On Wednesday evening I attended the first meeting of the OWASP Manchester chapter, this was kindly hosted again at the (very nice) KPMG offices with much appreciated refreshments provided!
There were two excellent talks presented, the first by Richard Moore, the CTO of Westpoint, this was a very interesting talk about the security flaws of historic and current SSL and TLS versions, I was very surprised to discover just how many certificate authorities there were and it has certainly dented my confidence in https! That being said as always common sense does as always play a part in deciding who you want to give your details to and over what connection so I’m not completely put off online shopping just yet.
The second talk of the evening was by Ryan Jones of Trustwave SpiderLabs, this was regarding how much difference was made by proper incident readiness and logging. The concept of the talk was a very simple one, turn on your logging, but the way it was presented very effectively argued the case for doing so with the comparison of the incident response with and without sufficient logging being enabled, this demonstrated very effectively how this small change could make a big difference.
As always the talks were interesting and I met a lot of new people, I am now looking into organising a Newcastle meeting so I don’t have to travel to Manchester and Leeds every time!