Upcoming OWASP Chapter Meetup Events (next 30 days)


Quick List (Details below)


October 22, 2020


Event: Secure Coding CTF Tournament

Chapter: Las Vegas

Time: 16:00 (US/Pacific)

Description:

Secure Coding CTF Tournament

Date: Thursday, October 22, 2020

Time: 4:00pm - 6:00pm (Pacific Time)

REGISTRATION IS REQUIRED: https://discover.securecodewarrior.com/OWASPLasVegas-tournament.html

Description:
CTF with Secure Code Warrior
Twitter - @SecCodeWarrior
LinkedIn – https://www.linkedin.com/company/secure-code-warrior
Facebook – https://www.facebook.com/securecodewarrior/

Secure Coding CTF Tournament
Capture the Flag for Developers/Pentesters

Improve your secure coding skills by joining our live Secure Code Warrior tournament. The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability.

All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.

Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Prizes will be awarded to the top finishers! First place will receive a hoodie, and lots of bragging rights!


Event: [ONLINE]OWASP Suffolk Chapter Community Building Exercise

Chapter: Suffolk

Time: 19:00 (Europe/London)

Description:

AGENDA:
* Networking
* Discussion on direction where chapter should go
* Networking
* Open discussion
* Virtual Beer

TICKETS:
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in application security and cyber security. Please note that you MUST RSVP to book your place and get a ticket to be admitted to the event by building security - your name will be checked against the guest list.
Register to attend this event at OWASP Suffolk Chapter - Meetup - RSVP to attend



October 25, 2020


Event: OWASP BHOPAL MEETUP - OCTOBER

Chapter: Bhopal

Time: 16:00 (Asia/Calcutta)

Description:

As Owasp Bhopal Community we have come up with Oct-2020 Monthly meet for the Community.

There are two sessions proposed for this virtual OWASP meetup-

1. API Testing By Vedant Jain (1600-1700 IST)

2. Dom based XXS by Divyanshu Diwakar (1700-1800)

Post the meetup we will have a Q&A session regarding talks. Also, we are going to have an open discussion on making this OWASP chapter Bigger & Better

It will be a fully virtual meetup and the details Regarding The virtual platform will be communicated on the day of the meetup.



October 27, 2020


Event: October 2020 Chapter Meeting

Chapter: Austin

Time: 11:55 (US/Central)

Description:

Title:
Mobile Security in a Remote World

Attacks on the endpoint are no longer limited to traditional endpoints like laptops and workstations; mobile devices have been ranked the #1 hardest enterprise asset to defend. Compounded by bring-your-own device policies, enterprises are struggling to protect themselves against a growing variety of mobile threats. In this session, we will dive into the challenges with securing mobile in the enterprise security space and the evolution of mobile device security. Join us to learn about why attackers are shifting to target mobile, validated by investigations from the Cybereason Nocturnus team, and how the enterprise security industry is moving to address them.

Speaker:
Allie Mellen has spent the past decade in engineering, development, and technical consulting roles at multiple venture-backed startups, as well as research roles at MIT and Boston University. Her passion is combining technology and entrepreneurship, having run her own successful iOS development company out of college and been an investment partner at a venture fund investing in student-run startups. She has worked with multiple nonprofits to teach engineering to students and minorities, including the Global App Initiative and WISP, and has mentored business students at Hult Business School. She received her B.S. degree in Computer Engineering, and has been recognized worldwide for her security research at conferences like Black Hat USA, DEFCON, HOPE, and others. She is now a security strategist in the Office of the CSO at Cybereason, where she is a frequent speaker at security conferences globally teaching about security and pushing the boundaries of the industry.


Event: OWASP Nashville October Meetup: Defending Multicloud Infrastructure

Chapter: Nashville

Time: 18:29 (US/Central)

Description:

Join Senior Application Security Engineer at Asurion and Instructor for the SANS Institute Brandon Evans at OWASP Nashville's next online Meetup. Brandon will discuss how to defend infrastructure and applications running in Amazon Web Services (AWS), Microsoft Azure, and the Google Cloud Platform (GCP).

Brandon is the lead author of SANS SEC510: Multicloud Security Assessment and Defense. For more information, visit: SANS.org/SEC510


Event: Virtual AppSec IL 2020 Training Day (Track 1 & 2)

Chapter: Israel

Time: 09:00 (Asia/Jerusalem)

Description:

Hi Everybody!
Agenda is now online for training!!!
https://appsecil.org/Training
please register here
we will publish the sessions urls in the sessions details in sched

Wow we are going to have 2 training tracks with lots of great session!!!

