OWASP Community Meetings


Quick List (Details below)


March 03, 2025


Event: OWASP Houston Chapter In-person Meetup at Main Event Katy, TX

Group: Houston

Time: 18:30-06:00 (America/Chicago)

Description: This will be an informal meeting where people on the west side can get together for a little bit. No formal agenda but hopefully we can find volunteers who are willing to start leading events. If you would like to host something similar in your part of town, please add your recommendations in the comments. Main Event is family friendly, so you can combine the meeting with some family game time. 24401 Katy Freeway, Katy, TX 77494 https://www.mainevent.com/locations/texas/katy/



March 04, 2025


Event: AppSec Card Games

Group: Cleveland

Time: 16:00-05:00 (America/New_York)

Description: We're hosting another card game event! We'll be playing [Cornucopia](https://owasp.org/www-project-cornucopia/), a game about threat modeling. If you work with software and want to learn how cybersecurity pros make it safer, this game is for you. We'll set up two teams of six: **Team 1** will be threat modeling a mobile banking app, and **Team 2** a hot new social media app. We'll compare results between the two teams at the end. Space for Cornucopia is limited, but we're bringing more card games like: * [Cards Against AppSec](https://github.com/semgrep/cards-against-appsec) * [Spot the Secrets](https://labs.gitguardian.com/spot-the-secrets) * [Backdoors and Breaches](https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/)


Event: March 2025 Meeting

Group: Phoenix

Time: 19:30-07:00 (America/Phoenix)

Description: **Amateur Radio for Cybersecurity Professionals** (20-30 minutes)



March 06, 2025


Event: SCaLE 22x – the 22nd Annual Southern California Linux Expo

Group: Los Angeles

Time: 09:00-08:00 (America/Los_Angeles)

Description: ***SCaLE22x – the 22nd Annual Southern California Linux Expo***, will take place March 6-9, 2025 at the Pasadena Convention Center in Pasadena, CA. \*\*[Register Now](https://register.socallinuxexpo.org/reg6/)\*\* using code **OWASP** to receive a **50% discount off registration!** **SCaLE** is the largest community-run open-source and free software conference in North America. It is held annually in the greater Los Angeles area. Several **co-located Events**, including Cloud Native Days LA, DevOpsDay LA, PlanetNix, Beginner Linux Training, UbuCon will kickoff the conference on **Thursday**. **Expo** is open Friday - Sunday. **Talks and workshops** are Thursday - Sunday. [Solomon Hykes](https://www.socallinuxexpo.org/scale/22x/speakers/solomon-hykes), creator of Docker and co-founder of Dagger.io will deliver the opening keynote, "Robots building Robots", while [Leslie Lamport](https://www.socallinuxexpo.org/scale/22x/speakers/leslie-lamport), Turing Award winner and pioneer in the field of distributed computing will close the conference Sunday evening. In between, there are dozens of talks and workshops available spanning nine tracks: Security, Developer, FOSS @ HOME, Open Source AI, Cloud Native, Kernel & Low Level Systems, Systems & Infrastructure, Observability, and General. Don't miss this amazing opportunity to attend this conference and expand your knowledge or brush up on what you already know. \*\*[Register Now](https://register.socallinuxexpo.org/reg6/)\*\* using code **OWASP** to receive a **50% discount off registration!** /\*\* THIS IS A PAID CONFERENCE \*\*/ And finally **don't forget** to visit us at the OWASP Los Angeles booth!


Event: 2nd Annual 2025 OWASP Maine Secure Coding Tournament Sponsored by Endor Labs

Group: Maine

Time: 18:00-05:00 (America/New_York)

