OWASP Newcastle - March 2018 meetup
Event Information
Description
We're back for our second event of 2018. We'll be hosting 2 great talks in our usual talk-pizza-talk fashion. The room is CCE01-402 (4th floor) which is in the Law building of Northumbria University (shown here)
This is the same building as the three previous meet ups, 4th floor and it may be named Harvard room or CCE01-402, there should be signs up inside the building to direct you to the room.
Talk 1: Andi Pannell
The Internet of (broken) Things
Talk: This talk will focus on the internet of things, how we’re connecting everything to the internet now, because why not add a WiFi connection to your Fridge? And how security is unlikely to be a consideration when making these products. I’ll also talk about DefCon, as last year my company sent a team of us to DefCon 25 in Las Vegas, explaining what DefCon is, what happens there, and how we won the IoT Village 0-day contest and I'll conclude with a live hacking demo.
Talk 2: Colin Watson
An introduction to The OWASP Automated Threats to Web Applications
Talk: Web applications are subjected to unwanted automated usage – day in, day out. The vast majority of these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities. Also, excessive misuse is often mistakenly reported as application denial-of-service (DoS) like HTTP-flooding, when in fact the DoS is a side-effect instead of the attacker’s primary intent.
This OWASP project researched these aspects in 2015 and created a new ontology of web application automation threats, and has been updated twice since with the most recent release in February 2018. This presentation will describe the need, how the threats were classified and names defined, and how they information can be used in the real world developing and operating web applications. Attendees to the OWASP Newcastle event will receive a printed copy of the handbook; the PDF handbook and all other outputs are free to download from the OWASP website.