AppSec IL site : https://appsecil.org
Looking forward to seeing you all!


Event: Secure Code Warrior Tournament

Chapter: Bristol Uk

Time: 18:00 (Europe/London)

Description:

Opening meeting - Zoom details:
Topic: OWASP Bristol - Secure Code Warrior Tournament
Time: Oct 27, 2020 06:00 PM London

Join Zoom Meeting
https://zoom.us/j/99583981560?pwd=MkN0Q2NpTDF5eW5wK0ZUajNKS0pPUT09

Meeting ID: 995 8398 1560
Passcode: 542873
One tap mobile
+12532158782,,99583981560# US (Tacoma)
+13017158592,,99583981560# US (Germantown)

Dial by your location
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
+1 929 436 2866 US (New York)
Meeting ID: 995 8398 1560
Find your local number: https://zoom.us/u/apHTPsgrT


Event: OWASP London / OWASP UK Secure Coding Tournament (CTF)

Chapter: London

Time: 18:00 (Europe/London)

Description:

To join the tournament please REGISTER HERE:
https://discover.securecodewarrior.com/OWASPUKtnmRegistrationLON.html

ARE YOU THE SECUREST OF THEM ALL?

Improve your secure coding skills and compete against the other OWASP chapters by joining the UK Wide OWASP Secure Coding Tournament!

The OWASP team will be kicking off with an opening ceremony at 6pm on Tuesday 27th October 2020. At the end of the tournament, there will be a closing ceremony at 6pm on Tuesday 3rd November.

The tournament allows you to compete against the other participants in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. All challenges are based on the OWASP Top 10, and players can choose to compete in a range of software languages including Java EE, Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.JS, React, and both iOS and Android development languages.

Throughout the tournament, players earn points and watch as they climb to the top of the leaderboard. Individual winners (top three) will win awesome Secure Code Warrior hoodies, and 4th-10th place will all win a t-shirt!

The tournament is run virtually throughout the whole week so you can join through your laptop from the most convenient location and time. We normally recommend an hour or two to complete all of the challenges.

How to Join the Tournament

- Simply complete the form and we will send information with the next steps and your training token to join:

https://discover.securecodewarrior.com/OWASPUKtnmRegistrationLON.html

^Please register using the above URL NOW - once you have registered and create log in, you will have access to the platform and will be able to PRACTICE.

- Please note that we will also send a separate Zoom Meeting invite later, so you could ask any questions and get expert if you get stuck or experience a technical issue with the SCW platform.

- You can find tournament step-by-step guide here: SCW Tournament Guide : https://www.youtube.com/watch?v=0bPFS1tyNbM

- Winners will be announced once the tournament has finished during a live-streamed closing ceremony at 6pm on Tuesday 3rd November. The winners will also be announced by email.

- This is a UK OWASP tournament only. Prizes are only available to those part of OWASP UK chapters. OWASP Code of conduct applies -
please treat everyone with respect and dignity



October 28, 2020


Event: Coded World - My Cheatsheet

Chapter: Jakarta

Time: 10:30 (Asia/Jakarta)

Description:

Software yang tidak aman telah mengancam infrastruktur keuangan, kesehatan, pertahanan, energi, dan infrastruktur penting lainnya. Dengan semakin kompleks dan terhubungnya infrastruktur digital kita, kesulitan mencapai keamanan aplikasi meningkat secara eksponensial. Open Web Application Security Project (OWASP) yang merupakan komunitas terbuka yang didedikasikan untuk memungkinkan organisasi mengembangkan, membeli, dan memelihara aplikasi yang dapat dipercaya. Di OWASP sendiri, anda akan menemukan free and open…
• Tool dan standar keamanan aplikasi
• Buku tentang uji keamanan aplikasi, pengembangan kode aman, dan review kode keamanan
• Kendali keamanan dan pustaka standar
• Cabang lokal di seluruh dunia
• Riset terkini
• Konferensi lengkap di seluruh dunia
• Mailing list
• Dan banyak lagi … di www.owasp.org

Kali ini OWASP feat. Junior Lazuardi
(Principal Consultant, ITSEC Asia)
akan membahas :

Coded World - My Cheatsheet

Abstrack:
Software, algorithms, and specifically crafted services are eating the world, let's take a byte! In this session, I'll share my notes on interesting cyber and economic programmes (particularly in Indonesia), and my tips to keep up with it.

PS: Your mileage may vary, yet you should not walk alone.
---
Short bio :

Junior Lazuardi is currently working with ITSEC Asia to solve problems faced by corporates in dealing with Cyber Attack and Fraud. Previously, he had IT audit, project and software assurance experiences in Indonesia Stock Exchange and its members (while also learning how people trade securities, and security, for economic reasons). Friends from OWASP Indonesia introduced cyber security into his software/system engineering career, and volunteering for ISACA Indonesia improved his skillset in program development and "networking". He tunes in regularly for contents on cyber risk quantification, digital economy, and the fascinating TV series "Chasing Ocean Giants".

Waktu dan Tempat :
28th October 10:30 - 11:00 WIB

Catatan :
- Peserta online menggunakan aplikasi Zoom di komputer / laptop / tablet / smartphone
- Acara ini free for everyone
- Password untuk join meeting akan dikirim kan kepeserta setelah register

Venue :
Online by zoom

Support our Conference
OWASP AppSec Indonesia 2020


Event: Virtual AppSec IL 2020 Conference (Track A & B)

Chapter: Israel

Time: 09:00 (Asia/Jerusalem)

Description:

Hi Everybody! Agenda is now online for the conference!!!

https://appsecil.org/Agenda

Please register here, we will publish the sessions urls in the sessions details in sched.
We are going to have 2 conference tracks with lots of great session!!!

AppSec IL site : https://appsecil.org

Looking forward to seeing you all!



October 29, 2020


Event: October meeting: Securing Infrastructure as Code

Chapter: Minneapolis St Paul

Time: 19:00 (US/Central)

Description:

Join us for a lively discussion of Infrastructure as Code (IaC), the hot
new way to configure the Cloud. We'll cover:

* Best practices
* Testing and Validation for IaC
* Remediation
* Fitting IaC into the App Sec PIpeline
* Immutable infrastructure
* Is it Security Architecture or Secure Coding?

So get your head out of the Cloud for a couple of hours and get ready
for some down-to-earth information exchange.

Due to COVID-19 restrictions, this will be an online event.


Event: Virtual Meeting: Practical DevSecOps

Chapter: Orange County

Time: 17:45 (US/Pacific)

Description:

Speaker: Jeff Williams, Co-Founder and CTO at Contrast

Topic: Practical DevSecOps

Abstract:
The traditional “outside in” scanning, pentesting, and firewalling approach slows down delivery pipelines and creates massive security backlog. We need a new approach to security that accelerates the delivery of value to customers. In this talk, Jeff will present a proven approach to both shifting left into development *and* extending right into operations. We’ll discuss the “three ways” of security and talk about the elements of a healthy appsec lifestyle. We’ll discuss a practical way to break down the threat model and get the most important security work flowing effectively, how to establish tight security feedback loops and communication channels, and how to create a culture of security experimentation and learning.

Speaker Bio:
Jeff brings more than 20 years of security leadership experience as co-founder and Chief Technology Officer of Contrast Security. He recently authored the DZone DevSecOps, IAST, and RASP refcards and speaks frequently at conferences including JavaOne (Java Rockstar), BlackHat, QCon, RSA, OWASP, Velocity, and PivotalOne. Jeff is also a founder and major contributor to OWASP, where he served as Global Chairman for 9 years, and created the OWASP Top 10, OWASP Enterprise Security API, OWASP Application Security Verification Standard, XSS Prevention Cheat Sheet, and many more popular open source projects. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.

LinkedIn: https://www.linkedin.com/in/planetlevel/

Twitter: planetlevel

NOTE: Due to the continuing health concerns relating to the spread of the coronavirus disease (COVID-19), we will be meeting virtually until further notice.

A raffle will be conducted at the end of the meeting for gift cards provided by Contrast Security. Instructions for entering the raffle will be provided during the meeting.


Event: Speaker TBA - Contact us if interested

Chapter: Triangle Nc

Time: 18:30 (US/Eastern)

Description:

TBA


Event: October Virtual Chapter Meeting

Chapter: Salt Lake City

Time: 12:00 (US/Mountain)

Description:

This month's meetup is VIRTUAL. Join Wasatch AppSec Slack (https://join.slack.com/t/wasatchappsec/shared_invite/zt-h8yyr334-Jz0aQD6CiXMzc5P3e_3JxA) to suggest any additional topics.

Agenda:
12 - 12:45pm
- Discussion (TBD)

12:45 - 1pm
Open Forum, Admin Items, Choose next Guest Speaker

Leaders Zoom Account Two is inviting you to a scheduled Zoom meeting.