Description: Are you an appsec guru and pride yourself in secure coding? Are you a developer and know you write **THE MOST** secure code out of your peers? Well here is your chance to come out and prove it and win **$CASH!$** sponsored by Endor Labs! OWASP Maine partnered with Secure Code Warrior and Endor Labs will be hosting the 2nd annual OWASP Maine Secure Coding Tournament! This will be an in-person meetup where we welcome all software developers and appsec professionals from entry-level to principal. Bring your laptop and your secure coding wits and compete against your peers to be crowned the most secure coder in the state of Maine for 2025! **Prizes will be as follows:** **1st Place** * Crowned most secure coder in the state of Maine * Pretty cool trophy (pics to come) * $1,000 VISA giftcard sponsored by Endor Labs **2nd Place** * Second place trophy * Some cool Secure Code Warrior Swag * $250 VISA giftcard sponsored by Endor Labs **3rd Place** * Third place trophy * Some slightly less cool swag * $100 VISA giftcard sponsored by Endor Labs For everyone else? You will gain new skills in secure coding, network with your peers, and also get free pizza and drinks! Participating in the tournament is not required, feel free to join us either way for networking and learning something new! **When:** Thursday March 6th 2025 6:00pm - 8:00pm est **Where:** IDEXX Laboratories 1 Idexx Dr. Westbrook, ME 04092 **Who:** Security and Development leadership and practitioners from Maine and all of northern New England **REQUIREMENTS:** **\*You must also register for the Secure Code Warrior tournament here: https://discover.securecodewarrior.com/2nd-Annual-OWASP-Maine-Secure-Coding-Tournament-Registration.html** **\*You must bring your own laptop/machine to participate** **\*You must be onsite and in person to participate** **OWASP Maine Linkedin Page:** [https://www.linkedin.com/company/owasp-maine/](https://www.linkedin.com/company/owasp-maine/) **Sponsor: Endor Labs** https://www.endorlabs.com/


Event: OWASP NYC Chapter Team Host March Madness w/Traceable “API Security Mixer”

Group: New York City

Time: 17:00-05:00 (America/New_York)

Description: # Join the OWASP team for Traceable "API Security Mixer" following the [New York Cybersecurity Summit](https://cybersecuritysummit.com/summit/newyork25-march/), with the NYC OWASP Community. Network with peers, unwind from the summit, and learn more about securing API-driven architectures. ​API Security Solutions Engineer, Shawn Mix is planning to share insights around Critical Dimensions of API Security, how others are maturing their application security programs – and what organizations should think about when it comes to the fastest-growing attack surface on the planet. ​The event is free, but space is limited, so register today. [https://lu.ma/Traceable-NY-CS-HH-Mar6](https://lu.ma/Traceable-NY-CS-HH-Mar6) Location Tanner Smith's 204 W 55th St, New York, NY 10019, USA


Event: Join the OWASP NYC Chapter Team on Mar. 6 New York Cybersecurity Summit

Group: New York City

Time: 07:30-05:00 (America/New_York)

Description: **Time is Running Out – Register Now for the Official New York Cybersecurity Summit! (use code CSS25-OWASPNYC)** **Don’t miss your chance to register for the 15th Annual Official New York Cybersecurity Summit, ranked among the Top 5 InfoSec Conferences worldwide.** ** Date: Thursday, March 6** ** Location: Sheraton New York Times Square Hotel** ** Exclusive Offer: Complimentary admission for C-Suite Executives, Directors, Managers & Industry Professionals (use code CSS25-OWASPNYC to register [here](https://cyberriskalliance.swoogo.com/newyork2025/begin)). https://cyberriskalliance.swoogo.com/newyork2025/begin** **Highlights:** * **Speakers:** * **Bindu Sundaresan (LevelBlue): Opening Security Keynote Presentation** * **Tim Miller (Kusari): Panel 1 – Incident Response and Threat Mitigation** * **Balazs Scheidler (Axoflow): How High Quality Data Saves you Money Presentation** * **Amit Kachhia-Patel (FBI): Closing Government Security Briefing** * **Expert insights from leaders at Exabeam, Paperclip, Anomali and more** * **Earn up to 8 Continuing Education Credits** * **Enjoy a catered breakfast, lunch, and cocktail reception** **Note: Admission to the Cybersecurity Summit is reserved exclusively for active cybersecurity, IT, and Information security practitioners tasked with safeguarding their enterprises against cyber threats and managing cybersecurity solutions. All registrations are subject to review.** **Students, interns, educators, consultants, individuals not currently employed in IT, and those in sales or marketing roles are not eligible to attend.** **Additionally, if we are unable to verify your identity with the information you provided during registration, your attendance may be canceled.** **Please note these qualifications pertain to all attendees, including members of our partner organizations.**


