2011 08 24 Manchester

Manchester Chapter meeting 2011 August 24th
This was the first Manchester Chapter meeting, and was very kindly hosted by KPMG.

45 people attended, and there were another 10 who we were unable to find space for.

18:20-18:30

OWASP Chapter introduction. OWASP values and membership. Chapter information.

OWASP Manchester board member

Talk: SSL: Paved with Good Intentions

Slides: 
 * [[File:SSL_paved_with_good_intentions.pdf]]
 * [[File: Colour_map_of_CAs.pdf]]

At first glance, SSL seems very complicated to add to your site.

Once you become a little more knowledgeable you know that it's a simple matter of getting a certificate from a trusted CA and installing it.

Unfortunately you were right the first time, and it is actually very complicated to do correctly.

This talk aims to explain how the various parts of SSL fit together to provide users with decent security, showing the problems components like OCSP and certificates solve.

As well as explaining the evolution of SSL over time, it will cover enhancements that are just reaching deployment such as Server Name Indication and OCSP stapling.

Finally, it will also highlight various ways that everyone from SSL implementers, system administrators, browser developers to users can manage to undo all this hard work and make it insecure anyway.

Speaker: Richard Moore, CTO Westpoint Ltd

Richard is CTO of Westpoint Ltd, a security testing company based in Manchester. He has been working in the security industry for many years providing services to a wide range of clients including multi-nationals and banks.

Richard has extensive experience in SSL from both the point of view of a software developer as one of the maintainers of the SSL support in Nokia's Qt library and KDE, and also from a security testing perspective.

Talk: Forensic Readiness – Give your investigators a fighting chance

Slides: 
 * [[File:Incidence_readiness_Manchester.pdf]]

Investigators are often faced with poorly configured systems which thwart the investigative process. This leads commonly leads to incident response reports with fragmented timelines of attack and leaves risk managers having to make difficult decisions based on incomplete information.

Companies that consider Forensic Readiness put their investigators in a much stronger position and can expect considerably more accurate outcomes from a forensic investigation.

This talk looks at the same web application attack, carried out on systems with differing audit controls. The first system has ‘out of the box’ logging and the second has had logging improved through a Forensic Readiness process carried out before the attack.

We approach the machines as an Incident Response Specialist would and compare the evidence stores and the ability of the investigators to make accurate conclusions based on the evidence available. We will look at the contrasting final reports which are produced with the differing levels of forensic evidence, highlighting the decisions that have to be made based on the varying level of detail provided in the reports.

Someone for whom forensic investigation of web application exploits is a new topic will gain an understanding of some of the forensic techniques possible. Whilst attendees who already have some forensic investigation knowledge will understand how forensic readiness can have a massive effect on the outcome of investigations.

Speaker: Ryan Jones, SpiderLabs Incident Response Team leader

Ryan Jones currently leads the SpiderLabs Incident Response Team in EMEA. The team commonly manages data compromises related to cardholder data but are also regularly involved in other projects such as ATM compromises and data breaches caused by internal staff. The Incident Response team also carry out proactive engagements to ensure that customers have an effective incident response plan; drawing upon extensive knowledge of how it goes wrong in real data security breaches to improve companies’ approach to Incident Response.

During Ryan’s incident response career Ryan has worked for both UK National Law enforcement and private companies. He has been involved with both criminal and corporate investigations with scope ranging from a single mobile telephone to multinational networks. For the past 4 years, Ryan has been a corporate first responder involved with a wide variety of businesses from small companies to multinationals during times when they have been struggling to react to a rapidly changing data compromise situation. Ryan firmly believes that a consultative approach coupled with the appropriate technical knowledge is key to successful incident response engagements.

Ryan graduated from the University of Kent with a First Class BSc in Computer Science. He is also a PCI QSA. In his spare time he can be found skydiving at various dropzones around the country.