Topic: OWASP SLC/Wasatch AppSec - October Chapter Meeting
Time: Oct 29, 2020 12:00 PM Mountain Time (US and Canada)

Join Zoom Meeting
https://zoom.us/j/98770637269?pwd=ekFnVHA3aW03TXkwbFFxKzQ3RUlZdz09

Meeting ID: 987 7063 7269
Passcode: 020827
One tap mobile
+16699006833,,98770637269# US (San Jose)
+12532158782,,98770637269# US (Tacoma)

Dial by your location
+1 669 900 6833 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 929 436 2866 US (New York)
+1 301 715 8592 US (Germantown)
+1 312 626 6799 US (Chicago)
Meeting ID: 987 7063 7269
Find your local number: https://zoom.us/u/aUsjImmBw



October 30, 2020


Event: Live Hacking an API with InsiderPhD/Katie

Chapter: Santa Barbara

Time: 18:00 (US/Pacific)

Description:

NOTE: You need to RSVP in order to get the link the day of the event.

After a little break we're resuming our ~monthly OWASP Santa Barbara events and as usual we're keeping these rather technical. In this case we'll have Katie Paxton-Fear (@InsiderPhD) giving a live and interactive presentation on API hacking.

### Event Agenda (PST timezone) ###
06.00 pm -- Event Kickoff & Announcements, by Walter Martín Villalba, OWASP SB Leader / https://twitter.com/act1vand0
06.15 pm -- Presentation: Live Hacking an API, by Katie Paxton-Fear / https://twitter.com/InsiderPhD
07.15 pm -- Closing Remarks

Abstract:

APIs are everywhere, especially with the rise of mobile and IOT devices and they are my FAVOURITE things to hack. Why? Because they are full of security flaws! From your online banking to your IOT fridge and your government agency, are full of actually quite simple bugs. Now I'm a Bug Bounty hunter, I love a good- er bad API, with impactful bugs.

In this demo I'll take you through how to hack an API and show you real security flaws in organisations, some of which I've found personally, in products you've heard of! We'll cover IDORs/BOLAs, information disclosure, account takeovers, injection + more! Showing how even the simplest of software issues, a missing if statement, can snowball into a major security breach. This is an interactive session and I'll be asking the audience to help give me ideas on how to approach the API!

-- Stream: TBD.
-- Chat: #chapter-santa-barbara channel on https://owasp.slack.com/. If you don't have an account, create one at https://owasp-slack.herokuapp.com/.

Martín & the OWASP SB Team.

PS: if you've been enjoying our frequent events since the relaunch in late 2018, please take a minute to rate our group on meetup.com.


Event: Exploring OWASP ZAP

Chapter: Somerset

Time: 19:00 (US/Eastern)

Description:

If you are not familiar with the OWASP ZAP project this is a great chance to get an introduction to a powerful, free web app scanner. If you are familiar please join and help answer any questions that attendees may have or just enjoy the opportunity to participate in the OWASP Somerset community!

We will look at using the ZAP scanner to find vulnerabilities in web apps. This is the first part of a series on app scanning that will go from the basics to when, how, and why you may want to work with engineering teams to automate security tooling in the DevSecOps pipeline.


Event: Chapter Croatia Virtual Meetup - DefectDojo & Semgrep

Chapter: Croatia

Time: 18:00 (Europe/Zagreb)

Description:

Schedule:
18:00 - 18:15 - Chapter Croatia Public Service Announcements
18:15 - 19:00-> Dubravko Sever - DefectDojo, vidljivost ranjivosti na jednom mjestu
19:15 - 20:00 -> Grayson Hardaway- Enforcing Code & Security Standards with Semgrep
20:00 -> Virtual drinks and chitchat

Abstracts:

Dubravko Sever - DefectDojo, vidljivost ranjivosti na jednom mjestu
Razvoj sigurnih aplikacija oduvijek je bio izazov, posebice pri agilnom pristupu. Teško je pratiti da li nove komponente i ovisnosti otvaraju nove prilike malicioznim osobama. Stoga kontinuirano automatizirano skeniranje koda i integracije aplikacije je nešto bez čega aplikacija ne može u produkciju. Skeniranje se vrši s više međusobno nepovezanih alata. Međutim tu je DefectDojo da olakša život i integrira Vulnerability Management u razvoj aplikacija i životni ciklus.

Bio:
Dubravko Sever: Nakon dugog niza godina u Sveučilišnom računskom centru SRCE, danas zaposlen kao sigurnjak u Deutsche Telekom, Pan-net, gdje se bavi sigurnošću Clouda (in/of) kao i sigurnošću orkestrirane okoline mikroservisa.

Grayson Hardaway: Enforcing Code & Security Standards with Semgrep
We’ll discuss a program analysis tool we’re developing called Semgrep. It's a multilingual semantic tool for writing security and correctness queries on source code (for Python, Java, Go, C, and JS) with a simple “grep-like” interface. The original author, Yoann Padioleau, worked on Semgrep’s predecessor, Coccinelle, for Linux kernel refactoring, and later developed Semgrep while at Facebook. He’s now full time with us at r2c.

