"Three Ways of Security” and Cookie Security - Myths and Misconceptions

Nov 30, 2017 · City of Bristol, United Kingdom

This is a joint event between OWASP Bristol and OWASP London, kindly sponsored and hosted by Just Eat. 

The meeting will be streamed live from the JustEat London office into the Bristol office. 

Participants to this meeting will have the opportunity to ask the speakers questions and talk to one of the OWASP co-founders - Jeff W. 

Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time).


• Presentation 1: Can DevSecOps Prevent the Impending Software Apocalypse? - Jeff Williams

• Presentation 2: Cookie Security - Myths and Misconceptions - David Johansson


Presentation 1: Can DevSecOps Prevent the Impending Software Apocalypse? 

Abstract:  When Marc Andreessen said, “software is eating the world,” he saw business literally reinvented as software. But as software is built faster, becomes more complex and interconnected, and handles more critical functions and data, it’s clear modern software has outstripped our ability to secure it. DevOps has produced stunning results for software speed and quality, but do they translate for security? In this talk, Jeff will present the “Three Ways of Security” – an interpretation of the DevOps classic, “The Phoenix Project” for security. You’ll learn how to get your security work flowing, how to create continuous security feedback, and how to create a culture of security experimentation and learning. Bring your hard questions – Jeff likes a “town hall” style meeting!

Bio:  Jeff Williams is the co-founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API (ESAPI), OWASP Application Security Verification Standard(ASVS), XSS Prevention Cheat Sheet, WebGoat and many other widely adopted free and open projects. Jeff is the co-founder and the CTO of Contrast Security. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

Presentation 2: Cookie Security - Myths and Misconceptions - David Johansson

Abstract:  Cookies are an integral part of any web application and secure management of cookies is essential to web security. However, during my years as a security consultant I've often encountered various myths and misconceptions regarding cookie security from both developers as well as other security professionals. This talk will dive into the details of cookie security and highlight some of the lesser known facts about well-known cookie attributes.This talk will give you a solid understanding of the pitfalls affecting cookie security, the risks associated with these, and how you can leverage modern security specifications to enhance the protection of cookies in your web application.

Bio:  David Johansson has worked as a security consultant for several leading IT-security companies and has over 10 years of experience in software security. Among other things, he has worked with software development and architecture, web security testing and training developers and testers in security. He has been speaking at conferences such as AppSec USA, InfoSecurity Europe and ISC2 Security Congress EMEA. David lives in London where he works as an Associate Principal Consultant for Synopsys.

Event organizers
  • OWASP Bristol (UK) Chapter

    The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.  OWASP Bristol chapter typically meets on the 3rd Thursday every two months for great

    Recent Events

Are you organizing "Three Ways of Security” and Cookie Security - Myths and Misconceptions?

Claim the event and start manage its content.

I am the organizer

based on 0 reviews