Wednesday, 24 October 2018

OWASP London at JP Morgan (NCSAM 2018)

Due to the fact October is considered National Cyber Security Awareness Month (aka NCSAM) we were planing an OWASP London Chapter meetup. The meetup was hosted by JP Morgan at Canary Wharf, and it was an opportunity to deliver a talk around Cyber Security and how (cyber)threats have been evolving over the years. 

This time our lineup of talk included:
  • "If You Liked It, You Should Have Put Security On It" - ZoĆ« Rose (@5683Monkey)
  • "Lessons From The Legion (The OWASP London Remix)" - Nick Drage (@SonOfSunTzu)
  • "A holistic view on Cyber Security in evolutionary terms (food-for-thought)" - Dr. Grigorios Fragkos (@drgfragkos)

Tuesday, 2 October 2018

Cyber Security Awareness Month 2018



October is known as Cyber Security Awareness Month and in the US it is commonly referred as National Cyber Security Awareness Month (NCSAM). This is a global initiative to raise awareness on emerging Cyber threats and best practices to defend against them, while educating the public and the private sector, on how to tackle cyber security challenges in a fast-evolving digital ecosystem.
Security’ is the enabler for evolving and scaling up in a secure manner, while minimising the risk of being affected at an irrecoverable level.
Cyber Security is promoted at an impressive rate during this month, with several awareness campaigns taking place. Typically, these campaigns focus on giving advice around having best-in-class practices when it comes to Cyber Security, sharing thoughts around exposure to unnecessary risk and try to communicate the benefits from having a Cyber Resilience strategy in place, while discussions around defence-in-depth tend to spawn recommendations around different products and services that might help an organisation’s security practice. 

To achieve this, during October several events take place to engage and educate the information security community, while focusing on sharing knowledge, lessons learned, and forward-looking ideas.

Boardroom Briefing on Cyber Risk Exposure, in M&A and deal-flow scenarios

To understand and simplify the current Cyber Risk exposure in Mergers and Acquisitions (M&A), this article focuses on explaining the inner workings and what is currently the state of affairs in the Cyber front, from a deal-flow perspective, while being structured as an informative boardroom briefing. 
"Understanding the Cyber related risks in M&A in this digital era, is an 'investment metric' for a successful decision-making process"
Before jumping into specifics, and to put things in the right context, consider for a moment that every business entity is more or less similar to an alive ecosystem; that is composed of people, services, synergies, cooperation, products, ideas, technologies, dependencies, and advances on different fronts. Effectively, as business entities evolve, by adapting the digital model of operations, the nature of their risk exposure equally evolves due to the numerous emerging Cyber-threats. 

Friday, 14 September 2018

OWASP London Chapter at 44CON

Yes, we are here once again this year, leading the #CyberLondon scene. Information Security, Application Security, Cyber Security, Cyber Defence at #44CON with #OWASP and global Security BSides (London, Athens, Manchester, Amsterdam, Tel Aviv, Lisbon, Cape Town).
#respect #collaboration #inclusion #community #InfoSec #AppSec #CyberSecurity #EthicalHacking #CyberRisk #ThoughtLeadership #CyberSecurityAwareness

@44CON is a well-established security conference in London, with hackers coming to attend and present from all over the world.

The OWASP London Chapter was there.

If you didn't know, there is a whole bus in the venue, that serves drinks. The happy hour is when it is #Gin o’clock at @44CON! View from the top of the bus!


Thursday, 6 September 2018

OWASP London Chapter at Facebook


Yes, this whole surface is a screen at the headquarters of Facebook in London. We have been invited by Facebook to host the OWASP London Chapter meet-up at this amazing space. 

T1: "Bug Hunting Beyond facebook.com" - Jack Whitton
Facebook's Whitehat bug bounty program receives 1000's of security bug reports annually, covering a wide range of issues and products. Come listen to some of the interesting bugs Facebook's Whitehat program team handled over the past year, and some pro-tips when looking for bugs outside of "facebook.com".

L1: "Open Source for Young Coders" - Hackerfemo
Inspirational 12 year old Hackerfemo will tell us all about how open source helps him run coding and robot workshops for 10-16 year olds throughout the world.

T2: "Reviewing and Securing React Applications" - Amanvir Sangha
As developers start using front-end frameworks such as React they must be made aware of any related security issues. Whilst React provides developers with proactive measures such as output encoding, there still exist edge cases which can lead to cross-site scripting issues. This talk explores common security issues in the framework and how to defend against them

L2: - "Introducing OWASP Amass Project" - Jeff Foley (remote)
Jeff will introduce the OWASP Amass project - a tool which obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. All the information is then used to build maps of the target networks.


The video recordings of the OWASP London Chapter talks: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki