Welcome to the OWASP Riyadh chapter homepage. OWASP (The Open Web Application Security Project) is a worldwide not-for-profit organisation focused on improving the security of software. With over 200 local Chapters worldwide and 45,000+ volunteers OWASP’s open community is dedicated to enabling organisations and individuals to develop and maintain applications that can be trusted. OWASP’s meet-ups, tools, standards, guidelines, documents and forums are free and open to anyone interested in improving application security. The chapter leader is Aatif Khan, the event organizer is Rayed Almutiry and the chapter coordinator is Hala Ehab. Follow chapter news on LinkedIn | Twitter | [Telegram] - @owaspriyadh
September Event Details
Date - 26th September 2020
Time - 4:15 PM
DevSecOps:Separating Myth from reality
When you think about DevSecOps or DevOps, you probably think of tooling. A tool in every stage of secure SDLC, scanning on each commit. A few hundred to few thousand scans to gather all the issues for a project or maybe vulnerability management.Yet DevSecOps has completely changed the way we think of security. New ways of scaling information security mean that traditional security mechanisms like pentesting are no longer holy grails to secure organizations.More and more, organizations are working towards building security inside out rather than bolting it at the end, and security engineers are starting to see the benefits of this new type of security.But as more companies begin to embrace DevSecOps, both organizations and security managers have discovered that DevSecOps has its own complexities. These days there’s more folklore than the science behind DevSecOps in organizations, more myths than reality.Yet with the right attitude and a few simple ground rules, companies can benefit significantly from DevSecOps.
In this talk, you’ll also learn:
- How organizations can bust DevSecOps myths and concentrate on reality.
- Why it’s a good idea to think DevSecOps program from the organization’s point of view.
- Why organizations need to streamline DevSecOps by concentrating on People, Process, and Technology.
Speaker - Mohammed A. Imran
Mohammed A. “secfigo” Imran is the Founder and CEO of Practical DevSecOps and seasoned security professional with over a decade of experience in helping organizations in their Information Security Programs. He has a diverse background in R&D, consulting, and product-based companies with a passion for solving complex security programs. He was the winner of DevSecOps Leadership award in United Kingdom for his contribution to the DevSecOps community globally. He was also nominated as a community star for being the go-to person in the community whose contributions and knowledge sharing has helped many professionals in the security industry. He is usually seen speaking and giving training in conferences like Blackhat, BruCon, DevSecCon, AppSec, All Day DevOps, Nullcon, and many other international conferences. He is the founder of Null Singapore, the most significant information security community in Singapore, where he has organized more than 60 events & workshops to spread security awareness.
His courses are avaiable at - Practical DevSecOps
August Event Details
Date - 29th August 2020
Time - 4:00 PM
Zero Trusting Your Enterprise - A Deep Dive Technical Implementation Guide.
Traditional IT network security is based on the castle concept. In castle security, it is hard to obtain access from outside the network, but everyone inside the network is trusted by default. Zero trust security is an IT security model that requires strict identity verification for every user and device trying to access resources on a network, regardless of whether they are sitting within or outside of the network perimeter. Zero trust s a holistic approach to network security that incorporates several different principles and implementations. We will discuss the best recommended ways to start implementing the zero trust concept in your enterprise.
Speaker - Abdulrahman Al-Nimari
A self-motivated renowned cyber security expert and a frequent conference speaker with more than 25 years of IT and cybersecurity experience. Al-Nimari played different roles, in government and private sectors, in different IT and cyber security fields: Network/System Administration, IT Management, Cybersecurity Advisory and Architecting. Always working to advance cyber security and contribute to community. Al-Nimari was awarded the Arab Social Media Cyber Security Influencer Award for year 2019. He holds industry standard cyber security and project management certifications: CISSP, CISM, CCISO, PMP, GSEC, GCIA, GCIH, GCUX, GREM, BCVRE
March Event Details
Date - 14th March 2020
Location - Al Masaa Cafe, 2239 Al Urubah Rd, Al Wurud, Riyadh 12214
20:00 - Introduction to OWASP Riyadh and the annual plan
20:30 - Brief Talk on “OWASP API Security Top 10” followed by Group Discussion
21:00 - Coffee and Networking
Attending the event: Kindly send us an email with your name and contact number to block your seat.
OWASP Riyadh conducts meetings/talks at various locations across Riyadh. Currently, we are organizing events virtually.We organize quarterly talks on various topics covering application security. Moreover, there are also CTFs and workshops planned frequently.
Speaking at OWASP Riyadh Chapter Events
Call For Speakers
Call For Speakers is open - if you would like to present a talk on Application Security at future OWASP Riyadh Chapter events - please review and agree with the OWASP Speaker Agreement and send the proposed talk title, abstract and speaker bio to us via e-mail:
aatif.khan (at) owasp.org
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.