OWASP Porto

Porto Chapter Logo, image By Sean Pavone - Porto https://www.istockphoto.com/br/foto/porto-portugal-na-ponte-dom-luis-gm533960357-56505746

Welcome to the OWASP Porto chapter

Welcome to the new OWASP Porto chapter.

The objective of this chapter is to promote application security in Porto, through the engagement of the local community, meetings and events organization, and project participation.

Join us!

Follow us and stay up to date

Use the Social Links on the right to follow us to stay up to date with our events:

Next event:

May 29th, 2024. To be confirmed.

Participation

Call for Talks

Are you interested in speaking at our meetups? Beginner or advanced, attack or defense, technical or not, submit your talk here.

Sponsorship

The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects ,tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Chapters are led by local leaders in accordance with the Chapters Policy. Financial contributions should only be made online using the authorized online donation button.

Everyone is welcome and encouraged to participate in our Projects, Local Chapters, Events, Online Groups, and Community Slack Channel. We especially encourage diversity in all our initiatives. OWASP is a fantastic place to learn about application security, to network, and even to build your reputation as an expert. We also encourage you to be become a member or consider a donation to support our ongoing work.

Last event:

March 6th, 2024. See it on meetup.com.

OWASP Porto Chapter Meetup 2024

Next event:

May 29th, 2024. To be confirmed.

Last event:

March 6th, 2024. See it on meetup.com.

#1 Kickoff: March 6th, 2024 @Boost IT

Agenda:

18:00 - Intro and Welcome by the OWASP Porto chapter leadership
18:15 - The Security of Large Language Models by Nuno Pereira
19:10 - SBOM, SBOM, you’re an SBOM by Diogo Sousa
20:00 - Drinks & Dinner by Boost IT

Talks:

The Security of Large Language Models

Large Language Models (LLMs) received a lot of attention recently and it is possible to find them integrated into various applications, from well-known chat applications to content creation, search, translation and much more. We will overview LLMs and delve into some details to better understand known attacks.

Nuno Pereira

Nuno Pereira taught cybersecurity-related topics for more than 15 years. LinkedIn

SBOM, SBOM, you’re an SBOM

Software Bill of Materials (SBOM) is a concept that recently has been making waves in SDLC spaces but it isn’t entirely new. Most mature languages have a (sometimes) mature package management system, either built-in (e.g., Rust’s cargo) or de facto (e.g., Maven) that allows developers to define dependencies, resolve conflicts and do composition analysis. SBOMs, however, allow you to take this one step further, making it language-agnostic and allowing components from different ecosystems to use a common language for comparisons and analysis. However, we don’t get those features out of the box. For example, consider common libraries in different package repositories - are all OpenSSL packages created equally and equivalent? OWASP is playing a part in this via its support for projects like CycloneDX which aims to provide a full-stack BOM standard to cover specific scopes such as the CBOM (Cryptography) and HBOM (Hardware) among others. This shift towards software being more transparent and traceable is not without its detractors, as entire business models are predicated on customers using purely opaque boxes. In the spirit of the topic, here is a Talk Bill of Topics:

  • Are BOM requirements burdensome?
  • Are we revealing too much of the “secret sauce”?
  • Does having an SBOM instantly make a piece of software more secure?
  • If we take a piece of software and replace every entry in its BOM with fully equivalent packages, one by one, is it still the same software in the end? This talk targets a beginner to intermediate audience and will provide an overview of (S)BOMs, their ongoing challenges, and what they can bring to the table in terms of security.

Diogo Sousa

An opinionated individual with an interest in cryptography and its intersection with secure software development. LinkedIn

Photos from the meetup

#1 Kickoff #1 Kickoff #1 Kickoff

History

The OWASP Porto Chapter started its activities in 2024. Have a look at the past events tab for a list of our events.

Watch Star