Boardroom Briefing on Cyber Risk Exposure, in M&A and deal-flow scenarios

To understand and simplify the current Cyber Risk exposure in Mergers and Acquisitions (M&A), this article focuses on explaining the inner workings and what is currently the state of affairs in the Cyber front, from a deal-flow perspective, while being structured as an informative boardroom briefing. 

"Understanding the Cyber related risks in M&A in this digital era, is an 'investment metric' for a successful decision-making process"

Before jumping into specifics, and to put things in the right context, consider for a moment that every business entity is more or less similar to an alive ecosystem; that is composed of people, services, synergies, cooperation, products, ideas, technologies, dependencies, and advances on different fronts. Effectively, as business entities evolve, by adapting the digital model of operations, the nature of their risk exposure equally evolves due to the numerous emerging Cyber-threats. 

OWASP London Chapter at 44CON

Yes, we are here once again this year, leading the #CyberLondon scene. Information Security, Application Security, Cyber Security, Cyber Defence at #44CON with #OWASP and global Security BSides (London, Athens, Manchester, Amsterdam, Tel Aviv, Lisbon, Cape Town).
#respect #collaboration #inclusion #community #InfoSec #AppSec #CyberSecurity #EthicalHacking #CyberRisk #ThoughtLeadership #CyberSecurityAwareness

@44CON is a well-established security conference in London, with hackers coming to attend and present from all over the world.

The OWASP London Chapter was there.

If you didn't know, there is a whole bus in the venue, that serves drinks. The happy hour is when it is #Gin o’clock at @44CON! View from the top of the bus!

OWASP London Chapter at Facebook

Yes, this whole surface is a screen at the headquarters of Facebook in London. We have been invited by Facebook to host the OWASP London Chapter meet-up at this amazing space. 

T1: "Bug Hunting Beyond facebook.com" - Jack Whitton
Facebook's Whitehat bug bounty program receives 1000's of security bug reports annually, covering a wide range of issues and products. Come listen to some of the interesting bugs Facebook's Whitehat program team handled over the past year, and some pro-tips when looking for bugs outside of "facebook.com".

L1: "Open Source for Young Coders" - Hackerfemo
Inspirational 12 year old Hackerfemo will tell us all about how open source helps him run coding and robot workshops for 10-16 year olds throughout the world.

T2: "Reviewing and Securing React Applications" - Amanvir Sangha
As developers start using front-end frameworks such as React they must be made aware of any related security issues. Whilst React provides developers with proactive measures such as output encoding, there still exist edge cases which can lead to cross-site scripting issues. This talk explores common security issues in the framework and how to defend against them

L2: - "Introducing OWASP Amass Project" - Jeff Foley (remote)
Jeff will introduce the OWASP Amass project - a tool which obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. All the information is then used to build maps of the target networks.

The video recordings of the OWASP London Chapter talks: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki

OWASP London Chapter at Microsoft Reactor

We had the pleasure of having one of our OWASP London Chapter events hosted by Microsoft, at its community space called Reactor London. 

T1: "From zero to hero: building security from scratch" - Anthi Gilligan

Breaches mean financial, regulatory, legal, and above all reputational repercussions. Organisations are quick to react, however with security professionals in high demand and low supply, there has been an increase in individuals jumping on the “cybersecurity” bandwagon. In this talk, we discuss the pitfalls of the inadequately qualified “cybersecurity expert”, and examine the building blocks of a solid information security management system

T2: "Smart Contract Security" - Evangelos Deirmentzoglou 

Dapps and many Initial Coin Offerings (ICOs) run on smart contracts and tend to process a substantial amount of funds. This makes them a target, and therefore they often undergo attacks. Combined with the blockchain immutability, vulnerabilities undiscovered during development will exist forever in the blockchain. This talk will dive into the most common smart contract security vulnerabilities and provide in-depth knowledge on how these issues occur and their mitigation. Real world examples will be discussed and vulnerabilities like re-entrancy, overflows, gas limit attacks etc. will be demonstrated

L1: "Driving OWASP ZAP using Selenium" - Mark Torrens 

OWASP ZAP is great tool but it's not magic! When used in a CI/CD pipeline, ZAP needs some help to discover the routes through a web application. Basic authentication, user logins and form validation can all stop ZAP in its tracks. I show how to drive ZAP using Selenium scripts and increase the security coverage of a web application.

The video recording of the talks from this event: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki

Global OWASP AppSec EU 2018

The OWASP Global Application Security Conference took place this week in the heart of London. see: OWASP AppSecEU 2018

The QEII conference centre, just across the Westminster Abbey was packed with brilliant minds from all over the world, dedicated in advancing security across all technologies. 

The premier application security conference for European developers and security experts. AppSec EU provides attendees with insight into leading speakers for application security and cyber security, training sessions on various applications, networking, connections and exposure to the best practices in cybersecurity.

As an OWASP London Chapter leader, (@OWASPLondon) it was an honor to be part of the team that delivered this amazing 1 week event. 

The OWASP foundation staff and board did an amazing job and we all enjoyed working together. We reached out to all OWASP chapters across the globe and we are dedicating ourselves in amazing things to come.