Upcoming OWASP Chapter Meetup Events (next 30 days)


Quick List (Details below)


January 20, 2021


Event: OWASP Ottawa: January 2021 Meetup

Chapter: Ottawa

Time: 19:00 (Canada/Eastern)

Description:

Special Notice:

Due to the COVID-19 (Coronavirus) pandemic our events will continue online on our YouTube channel.

Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!

We will post information here and on all our other medias (email, twitter etc.) as we are closer to the date.

https://www.youtube.com/watch?v=6tiOc1OO2PI

7:00 EDT PM: Technical Talks

1. Announcements

2. The Elephant Room: Presentations on Those things we all deal with but nobody talks about.

Abstract:
This meetup we are fortunate to have Dr. Gordon Josephson, a local clinical psychologist, who will respond to the questions we received in our brief online survey on Workplace Stress and Mental Health in the IT and Security Fields.

Bio:

Dr. Gordon Josephson is registered as a psychologist with the College of Psychologists of Ontario and has been working in private practice since 2004. Dr. Josephson obtained a doctoral degree in Clinical Psychology from the University of Ottawa in 2004. Prior to this, he worked both internationally and in the Federal Government and as such he brings to his interactions with clients his experience and knowledge from working cross-culturally and in the culture of the Federal Government.

Dr. Josephson provides psychotherapy and assessment services to adults experiencing a variety of challenges such as: anxiety, depression, stress, anger, relationship difficulties, career concerns and adjustment to major life changes (including injury and illness).

Dr. Josephson has a longstanding interest in Health Psychology and in the role of Psychology in not only treating but preventing physical and mental health problems; particularly through assisting people to better understand and increase their motivation for emotional and physical self-care/fitness.

3. Measurement & Reporting for Appsec & Vulnerability Management

Abstract:
Intelligent metrics can help you get other people to do things they might not otherwise do, get your team to do things better (and understand what better means), show success towards objectives, and predict or plan for the future. Join Opheliar Chan as she shares her experiences building metrics to support application security and vulnerability management programs.

Bio:
Opheliar Chan spends most of her time trying to make software security more accessible, pragmatic, and FUD-free, both as Director of Advisory at Security Compass, while moonlighting as co-lead of the OWASP Toronto Chapter, or as a volunteer or advisor for other infosec groups. For over a decade, she has focused on application security, SDLC process consulting and implementations, program building, penetration testing/vulnerability assessments, and related. Prior to her career in consulting, she worked in security research, web application development, and technical writing.


Event: Join us (virtually) for Boulder/Denver OWASP’s January Meeting!!!

Chapter: Boulder

Time: 17:30 (US/Mountain)

Description:

Join us on zoom (link to be posted shortly)
================================================================
Archetypal Secure Application Design Pattern: The Next Evolution
================================================================

This is the next evolution of the App Sec Effort to move security left
through repeatable secure software design patterns. Security
responsibilities and controls are distributed across various levels of
(IDE-consumable!) UML diagrams; they become Patterns as Code, Architecture
as Code, Config as Code. Now the diagrams are actually useful to the
builders and designers, so no effort is wasted, producing true agility
through treating software archetypes as repeatable, solvable problems with
appropriate security baked in, just in time, rather than bolted on as an
afterthought. Bigger, better, and with real examples. Help us improve
patterns to improve software security.

================================================================
Speaker: Joe Gerber
================================================================

Joe Gerber is a Secure Software Architect and Secure Software Design
practice lead with 10+ years of secure software design experience. He is
also a recovering senior web developer and former embedded systems
programmer. He deeply desires to use patterns to truly make secure software development a repeatable phenomenon.

He has previously presented at:
- RMISC 2018
- SnowFroc 2018
- Three OWASP Chapter meetings
- Local community IT professional groups
- Lead App Sec presenter at quarterly classes held by my employer

He was a volunteer at Defcon’s inaugural App Sec Village


Event: Join us (virtually) for Denver/Boulder OWASP’s January Meeting!!!

