This is the fifth meeting of the Newcastle OWASP chapter. Like the last meeting, we are again having 3 short talks and 1 longer talk.

The long talk is by Ben Lee and Ross Dargan

The problems with proving identity.

In this talk Ross (@rossdargan) and Ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't. This is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.

The talk will cover among other things; Twitter, wax seals (!), hashing, certificates and much more…*

*Talk may not be historically accurate! ;)

The short talks are:

Colin Watson - Think about the Top 10 Controls, not the Top 10 Risks

The OWASP Top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved? In this presentation Colin Watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.

Take a copy of the game away with you - it is suitable for developers of all sizes.

Michael Haselhurst - Automated Security Testing Using The ZAP API

This talk will show you how to integrate the OWASP ZAP API with automated test scripts using Sahi.

Mike Goodwin - Real world defence in depth (part 1)

Everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable. It should help you turn defence in depth from an aspiration into practical reality.