hosted by JP Morgan at Canary Wharf, and it was an opportunity to deliver a talk around Cyber Security and how (cyber)threats have been evolving over the years. 

This time our lineup of talk included:
  • "If You Liked It, You Should Have Put Security On It" - ZoĆ« Rose (@5683Monkey)
  • "Lessons From The Legion (The OWASP London Remix)" - Nick Drage (@SonOfSunTzu)
  • "A holistic view on Cyber Security in evolutionary terms (food-for-thought)" - Dr. Grigorios Fragkos (@drgfragkos)

Thursday, 6 September 2018

OWASP London Chapter at Facebook


Yes, this whole surface is a screen at the headquarters of Facebook in London. We have been invited by Facebook to host the OWASP London Chapter meet-up at this amazing space. 

T1: "Bug Hunting Beyond facebook.com" - Jack Whitton
Facebook's Whitehat bug bounty program receives 1000's of security bug reports annually, covering a wide range of issues and products. Come listen to some of the interesting bugs Facebook's Whitehat program team handled over the past year, and some pro-tips when looking for bugs outside of "facebook.com".

L1: "Open Source for Young Coders" - Hackerfemo
Inspirational 12 year old Hackerfemo will tell us all about how open source helps him run coding and robot workshops for 10-16 year olds throughout the world.

T2: "Reviewing and Securing React Applications" - Amanvir Sangha
As developers start using front-end frameworks such as React they must be made aware of any related security issues. Whilst React provides developers with proactive measures such as output encoding, there still exist edge cases which can lead to cross-site scripting issues. This talk explores common security issues in the framework and how to defend against them

L2: - "Introducing OWASP Amass Project" - Jeff Foley (remote)
Jeff will introduce the OWASP Amass project - a tool which obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. All the information is then used to build maps of the target networks.


The video recordings of the OWASP London Chapter talks: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki










Thursday, 30 August 2018

OWASP London Chapter at Microsoft Reactor

We had the pleasure of having one of our OWASP London Chapter events hosted by Microsoft, at its community space called Reactor London

T1: "From zero to hero: building security from scratch" - Anthi Gilligan
Breaches mean financial, regulatory, legal, and above all reputational repercussions. Organisations are quick to react, however with security professionals in high demand and low supply, there has been an increase in individuals jumping on the “cybersecurity” bandwagon. In this talk, we discuss the pitfalls of the inadequately qualified “cybersecurity expert”, and examine the building blocks of a solid information security management system

T2: "Smart Contract Security" - Evangelos Deirmentzoglou 
Dapps and many Initial Coin Offerings (ICOs) run on smart contracts and tend to process a substantial amount of funds. This makes them a target, and therefore they often undergo attacks. Combined with the blockchain immutability, vulnerabilities undiscovered during development will exist forever in the blockchain. This talk will dive into the most common smart contract security vulnerabilities and provide in-depth knowledge on how these issues occur and their mitigation. Real world examples will be discussed and vulnerabilities like re-entrancy, overflows, gas limit attacks etc. will be demonstrated

L1: "Driving OWASP ZAP using Selenium" - Mark Torrens 
OWASP ZAP is great tool but it's not magic! When used in a CI/CD pipeline, ZAP needs some help to discover the routes through a web application. Basic authentication, user logins and form validation can all stop ZAP in its tracks. I show how to drive ZAP using Selenium scripts and increase the security coverage of a web application.

The video recording of the talks from this event: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki

Friday, 6 July 2018

Global OWASP AppSec EU 2018



The OWASP Global Application Security Conference took place this week in the heart of London. see: OWASP AppSecEU 2018

The QEII conference centre, just across the Westminster Abbey was packed with brilliant minds from all over the world, dedicated in advancing security across all technologies. 

The premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.

As an OWASP London Chapter leader, (@OWASPLondon) it was an honor to be part of the team that delivered this amazing 1 week event. 
The OWASP foundation staff and board did an amazing job and we all enjoyed working together. We reached out to all OWASP chapters across the globe and we are dedicating ourselves in amazing things to come.