Chapter: Denver

Time: 17:30 (US/Mountain)

Description:

Join us on zoom (link to be posted shortly)
================================================================
Archetypal Secure Application Design Pattern: The Next Evolution
================================================================

This is the next evolution of the App Sec Effort to move security left
through repeatable secure software design patterns. Security
responsibilities and controls are distributed across various levels of
(IDE-consumable!) UML diagrams; they become Patterns as Code, Architecture
as Code, Config as Code. Now the diagrams are actually useful to the
builders and designers, so no effort is wasted, producing true agility
through treating software archetypes as repeatable, solvable problems with
appropriate security baked in, just in time, rather than bolted on as an
afterthought. Bigger, better, and with real examples. Help us improve
patterns to improve software security.

================================================================
Speaker: Joe Gerber
================================================================

Joe Gerber is a Secure Software Architect and Secure Software Design
practice lead with 10+ years of secure software design experience. He is
also a recovering senior web developer and former embedded systems
programmer. He deeply desires to use patterns to truly make secure software development a repeatable phenomenon.

He has previously presented at:
- RMISC 2018
- SnowFroc 2018
- Three OWASP Chapter meetings
- Local community IT professional groups
- Lead App Sec presenter at quarterly classes held by my employer

He was a volunteer at Defcon’s inaugural App Sec Village


Event: January 2021 Virtual AppSec Meetup

Chapter: Victoria

Time: 18:00 (Canada/Pacific)

Description:

The OWASP Victoria chapter is pleased to present our first
event since OWASP BC Day. Michael Cavallin will be delivering a talk on Zero Trust Design for Web Applications.

The event will be held online on January 20th from 6:00pm – 7:30pm.

It will feature Michael’s talk followed by a Q&A and a draw for a prize (must be registered member). Join us for an evening of application security in the new year!

Visit our OWASP Chapter to learn more about us at https://owasp.org/www-chapter-victoria/

Speaker: Michael Cavallin
Presentation: Zero Trust Design for Web Applications (1.5 hr)

Abstract: Why do the internet's largest companies use Zero Trust designs? Zero Trust makes attackers' lives hard! You'll leave this talk with three main takeaways: 1) Why Zero Trust design is so important for web application design. 2) A phased approach you can take with your old and new projects. 3) Learn about a simple, secure, scalable Zero Trust reference design you can implement using Okta and Cloudflare (and see a demo!).

Biography: Michael is a senior member of BCI's Cyber Security Engineering team and a champion of Zero Trust designs. Michael's own cybersecurity research has discovered and reported security vulnerabilities involving the US Department of Homeland Security's ICS CERT, ICS/SCADA vendors, Defence Research and Development Canada and hardware/software vendors.



January 21, 2021


Event: Panel Debate, Post Pandemic Cybersecurity

Chapter: Copenhagen

Time: 20:00 (Europe/Copenhagen)

Description:

On January 21st you will have the opportunity to listen to and ask questions for not one, but three panelists about security in a post-pandemic world.

As we move into this mid- and post-pandemic world with remote and in-office work blending, what must organizations consider, in order to sustain data and application security and privacy while still considering an efficient working- and user experience? How does remote work change the security stack mix? And what’s still missing?

We will also be diving into how innovation in cyber became a must and how that can and will support companies and users on a daily basis.

YOUR PANELISTS ARE

Lone Juul Dransfeldt Christensen, Senior Security Architect at Bang & Olufsen. Formely in NNIT and the Danish Police.
https://www.linkedin.com/in/ldransfeldt/

Martin Clausen, Chief Security Architect, Head of Architecture, Research and Development at Saxo Bank. Former Head of Cyber Innovation Labs at Danske Bank.
https://www.linkedin.com/in/martin-clausen/

Luke Herbert-Andersen, PhD in Computer Science.
https://www.linkedin.com/in/lukeherbert/

YOU CAN ASK QUESTIONS
Is there a question you want to ask the panelists? Write a comment below with your question, or go to twitter, mention OWASPCPH together with you question, and we will collect them and prepare for the panelists!
https://twitter.com/owaspcph

THIS IS AN ONLINE EVENT
Before January 21st, you will receive an e-mail with a link for the event.


Event: 2021 Kickoff Meeting (Security in a post COVID World)

Chapter: Charlotte

Time: 19:00 (US/Eastern)

Description:

Come join us for our First meeting of the year and a frank discussion of Covid and its affect on security this year.


Event: OWASP Sacramento Hangout (Google Meet)

Chapter: Sacramento

Time: 17:00 (US/Pacific)

Description:

Please note that this meetup is remote only!! Meetup won’t let us remove the location!!

Happy New Years, Chapter!

