Cyber Security Awareness Month 2018

October is known as Cyber Security Awareness Month and in the US it is commonly referred as National Cyber Security Awareness Month (NCSAM). This is a global initiative to raise awareness on emerging Cyber threats and best practices to defend against them, while educating the public and the private sector, on how to tackle cyber security challenges in a fast-evolving digital ecosystem.

‘Security’ is the enabler for evolving and scaling up in a secure manner, while minimising the risk of being affected at an irrecoverable level.

Cyber Security is promoted at an impressive rate during this month, with several awareness campaigns taking place. Typically, these campaigns focus on giving advice around having best-in-class practices when it comes to Cyber Security, sharing thoughts around exposure to unnecessary risk and try to communicate the benefits from having a Cyber Resilience strategy in place, while discussions around defence-in-depth tend to spawn recommendations around different products and services that might help an organisation’s security practice. 

To achieve this, during October several events take place to engage and educate the information security community, while focusing on sharing knowledge, lessons learned, and forward-looking ideas.

Boardroom Briefing on Cyber Risk Exposure, in M&A and deal-flow scenarios

To understand and simplify the current Cyber Risk exposure in Mergers and Acquisitions (M&A), this article focuses on explaining the inner workings and what is currently the state of affairs in the Cyber front, from a deal-flow perspective, while being structured as an informative boardroom briefing. 

"Understanding the Cyber related risks in M&A in this digital era, is an 'investment metric' for a successful decision-making process"

Before jumping into specifics, and to put things in the right context, consider for a moment that every business entity is more or less similar to an alive ecosystem; that is composed of people, services, synergies, cooperation, products, ideas, technologies, dependencies, and advances on different fronts. Effectively, as business entities evolve, by adapting the digital model of operations, the nature of their risk exposure equally evolves due to the numerous emerging Cyber-threats. 

OWASP London Chapter at 44CON

Yes, we are here once again this year, leading the #CyberLondon scene. Information Security, Application Security, Cyber Security, Cyber Defence at #44CON with #OWASP and global Security BSides (London, Athens, Manchester, Amsterdam, Tel Aviv, Lisbon, Cape Town).
#respect #collaboration #inclusion #community #InfoSec #AppSec #CyberSecurity #EthicalHacking #CyberRisk #ThoughtLeadership #CyberSecurityAwareness

@44CON is a well-established security conference in London, with hackers coming to attend and present from all over the world.

The OWASP London Chapter was there.

If you didn't know, there is a whole bus in the venue, that serves drinks. The happy hour is when it is #Gin o’clock at @44CON! View from the top of the bus!

OWASP London Chapter at Facebook

Yes, this whole surface is a screen at the headquarters of Facebook in London. We have been invited by Facebook to host the OWASP London Chapter meet-up at this amazing space. 

T1: "Bug Hunting Beyond facebook.com" - Jack Whitton
Facebook's Whitehat bug bounty program receives 1000's of security bug reports annually, covering a wide range of issues and products. Come listen to some of the interesting bugs Facebook's Whitehat program team handled over the past year, and some pro-tips when looking for bugs outside of "facebook.com".

L1: "Open Source for Young Coders" - Hackerfemo
Inspirational 12 year old Hackerfemo will tell us all about how open source helps him run coding and robot workshops for 10-16 year olds throughout the world.

T2: "Reviewing and Securing React Applications" - Amanvir Sangha
As developers start using front-end frameworks such as React they must be made aware of any related security issues. Whilst React provides developers with proactive measures such as output encoding, there still exist edge cases which can lead to cross-site scripting issues. This talk explores common security issues in the framework and how to defend against them

L2: - "Introducing OWASP Amass Project" - Jeff Foley (remote)
Jeff will introduce the OWASP Amass project - a tool which obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. All the information is then used to build maps of the target networks.

The video recordings of the OWASP London Chapter talks: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki

OWASP London Chapter at Microsoft Reactor

We had the pleasure of having one of our OWASP London Chapter events hosted by Microsoft, at its community space called Reactor London. 

T1: "From zero to hero: building security from scratch" - Anthi Gilligan

Breaches mean financial, regulatory, legal, and above all reputational repercussions. Organisations are quick to react, however with security professionals in high demand and low supply, there has been an increase in individuals jumping on the “cybersecurity” bandwagon. In this talk, we discuss the pitfalls of the inadequately qualified “cybersecurity expert”, and examine the building blocks of a solid information security management system

T2: "Smart Contract Security" - Evangelos Deirmentzoglou 

Dapps and many Initial Coin Offerings (ICOs) run on smart contracts and tend to process a substantial amount of funds. This makes them a target, and therefore they often undergo attacks. Combined with the blockchain immutability, vulnerabilities undiscovered during development will exist forever in the blockchain. This talk will dive into the most common smart contract security vulnerabilities and provide in-depth knowledge on how these issues occur and their mitigation. Real world examples will be discussed and vulnerabilities like re-entrancy, overflows, gas limit attacks etc. will be demonstrated

L1: "Driving OWASP ZAP using Selenium" - Mark Torrens 

OWASP ZAP is great tool but it's not magic! When used in a CI/CD pipeline, ZAP needs some help to discover the routes through a web application. Basic authentication, user logins and form validation can all stop ZAP in its tracks. I show how to drive ZAP using Selenium scripts and increase the security coverage of a web application.

The video recording of the talks from this event: 
OWASP London Chapter Youtube channel

More Information, presentations, and upcoming events: 
OWASP London Chapter wiki