Semgrep is a free open-source program analysis toolkit that finds bugs using custom analysis we’ve written and OSS code checks. Semgrep is ideal for security researchers, product security engineers, and developers who want to find complex code patterns without extensive knowledge of ASTs or advanced program analysis concepts.

For example, find subprocess calls with shell=True in Python using the query:
subprocess.open(..., shell=True)
This will even find snippets like:
import subprocess as s
s.open(f'rm {args}', shell=True)

Or find hardcoded credentials using the query:
boto3.client(..., aws_secret_access_key=”...”, aws_access_key_id=”...” )

Source code: https://github.com/returntocorp/semgrep
Test in your browser: https://semgrep.live/

Bio:
Grayson Hardaway is a security researcher at r2c, a startup working on static analysis tools purpose-built for the modern workflow. At r2c, Grayson authors static analysis tailored for finding security vulnerabilities in open source code. Previously, Grayson worked for the US Department of Defense fuzzing and exploiting obscure protocols. When not submitting patches, Grayson is hefting a heavy pack uphill, crafting guitar solos, or learning something new: currently woodworking.



November 05, 2020


Event: Requerimientos de seguridad y cómo probarlos [OWASP (A/MA)SVS y (W/M)STG ]

Chapter: Uruguay

Time: 19:00 (America/Montevideo)

Description:

En esta Meetup virtual les contaremos sobre dos proyectos de OWASP que nos permitirán definir niveles de seguridad para nuestras aplicaciones, así como requerimientos a cumplir, tareas a realizar durante el desarrollo de una aplicación y como podemos probar el cumplimiento de dichos requerimientos.

OWASP ASVS / MASVS: el Estándar de Verificación de Seguridad de Aplicaciones y el Estándar de Verificación de Seguridad de Aplicaciones Móviles (MASVS) de OWASP son, como su nombre lo indica, estándares para la seguridad de aplicaciones web y móviles, respectivamente.

Pueden ser utilizado por arquitectos, desarrolladores y testers de software que buscan desarrollar aplicaciones seguras, pero también puede ser utilizado por los expertos en seguridad para comprobar el nivel de seguridad, para garantizar la integridad y la coherencia de los resultados de las pruebas, dependiendo de si participaron en el proceso de desarrollo. Además, puede ser utilizado por una empresa para establecer un nivel de seguridad y las tareas a realizar por la empresa que le desarrolla sus aplicaciones.

OWASP WSTG / MSTG: la Guía de Pruebas de Seguridad Web (WSTG) y la Guía de Pruebas de Seguridad Móvil (MSTG) de OWASP son manuales completos de pruebas de seguridad en aplicaciones web y móviles. Estos proyectos proporcionan a los desarrolladores, testers y expertos en seguridad casos de prueba detallados para el análisis tanto estático como dinámico, algunas herramientas recomendadas y podría ayudarnos a realizar ingeniería inversa y a manipular una aplicación móvil.

Les contaremos cómo utilizar ambos proyectos para mejorar la seguridad en sus proyectos web y móviles.



November 06, 2020


Event: OWASP Meetup - CTF

Chapter: Saint Louis

Time: 19:00 (US/Central)

Description:

Capture the Flag (CTF) is a computer security competition. CTF contests are usually designed to serve as an educational exercise to give participants experience in securing a machine, as well as conducting and reacting to the sort of attacks found in the real world. Reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis.

* This will be an open CTF which means this is open book. You may use any tool or internet accessible resource: Burpsuite, IDE, Metasploit, etc.

* Work in single or 2 person teams

* Be the person/team with the most challenges completed to win (time will determine a tie)



November 11, 2020


Event: A pentester’s guide to Kubernetes Security

Chapter: Singapore

Time: 19:30 (Asia/Singapore)

Description:



November 13, 2020


Event: OWASP @ BSides CT (Virtual)

Chapter: Hartford

Time: 09:00 (US/Eastern)

Description:

Schedule TBD

Workshops:
11/13 : Sign up for the Red Hat Ansible Workshop here.
11/14 : Sign up for the Lock Picking workshop here.

Registration: $5-$20
https://www.eventbrite.com/e/bsides-ct-2020-tickets-124263959849

Security BSides is a community-driven framework used to build events for and by information security community members, events where individuals have opportunities to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense experience designed to expand the spectrum of conversation beyond the traditional confines of space and time with discussions, demos, and participant interaction. It’s where conversations on the next big thing are happening