Hope everyone is healthy and safe!

This month, continuing our abundance of caution, we are going to hold our meetup remotely on Google Hangouts. Please try to join from a computer.

Agenda:
- Community Topics
- OWASP Membership and upcoming events
- Main Topic: Threatspec - how to Threat Model code better.
- Q&A

For more information about OWASP, please visit our Wiki at https://owasp.org/www-chapter-sacramento/



January 22, 2021


Event: OWASP API Security Top 10

Chapter: Dhaka

Time: 19:00 (Asia/Dhaka)

Description:

In December 2019, OWASP published its first top 10 risk list for API security. With this step, OWASP confirms the increasing importance of API security for companies. The talk looks at the new risks and contrasts them with the top 10 risks for web applications. While security products can help to mitigate certain risks as an additional defense line, API developers have the ultimate responsibility for their code and must know the risks to avoid them.

This will be an online live event (link will be added before the event).

Speaker Biodata of Mr. Md Jahangir Alam:
Md Jahangir Alam is the leader of the OWASP Dhaka Chapter. He is the Head of IT Security at Shimanto Bank Limited and Director of Marketing, ISACA Dhaka Chapter. He is a Certified Information System Auditor (CISA), ISO 27001 Lead Auditor, Certified Ethical Hacker (CEH), Certified Blockchain Professional (CBP), and Lean Six Sigma Black Belt (LSSBB). He is a CSE Graduate from a reputed private university in Bangladesh.



January 23, 2021


Event: Strategic Usage of OWASP SAMM and OWASP DSOMM

Chapter: Jakarta

Time: 15:00 (Asia/Jakarta)

Description:

Strategic Usage of OWASP SAMM and OWASP DSOMM

Description :
From a startup to a multinational corporation the software development industry is currently dominated by agile frameworks and product teams and as part of it DevOps strategies.

It has been observed that during implementation, security aspects can be missed. The OWASP Software Assurance Maturity Model and the OWASP DevSecOps Maturity Model, which are presented in the talk, show security measures which are applied when using DevOps strategies and how these can be prioritized. With the help of DevOps strategies security can also be enhanced. Under the guidance of the forward-looking DevSecOps Maturity Model, appropriate principles and measures can defend against attacks.

In this session Timo will give an introduction and answers questions like when to use OWASP SAMM and when and how to use DSOMM.

Bio:
Timo has been in the IT industry for over twenty years. After being a system administrator and web developer in his early times, he became involved in OWASP. He now advises his clients on DevOps security, either hands on or as a trainer, with the focus on security test automation for software and infrastructure.
more details :
https://pagel.pro/



January 26, 2021


Event: OWASP Dallas January Meeting

Chapter: Dallas

Time: 12:00 (US/Central)

Description:

Title:

IoT Security’s Lucky 13

Description:

AWS offers an IoT stack that has the goal of simplifying gaining value from smart device - edge device - cloud orchestration. The stack is deceptively simple to use, but, as always, the devil is in the detail when it comes to security.

This talk will:
* Introduce the AWS IoT stack
* Provide a quick overview of the ETSI EN 303 645 security guidelines
* Show how AWS security features can help support the recommendations in the ETSI standard by working through a practical use case: EZTEA

Bio:

Jennifer Janesko is a Senior Consultant at Synopys, Inc. and has worked in security for the past six years focusing on cloud, IoT and application security. Prior to her transition to information security, Jennifer worked for over 15 years in IT as a developer and leader in the areas of education, telecommunications, and semiconductors. She volunteers as an organizer for the yearly BSidesMunich security conference and the security group MUC:SEC e.V.. In her free time, Jennifer enjoys running, hiking, competing in (and making) CTFs and tinkering with technologies.



January 27, 2021


Event: OWASP South Florida Chapter Meeting January 2021

Chapter: South Florida

Time: 18:00 (US/Eastern)

Description:

IMPORTANT NOTE: Due to ongoing COVID-19 public health concerns, we will be hosting this meeting online. The meeting’s URL will become visible on the meetup page after you RSVP.

Happy New Year! Please join us virtually for our January 2021 Meeting.

BYOB - Bring Your Own Beverage

Agenda
=======
+Chapter updates/announcements, etc.

