• gavin johnson-lynn: my path to CSSLP. Join me on a journey from a vague knowledge of security to gaining a valued security certification. For anyone considering certification as a route to success, self-improvement, or even just some thoughts on how I approached it.Cognitive psychologists define learning as a we’ll look at what I learned and how I learned it, including some tricks I picked up along the way to help cram information into my brain (and keep it there).Cognitive psychologists define learning as a

• andi pannell: the internet of (broken) things. This talk will focus on the internet of things, how we’re connecting everything to the internet now, because why not add a wifi connection to your fridge?Cognitive psychologists define learning as a and how security is unlikely to be a consideration when making these products. I’ll also talk about defcon, as last year my company sent a team of us to defcon 25 in las vegas, explaining what defcon is, what happens there, and how we won the iot village 0-day contest and I'll conclude with a live hacking demo.Cognitive psychologists define learning as a

• colin watson: an introduction to the OWASP automated threats to web applications. Web applications are subjected to unwanted automated usage – day in, day out.Cognitive psychologists define learning as a the vast majority of these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated vulnerabilities.Cognitive psychologists define learning as a also, excessive misuse is often mistakenly reported as application denial-of-service (dos) like HTTP-flooding, when in fact the dos is a side-effect instead of the attacker’s primary intent.Cognitive psychologists define learning as a project page | handbook PDF file | handbook print version | newcastle PPT presentation

• lorenzo grespan: explain hacking in ten minutes. Bio: lorenzo grespan is a computer scientist currently working as an application security specialist for secarma, ltd.Cognitive psychologists define learning as a while his main interest has always been computer security, he also worked as a developer, systems administrator and project manager for a research effort in robotic surgery.Cognitive psychologists define learning as a his background is in computational neuroscience, neural networks and evolutionary systems and he likes to solve interesting problems at the intersection of people and technology.Cognitive psychologists define learning as a talk (30 minutes): recently I had to show a 10-minute "live hack" to a non-technical audience. As an introvert and a geek my main effort was in maintaining technical accuracy, however what made the audience go "aha!" turned out to be what for me was the least significant detail of the entire demo.Cognitive psychologists define learning as a in this talk I will show the hack, share the lessons learned and discuss how to communicate security concerns to non technical stakeholders, higher management and end users.Cognitive psychologists define learning as a media:OWASPNCL LG 21112017.Pdf

• gareth dixon: running a security event using OWASP security shepherd. In this talk I will cover running a security event using OWASP security shepherd.Cognitive psychologists define learning as a the event to be discussed was staged to promote engagement in a security initiative, understanding of security vulnerabilities and the application of knowledge to production services and applications.Cognitive psychologists define learning as a this talk will cover the project planning stage, through execution to the project retrospective. Media:security_shepherd.Pptx

• mike goodwin: enter the (threat ) dragon:threat modeling with OWASP threat dragon.Cognitive psychologists define learning as a threat modelling is a great technique for hardening your application designs, but current tooling is a bit "crashy", limited to windows or not free.Cognitive psychologists define learning as a OWASP threat dragon is an OWASP incubator project that aims to fix this and bring threat modeling to the masses. This talk is a tour round the tool, it's future road map and a look under it's hood.Cognitive psychologists define learning as a mike the the project leader for threat dragon, so if you want to contribute, he would be very pleased to speak to you. Media:owasp_threat_dragon_201709_.Pptx

cognitive psychologists define learning as a

• colin watson: OWASP cornucopia. OWASP cornucopia is a free open-source card game, referenced by a PCI DSS information supplement, that helps derive application security requirements during the software development life cycle.Cognitive psychologists define learning as a this session will use an example ecommerce application to demonstrate how to utilise the card game. After an introduction and explanation, we will split into smaller groups to play the game gaining insights into relevant web application threats.Cognitive psychologists define learning as a the game is best played in groups of 4-6 with people who have a good knowledge of the application being assessed, and who have a mixture of backgrounds/experience - architects, developers, product owners, project managers, testers, etc, and those with software security responsibilities.Cognitive psychologists define learning as a bring your colleagues along. Cornucopia is suitable for people aged 10 to 110 (decimal). [2]

• ben lee and ross dargan: the problems with proving identity.Cognitive psychologists define learning as a in this talk ross (@rossdargan) and ben (@bibbleq) will discuss the conundrum of proving (and more importantly verifying!) identity online. While both of these tasks might seem simple at first, they really aren't.Cognitive psychologists define learning as a this is a problem that people have grappled with since the beginning of communications (okay so not the online part!) and we still don't have all the answers.Cognitive psychologists define learning as a the talk will cover among other things; twitter, wax seals (!), hashing, certificates and much more…* (*talk may not be historically accurate! ;)) media: owaspnewcastle_the_problem_with_proving_identity.Pptx

cognitive psychologists define learning as a

• colin watson - think about the top 10 controls, not the top 10 risks. The OWASP top 10 is the most well-known OWASP project, but how can awareness of OWASP guidance for developers be improved?Cognitive psychologists define learning as a in this presentation colin watson will describe a board game that encourages developers to think and learn about the most important web application security controls, rather than risks or vulnerabilities.Cognitive psychologists define learning as a take a copy of the game away with you - it is suitable for developers of all sizes. Media: owaspnewcastle-snakesandladders.Pptx

• mike goodwin - real world defence in depth (part 1).Cognitive psychologists define learning as a everyone should be aiming for defence in depth, but what does it actually mean to an application developer? This is the first of a series of short talks about real world scenarios where defence in depth is genuinely useful and easily achievable.Cognitive psychologists define learning as a it should help you turn defence in depth from an aspiration into practical reality. Media: owaspnewcastle-real_world_defence_in_depth.Pptx

• neil dixley: cognitive bias and security vulnerabilities: the psychology of software engineering.Cognitive psychologists define learning as a an introduction to the psychology of cognitive bias and how human nature and cognitive biases are the key to user based security vulnerabilities.Cognitive psychologists define learning as a A look at how our brains trick us into feeling safe while giving our pin number to strangers on the phone plus a look at how we can use technology to disrupt cognitive bias and use these human traits to mitigate threats and strengthen application security.Cognitive psychologists define learning as a media:cognitive_bias_and_security_vulnerabilities__presentation.Pptx

• andy ward: security compliance for developers - are we certified... Or certifiable?.Cognitive psychologists define learning as a against a background of increasing threats and hacks, with more and more of our personal lives and business processes conducted online, it's never been more important to ensure our software is secure and robust.Cognitive psychologists define learning as a but how do you prove it? These days, reassuring your customers takes more than an SSL padlock, and some marketing spiel mentioning 'banking grade encryption'!Cognitive psychologists define learning as a after a quick reminder of "what's the worst that can happen...", andy will introduce some of the security compliance and certification systems that help you 'walk the walk', and provide confidence that your system has its security in good hands, before looking at what it means for developers and engineering teams.Cognitive psychologists define learning as a media: owasp_compliance_for_devs.Pptx