Website hacking and Threat Modelling

Sep 28, 2017 · City of Bristol, United Kingdom

Joint meeting with ISSA-UK Bristol  at our sponsor:   Grant Thornton Bristol 

Explore the many ways we can hack an (intentionally) insecure website and how to fix the problems. 

Learn about threat modelling used in Secure Development Lifecycles and how to use Threat Dragon modelling tool.

Agenda

• 6:30 pm - Social

• 6:55 pm  - OWASP update

• 7:00 pm - Presentation 1: Let's hack a website  - Craig Francis  

• 8:00 pm - Presentation 2: A short introduction to Threat Modelling - Jon Gadsden  

Presentation 1: Let's hack a website 

Abstract: We will look at the most (intentionally) insecure website ever created, and work out how many ways we can hack it - discussing each approach, with a quick demo, along with ways to fix the problems. 

Bio: I'm Craig Francis, and I've been creating websites for a while (let's just say that I once considered IE6 a good thing). Those websites help businesses operate on a daily basis (invoices, diaries, reports, etc), and operate with Security, Performance, and Accessibility in mind. From a security point of view, I created the first website to gain 130 points on the Mozilla Observatory.

Presentation 2: "A short introduction to Threat Modelling

Abstract: This short introduction will provide an overview of threat modelling used in Secure Development Lifecycles, and covers:

•  Threat Models

•  The tools used to create them

•  Why they are useful

•  Open source Threat Dragon

•  How to get involved

Bio: Jon is an embedded C/C++ engineer who specialises in product security and secure development lifecycle activities. For the last few years he has been a security advocate at Cisco, a role which requires interest and knowledge of secure development along with a hefty dose of tact. Jon tends to enjoy threat modeling more than static analysis, and penetration testing more than security baselines ... but it is all good. 

In his spare time he likes to help organise security conferences and contribute to open source projects - the latest being the OWASP Threat Dragon modelling tool.

Event organizers
  • OWASP Bristol (UK) Chapter

    The Open Web Application Security Project (OWASP) is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.  OWASP Bristol chapter typically meets on the 3rd Thursday every two months for great

    Recent Events
    More

Are you organizing Website hacking and Threat Modelling?

Claim the event and start manage its content.

I am the organizer
Social
Rating

based on 0 reviews