OWASP Leiria
Welcome to OWASP Leiria!
The objective of this chapter is to promote application security in Leiria, through the engagement of the local community, meetings and events organization, and project participation.
Follow us and stay up to date
Use the Social Links on the right to follow us to stay up to date with our events.
Next Meeting/Event
We are working on it! Stay tuned.
Participation
Call for Talks
Are you interested in speaking at our meetups? Beginner or advanced, attack or defense, technical or not, submit your talk here.
Sponsorship
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.
Chapters are led by local leaders in accordance with the Chapters Policy. Financial contributions should only be made online using the authorized online donation button.
Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.
History
The OWASP Leiria Chapter started its activities in January 2025.
First Event
#0 - The Castle: February 6th, 2025 @ synvert xgeeks
Talk: Do Not Live in the Shadows (APIs) by Teresa Pereira (Cyber Threat Hunter @ Siemens Energy & OWASP Leiria Co-Organizer)
Abstract: This talk explores the concept of Shadow APIs, starting with a clear definition and their origins, and examines the multifaceted risks they introduce to software development. Through real-world examples, we will highlight the potential consequences of ignoring these “hidden doors” and discuss strategies for their identification, management, and mitigation. By the end of this session, you will gain actionable insights and strategies to reduce the risks posed by Shadow APIs and build more resilient, secure, and compliant systems.
Second Event
#1 - Leiria Pine Forest: April 10th, 2025 @ FNAC Auditório, LeiriaShopping
Talk: HTML Smuggling to EDR Bypass by Milton Araújo (Security Researcher @ Secure Tecnologia)
Abstract: Delve into how cybercriminals utilize HTML Smuggling to circumvent traditional security measures like Antivirus (AV) and Endpoint Detection and Response (EDR) solutions. This session will explore the nuances of this stealthy attack method, showcasing how malicious payloads can be discreetly delivered to target devices via browsers while evading standard security protocols.
Last Event
#3 - The Old Glass Factory: September 19th, 2025 @ HLink offices (Marinha Grande)
Talk 1: Build Your Software Like a Fortress: Secure Configurations as Your First Line of Defense by Daniel Pinto (CTO & Senior Software Engineer @ Setwin)
Abstract: When building modern web applications and APIs, many developers focus on writing secure code — but overlook the crucial impact of deployment configurations. From authentication layers to RBAC, from HTTPS enforcement to header settings and firewall rules, misconfigurations remain one of the top causes of security breaches today. In this talk, we’ll explore how simple configuration decisions can have a massive impact on your application’s security posture. We’ll walk through real-world examples, common pitfalls, and practical strategies to harden your software during deployment — without introducing complexity or slowing down development. Whether you’re a developer or part of a DevSecOps team, you’ll leave with actionable insights to help you build secure-by-default systems from the ground up.
Talk 2: AI-Driven Offense: Enhancing Every Phase of Web Testing by José Irio (Cybersecurity Consultant @ VisionWare)
Abstract: Artificial Intelligence is rapidly reshaping offensive security. In this talk, we’ll explore how AI can be practically applied to improve web application testing. We’ll break down each phase of a typical assessment (reconnaissance, exploitation, and reporting) and highlight existing AI-powered tools developed by the security community. From automating tedious tasks to uncovering insights that might otherwise be missed, these tools demonstrate how AI can help testers improve both the efficiency and depth of web app security assessments.