Last week was full of interesting cyber security meetups in London.
I attended two, one hosted at Capital One office and another one hosted by OWASP at Revolut office.

Cyber London, hosted by Capital One
https://www.meetup.com/London-Cyber-Capital-One/events/262063647/

Image for post
Image for post

On the 17th of July Georg(my colleague) and I attended a cybersecurity event after work, hosted and organized by Capital One.

There were two talks:

1) Hostage Negotiation, Cyber Extortion, Critical Incident Handling and You!
2) Browser Security Basics


Hostage Negotiation, Cyber Extortion, Critical Incident Handling and You!

Image for post
Image for post

“To Pay or Not To Pay used to be the question, now, Are You Ready to Negotiate?” That was one of the themes of the talk. Two presenters had extensive experience in hostage negotiation and fighting organized crime. One is formerly the Team Leader of Canada’s Royal Canadian Mounted Police’s (RCMP) International Negotiation Team, graduate of both the FBI’s and Scotland Yard’s Hostage Negotiation Programs. Another formerly a United Nations senior security official. They shared their experience and knowledge of organized crime. Even though they do not deal with cybercrime directly, a lot of their methods are also applicable to IT. Do not pay the ransomware creators.

Image for post
Image for post

Browser Security Basics

Image for post
Image for post

The most interesting talk from the engineering perspective, where we had a chance to hear from Mark Goodwin, Mozilla engineer who is working on the Firefox web browser.

Mark covered the basics of browser security, what it does and why it’s important. He also covered the use of Rust at Mozilla, why it’s a great language from a security point of view(memory and thread safety) and plans to increase the amount of Rust code in Firefox. https://wiki.mozilla.org/Oxidation

Image for post
Image for post
Image for post
Image for post

OWASP London Chapter Meeting at Revolut
https://www.meetup.com/OWASP-London/events/262880260/

Image for post
Image for post
Image for post
Image for post

There were three talks:
1) Scaling Security - Move Fast and Make Things
2) Hack In, Cash Out: Hacking and Securing Payment Technologies
3) Advanced Bots and Security Evasion Techniques

Scaling Security - Move Fast and Make Things

Image for post
Image for post

Talk by Revolut CISO, where he talked about the use of Google Cloud Platform at Revolut, a bit about how they do AppSec, automation around security they do at Revolut, microservices, context-aware access(https://cloud.google.com/context-aware-access/), how important it is to move and react fast. He also shared the bank's plans for the near future.

Hack In, Cash Out: Hacking and Securing Payment Technologies

Image for post
Image for post

Talk by a researcher from Positive Technologies, who talked about attacks on payment platforms, what cybercriminals do, what his company has found. To sum up, there are a lot of problems with payment platforms. One of the methods criminals used to use was a race condition, where there would be a transaction, from account A to B, transferring a very small amount of money, say £0.000005 and then instantly criminals would send cancel transaction call. Due to the processing error, account B would still have £0.000005

Advanced Bots and Security Evasion Techniques

This talk was presented by a Senior Researcher at F5 networks, covering advanced techniques used by bot creators and what F5 does to detect them.
As always there was free pizza and beer. The office was very cool, in a good location and hip inside!
There was a vending machine that gave out Revolut debit cards. You just need to register it through the app.
PS Join OWASP https://www.owasp.org/index.php/Membership

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post
NEVER SETTLE

AppSec. Opinions are my own.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store