Agenda:
• 6:00 pm - Social
• 6:30 pm - OWASP update
• 6:40 pm - Presentation 1: Lightning talk:Hacking into Developers’ Security Consciousness - Andra Lezza, WorldPay
• 7:00 pm - Presentation 2: Stranger Danger: Finding Security Vulnerabilities Before They Find You! - Siobhan Meier, Snyk
Presentation 1: Hacking into Developers’ Security Consciousness
Abstract: IT or Application Security is seen as a blocker in the development process. This is mostly due to an inherent lack of communication and understanding from both development and security sides. As security professionals, we expect an easy and open collaboration, but developers tend to see any interaction with us as an interruption in their day to day activities. Based on my experience as a software developer and currently as an Application Security specialist, I see this miscommunication as the source of the biggest breaches in modern history, leading to the loss of not only valuable customer and financial data, but also to companies’ status and reputation. This talk is a collection of “life” hacks and ideas from my time as a developer and as a security professional. It aims to convince developers to start thinking like attackers and build software defensively, as well as provide various suggestions to security professionals to help them understand the development area and how best to communicate the importance of security at every step of the software lifecycle.
Bio: Andra is an Application Security Specialist at Worldpay, OWASP London Chapter Leader, and a co-founders of the OWASP Women in AppSec (WIA) Chapter in London. She comes from a Software Development background and has a wealth of experience in application security and threat modelling, risk management and security testing. She works with development teams on improving their security awareness and finding ways to integrate and customise security practices at every point in their design and development processes.
Presentation 2: Stranger Danger: Finding Security Vulnerabilities Before They Find You!
Abstract: Open source modules on the NPM ecosystem are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user’s data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we’ll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.
Bio: Siobhán is a Software Engineer at Snyk. Snyk enables you to find and fix known vulnerabilities in your third-party dependencies via the CLI or web interface. Siobhán works on their growth team building tools to make Snyk more effective. She recently moved to Bristol from South Africa and has worked remotely since completing her studies in Computer Science, Psychology and Games Development at the University of Cape Town.