Talk: Infrastructure-as-Code(IaC) – An Introduction to Terraform

Presenter: Pradip Gupta and Rose Gupta

Pradip Gupta: Working as Leader for Attain, LLC. A certified OCI Could Architecture and Terraform Architecture

Rose Gupta : Pursuing her MS in Computer Science with specialization in Network Security from FIU also SRE at Malewarebytes, Inc, also OCI Foundations Certified who has been working closely with DevSecOps team on day to day basis with AWS platform.

Topics covered:
· Why Infrastructure As Code

· Terraform – How does it work

· Terraform Basics

o Commands

o Resource

o File Structure

o Data Source

· Demo

· Knowledge Check

· Q & A


Event: January 2021 Chapter Meeting

Chapter: Salt Lake City

Time: 12:00 (US/Mountain)

Description:

This month's meetup is VIRTUAL. Join Wasatch AppSec Slack (https://join.slack.com/t/wasatchappsec/shared_invite/zt-h8yyr334-Jz0aQD6CiXMzc5P3e_3JxA) to suggest any additional topics.

Agenda:
12 - 12:50pm
- OWASP SAMM (Software Assurance Maturity Model) with Brian Glas.

12:50 - 1pm
Open Forum, Admin Items, Choose next Guest Speaker

Abstract: OWASP SAMM (https://owaspsamm.org) is the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture. Building security into the software development and management practices of a company can be a daunting task. There are many elements to the equation: company structure, different stakeholders, technology stacks, tools and processes, and so forth. Implementing software assurance will have a significant impact on the organization. Yet, trying to achieve this without a good framework is most likely leading to just marginal and unsustainable improvements. OWASP Software Assurance Maturity Model (SAMM) gives you a structural and measurable framework to do just that. It enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organization. In this talk, we give an overview of the new release of the SAMM model. After 10 years since its first conception, it was important to align it with today’s development practices.
We will cover a number of topics in the talk: (i) the core structure of the model, which was redesigned and extended to align with modern development practices, (ii) the measurement model which was set up to cover both coverage and quality and (iii) the new security practice streams where the SAMM activities are grouped in maturity levels. We will demonstrate the new SAMM2 toolbox to measure the maturity of an example DevOps team and how you can create a roadmap of activities.
Bio: Brian Glas has worked in IT for almost 20 years and information/application security for the last decade. He started as an enterprise Java developer, then transitioned to helping build an application security program as both tech lead and manager. He later played the role of enterprise architect and did a little incident response and reverse engineering malware for fun. Glas then spent a number of years as a consultant helping clients build AppSec programs, create/update SDLCs, and other related initiatives. He has worked on the Trustworthy Computing team at Microsoft and is now an assistant professor of Computer Science at Union University authoring a Cybersecurity program. He also has been a co-lead for SAMM v2 and the OWASP Top 10.

Leaders Zoom Account Two is inviting you to a scheduled Zoom meeting.

Topic: OWASP SLC/Wasatch AppSec January 2021 Chapter Meeting
Time: Jan 27, 2021 12:00 PM Mountain Time (US and Canada)

Join Zoom Meeting
https://zoom.us/j/99613814556?pwd=eHZjOHhPakZBanlHUXZXbkVocERyUT09

Meeting ID: 996 1381 4556
Passcode: 276752
One tap mobile
+12532158782,,99613814556# US (Tacoma)
+13462487799,,99613814556# US (Houston)

Dial by your location
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
+1 301 715 8592 US (Washington D.C)
+1 312 626 6799 US (Chicago)
+1 929 436 2866 US (New York)
Meeting ID: 996 1381 4556
Find your local number: https://zoom.us/u/adRd8fuD01



January 28, 2021


Event: Virtual Meeting: BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!

Chapter: Orange County

Time: 17:45 (US/Pacific)

Description:

Speaker: Adam Fisher, Principal Security Engineer, Salt Security

Topic: BOLA, IDOR, MA, BFLA. Welcome to the OWASP API Top 10!

Abstract:
In this presentation, Adam will introduce the audience to the OWASP API TOP 10 Security Threats. Adam will highlight the unique attack vectors that API Applications face, review specific breach examples, and why OWASP felt it necessary to specifically highlight these vulnerabilities in a new Top 10 list. We will also explore various efforts by the security industry to secure API Applications and what businesses should expect as they evaluate an API security solution.