Event: 2nd Annual 2025 OWASP Maine Secure Coding Tournament Sponsored by Endor Labs

Group: Portland Me

Time: 18:00-05:00 (America/New_York)

Description: Are you an appsec guru and pride yourself in secure coding? Are you a developer and know you write **THE MOST** secure code out of your peers? Well here is your chance to come out and prove it and win **$CASH!$** sponsored by Endor Labs! OWASP Maine partnered with Secure Code Warrior and Endor Labs will be hosting the 2nd annual OWASP Maine Secure Coding Tournament! This will be an in-person meetup where we welcome all software developers and appsec professionals from entry-level to principal. Bring your laptop and your secure coding wits and compete against your peers to be crowned the most secure coder in the state of Maine for 2025! **Prizes will be as follows:** **1st Place** * Crowned most secure coder in the state of Maine * Pretty cool trophy (pics to come) * $1,000 VISA giftcard sponsored by Endor Labs **2nd Place** * Second place trophy * Some cool Secure Code Warrior Swag * $250 VISA giftcard sponsored by Endor Labs **3rd Place** * Third place trophy * Some slightly less cool swag * $100 VISA giftcard sponsored by Endor Labs For everyone else? You will gain new skills in secure coding, network with your peers, and also get free pizza and drinks! Participating in the tournament is not required, feel free to join us either way for networking and learning something new! **When:** Thursday March 6th 2025 6:00pm - 8:00pm est **Where:** IDEXX Laboratories 1 Idexx Dr. Westbrook, ME 04092 **Who:** Security and Development leadership and practitioners from Maine and all of northern New England **REQUIREMENTS:** **\*You must also register for the Secure Code Warrior tournament here: https://discover.securecodewarrior.com/2nd-Annual-OWASP-Maine-Secure-Coding-Tournament-Registration.html** **\*You must bring your own laptop/machine to participate** **\*You must be onsite and in person to participate** **OWASP Maine Linkedin Page:** [https://www.linkedin.com/company/owasp-maine/](https://www.linkedin.com/company/owasp-maine/) **Sponsor: Endor Labs** https://www.endorlabs.com/


Event: Cybersecurity in Automotive and NIS2

Group: Timisoara

Time: 18:30+02:00 (Europe/Bucharest)

Description: \#\# Details The next OWASP Timisoara Chapter Meetup will be ***in person***. See [https://owasp.org/www-chapter-timisoara/](https://owasp.org/www-chapter-timisoara/) for more information about the OWASP Timisoara chapter. Theme sessions - Automotive CyberSec and NIS2 Event POWERED by HAUFE.Group LOCATION: UBC 0, Etaj 15, Piata consiliul Europei 2, Timisoara **`18:30`**` Welcome participants` **`18:40`**` Introduction, OWASP News & Updates - Catalin Curelaru` **`19:10`**` Cybersecurity in the context of an evolving Automotive industry. - Romano Perini (Continental)` **`19:40`**` NIS2 and the impact on your company - Monica Iovan (Visma)` **`19:45`**` Networking` **Romano Perini** \- Product Cybersecurity and Privacy Officer @ Continental With over 18 years of experience in Product Development—15 of those in the Automotive industry—Romano Perini is an aims to be a forward\-thinking leader in technology\. As the Product Security Officer for ACM Commercial and Special Vehicles at Continental Automotive\, Romano brings a unique combination of technical expertise\, customer\-focused innovation\, and an insatiable curiosity to every challenge he faces\. **Monica Iovan** \- CISO for the Medium Segment @ VISMA Monica Iovan is a cybersecurity leader and CISO for the Medium Segment in Visma\, with extensive experience in securing digital environments and managing cyber risks\. She specializes in building resilient security programs using research methodologies\, strengthening security posture of the companies\, and navigating evolving threats\. Known for her pragmatic approach\, she provides actionable insights to help organizations enhance their security posture in an increasingly complex landscape\.



