The next OWASP London event will be on Thursday 12th of December 2013, at 18:00 for 18:30 hrs at Morgan Stanley in Canary Wharf.
I am speaking, but I am particularly looking forward to Ofer Maor's presentation about Interactive Application Security Testing (IAST). The presentations are:
- IAST: Runtime Code & Data Security Analysis - Beyond SAST/DAST
Until recently, Static and Dynamic Application Security Testing (SAST/DAST) dominated the application security testing market, each with its own pros and cons. We present IAST, a new approach, analysing code execution, memory and data in runtime, allowing for accurate inspection of the application. The presentation will present the basic IAST technology building blocks and their benefits, followed by discussing advanced IAST data analysis capabilities, which allow for a deeper analysis of the application and its business logic. We will discusses different approaches and implementations of IAST and Runtime code analysis, discussing the benefits of each. The presentation will include practical samples (including code!) of how IAST can be used to accurately detect both simple and complicated vulnerabilities, including SQL Injection, Parameter Tampering, Persistent XSS, CSRF, and more...
- OWASP Cornucopia
Microsoft's Escalation of Privilege (EoP) threat modelling card game has been refreshed into a new version more suitable for common web applications, and aligned with OWASP advice and guides. "OWASP Cornucopia - Ecommerce Web Application Edition" will be presented and used to demonstrate how it can help software architects and developers identify security requirements from the OWASP Secure Coding Practices - Quick Reference Guide. He will also provide a brief introduction about how to contribute ideas and content to OWASP projects, and how to start a project
So, there will be a broad mix of information suitable for a wide range of developers, testers, and verifiers - of whatever skill level. My own presentation will be similar to the one I gave in June during the OWASP EU Tour, but it has been specially updated for this event. There will also be news about next year's AppSec Europe being held in Cambridge. I imagine we will move to a local bar/pub at around 20:30 hrs to continue the discussion.
Further details are available on the chapter's page. Free registration is required for access to the host's building (Morgan Stanley, 25 Cabot Square, E14 4QA). Registration closes when all spaces are booked, or the evening before, whichever is soonest.
Posted on: 03 December 2013 at 08:41 hrs