Speaker Bio:
Adam Fisher is an Enterprise Security Expert whose qualifications include a Bachelor of Science in Information Systems, Master of Business in Information Technology Management, and maintains a number of certifications, CISSP, CCSP, AWS Security Associate, Azure MCP. Adam has a detailed knowledge of Enterprise Security best practices and technologies and has been focused on the creation and deployment of solutions protecting networks, systems, and information assets for Fortune 500 companies and Government Agencies. Adam has worked on Secret level clearance projects for the United States Government and the United Kingdom. Deploying security solutions and network technologies while protecting key government data and assets. In addition, Adam is a respected blogger and thought leader on Enterprise Security.

LinkedIn: https://www.linkedin.com/in/adamfisher/

Schedule:
5:45pm: Introduction, Presentation & Q&A

NOTE: Due to the continuing health concerns relating to the spread of the coronavirus disease (COVID-19), we will be meeting virtually until further notice.


Event: Speaker TBA - Contact us if interested

Chapter: Triangle Nc

Time: 18:30 (US/Eastern)

Description:

TBA



January 29, 2021


Event: OWASP SAMM2 - Your Dynamic Software Security Journey

Chapter: Tunisia

Time: 12:00 (Africa/Tunis)

Description:

Take your ticket here: https://www.eventbrite.co.uk/e/owasp-samm2-your-dynamic-software-security-journey-tickets-136600244007

Thanks to Our Guest: Sebastien Deleersnyder

Sebastien Deleersnyder (https://twitter.com/sebadele) is co-founder, CEO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security. Seba also co-founded the yearly security & hacker BruCON conference and trainings in Belgium. With a background in development and many years of experience in security, he has trained countless developers to create software more securely. He has led OWASP projects such as OWASP SAMM, thereby truly making the world a little bit safer. Now he is adapting application security models to the evolving field of DevOps and is also focused on bringing Threat Modeling to a wider audience.

Desription

OWASP Software Assurance Maturity Model (SAMM) enables you to formulate and implement a strategy for software security that is tailored to the risk profile of your organisation. In this talk, we give an overview of the new release of the SAMM model. After 10 years since its first conception, it was important to align it with today’s development practices. We will cover a number of topics in the talk:
the core structure of the model, which was redesigned and extended to align with modern development practices, the measurement model which was setup to cover both coverage and quality and the new security practice streams where the SAMM activities are grouped in maturity levels. We will demonstrate the new SAMM2 toolbox to measure the maturity of an example development team and how you can create a roadmap of activities.


Event: OWASP 2021 with Cleveland Chapter

Chapter: Cleveland

Time: 18:30 (US/Eastern)

Description:

The OWASP Cleveland Chapter will host its first meeting which will kickoff on Friday, January 29, 2021 at 6:30 pm EST. The first meeting will provide an introduction to what you can expect from our chapter in 2021 and it will also serve as our first membership drive. The chapter leaders are Eric Potter, Ian Mulhern, and Princeton Brooke. Each leader has adopted an OWASP project that will be reviewed in the first meeting and then expanded-on throughout the course of 2021. We look forward to serving the OWASP community, the city of Cleveland and Northeast Ohio, and security practitioners all over the world.

We look forward to hearing from members and having open dialog on how our chapter can assist in servicing the needs of the greater OWASP organization.

We will update this posting with the destination URL.



February 09, 2021


Event: ZAP Automation in CI/CD

Chapter: Switzerland

Time: 18:00 (Europe/Zurich)

Description:

OWASP ZAP is probably the most frequently used web application scanner in the world, and automation is one of its strengths.
In this talk Simon will explain the different options you have for running ZAP in a CI/CD pipeline ranging from the packaged scans to directly driving the ZAP API.
He will also explain (and maybe even demo) a new ZAP automation framework which is currently under development.

ZAP is an OWASP flagship project and you can find more information on https://www.zaproxy.org/ .

About your speaker:
Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production.
He has talked about and demonstrated ZAP at conferences all over the world, including Blackhat, JavaOne, FOSDEM and OWASP AppSec EU, USA & AsiaPac.
Prior to making the move into security he was a developer for 25 years and strongly believes that you cannot build secure web applications without knowing how to attack them.

(Note: The link to the event will be added before the event starts.)



February 11, 2021


Event: February meeting: The state of IoT security

Chapter: Minneapolis St Paul

Time: 19:00 (US/Central)

Description:

TBD