March 10, 2025


Event: Meetup OWASP - Paris - Mars 2025

Group: France

Time: 19:00+01:00 (Europe/Paris)

Description: Ce meetup se deroulera chez **Deloitte** que nous remercions chaleureusement de leur soutien. Pour des raisons de sécurité, une ***pièce d'identité*** vous sera demandée pour accéder à l'évènement. OWASP Paris est le meetup dédié à la sécurité applicative. Pour rappel, le meetup se veut non commercial. Il réunit toutes personnes désireuses de concevoir et maintenir des logiciels plus sûrs. Si vous êtes intéressé par le sujet, que vous soyez débutant ou expert, n'hésitez pas à nous rejoindre pour partager vos expériences ou vos problématiques. Ce meetup propose des sessions organisées en mode "forum ouvert". Les sujets sont proposés par les participants lors de la séance. Partages de connaissances, retour d'expériences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme! **Lightning Talks:** La soirée commence par de courtes présentations. Chacun peut s'il le veut proposer une présentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une démo ou un retour d'expérience, alors vous pouvez préparer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le présenter au début de la soirée. Si vous n'avez jamais fait de présentation avant, c'est l'occasion de commencer dans une ambiance sympa. **Workshop:** La soirée se poursuit avec des activités menées en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au début de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets préférés donnent lieu à des activités en groupes pendant un peu plus d'une heure. Des écrans seront disponibles Le format se veut bienveillant. Pas besoin d'être expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'échange et le partage. L'agenda et le compte-rendu des précédents meetups est accessible ici: https://owasp.org/www-chapter-france/



March 11, 2025


Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+13:00 (Pacific/Auckland)

Description: We're picking up our regular Meetup schedule in 2025, starting in March. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We present an introductory talk about the OWASP Top 10 (2021 edition) with a new item each meeting. Our Top 10 topic for March 2025 will be **A06:2021 - Vulnerable and Outdated Components**. **Technical Topic Speaker:** Jagan Boda (Jay) **Talk Title:** OWASP IoT Top 10 and Wi-Fi Security Best Practices and Attacks In my presentation, I will explore the growing interconnectedness of devices has brought both convenience and risk, especially with the rise of the Internet of Things (IoT). In this session, we’ll start by exploring the OWASP IoT Top 10 vulnerabilities. From there, we’ll transition into Wi-Fi security, discussing the critical role Wi-Fi networks play. We’ll dive deeper into both personal and corporate Wi-Fi attacks and examine common threats. Finally, we’ll touch on securing Wi-Fi networks, with a brief focus on both home and enterprise environments. By the end of the session, attendees will have a comprehensive understanding of the attack vectors targeting IoT and Wi-Fi networks, along with practical insights for mitigating these risks. \-\-\-\- We're always looking for presenters and topics for future meetings - contact Austin ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be Austin talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.


Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+13:00 (Pacific/Auckland)

Description: This is the regular OWASP Auckland Meetup schedule. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We restarted our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting. Our Top 10 topic for November will be **A06:2021 - Vulnerable and Outdated Components**. **Technical Topic Speaker:** Jagan Boda (Jay) **Talk Title:** OWASP IoT Top 10 and Wi-Fi Security Best Practices and Attacks In my presentation, I will explore the growing interconnectedness of devices has brought both convenience and risk, especially with the rise of the Internet of Things (IoT). In this session, we’ll start by exploring the OWASP IoT Top 10 vulnerabilities. From there, we’ll transition into Wi-Fi security, discussing the critical role Wi-Fi networks play. We’ll dive deeper into both personal and corporate Wi-Fi attacks and examine common threats. Finally, we’ll touch on securing Wi-Fi networks, with a brief focus on both home and enterprise environments. By the end of the session, attendees will have a comprehensive understanding of the attack vectors targeting IoT and Wi-Fi networks, along with practical insights for mitigating these risks. \-\-\-\- We're always looking for presenters and topics for future meetings - contact Austin ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be Austin talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.


Event: OWASP SP - Meetup Virtual - 2025

Group: Sao Paulo

Time: 19:00-03:00 (America/Sao_Paulo)

Description: **Palestra: Trusted Exploits: Escalando Ataques Usando Superfícies Confiáveis e Bypass de WAFs** **Palestrante**: Ricardo Martin **Descrição:** Nesta palestra, exploraremos como atacantes utilizam superfícies confiáveis para bypassar WAFs e escalar ataques a partir de vulnerabilidades subestimadas, como Open Redirects, HTML Injection e XSS. Serão apresentados cenários reais onde empresas aceitam determinadas falhas, permitindo que invasores abusem da confiança em domínios legítimos para explorar aplicações de forma avançada. Além disso, discutiremos técnicas modernas de elevação de injeção, mostrando como pequenas brechas podem se tornar vetores críticos para comprometimento de sistemas. **SOBRE A OWASP SÃO PAULO** A OWASP São Paulo é um dos capítulos brasileiros entre os mais de 270 ativos em todo o mundo. O objetivo é disseminar a missão da fundação, tornando a segurança das aplicações visível para que as pessoas e as organizações possam tomar decisões conscientes sobre os verdadeiros riscos que correm. São realizados encontros periódicos para compartilhamento de conhecimentos, discussão de temas e aprendizado sobre segurança de software.



March 12, 2025


Event: CIOArena Conference - Los Angeles, CA

Group: Los Angeles

Time: 09:00-07:00 (America/Los_Angeles)

Description: The **CIOarena** Annual Events for IT & CyberSec Leaders will take place on March 12th 2025 at Sheraton Grand LA, 711 S Hope St. CA. **Benefits** * Compact agenda with CIO panel discussion and industry experts covering the latest industry trends around AI, Cybersecurity, Cloud, Digital Transformation, Data & Analytics, and IoT * Excellent networking opportunities with local peers in a comfortable environment * 100% complimentary access with parking included * A certificate of completion good for 5 CPE credits * Invitation-only ensures there is zero solicitation from non-sponsor participants (no sales, marketing, consulting or similar is permitted) * Meet and learn about our select group of cutting edge solution providers & sponsors * Compare and contrast recent successes and pitfalls with peers at round tables * Enjoy a luxury venue accompanied by a five-star breakfast and lunch feast at no cost * A prize raffle with high-ticket items (past has included: Apple products, tablets, gift cards, drones, TVs, vacations, exotic car rentals, and more) * Walk away with fresh insights and new connections to propel you in your current role and benefit your organization The event is free and by **invitation or referral only**. When registering be sure to enter "OWASP" in the referral section. **If qualified**, you'll receive further communication and details from **CIOarena**, please complete the [registration form](https://www.cioarena.com/in-person/) to be considered for attendance. Completing this form does not guarantee you a seat at CIOarena until a member of our team has contacted you with a confirmation email within 24 hours. Don't miss this amazing opportunity to attend this conference and expand your knowledge or brush up on what you already know. \*\*[Register Now](https://www.cioarena.com/in-person/)\*\* /\*\* APPROVAL REQUIRED after registration \*\*/ And finally **don't forget** to visit us at the OWASP Los Angeles booth!


Event: AI is here for business users. What does that mean for AppSec?

Group: Nashville

Time: 17:00-05:00 (America/Chicago)

Description: Gone are the days where you needed to have a coding background in order to create apps, automate processes, or reduce the need for manual tasks. Now, emails and communications are sent quicker, code is written faster, and applications are built en masse. Business users are enabled and empowered in ways we never dreamed of even 12 months ago. Thanks to the injection of AI into essentially every business productivity tool, from email to business intelligence to application development, business users are able to get more done without needing IT or dev teams to get involved. However, as is often the case, productivity and ease can come at the expense of security if not controlled properly. As people are brought closer to technology through the use of Gen AI tools and Copilots, security teams are facing difficult decisions on whether to clamp down on the use of these tools, or staring down increased likelihoods of data leakage and exfiltration. For a long time, security has been seen as a business blocker, but the introduction of Gen AI is forcing a reset on organizations that presents an opportunity for security to act as a business enabler.


Event: Security Social Lunch Hours

Group: Seattle

Time: 12:00-07:00 (America/Los_Angeles)

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)


Event: OWASP Warwick Chapter

Group: Warwick

Time: 18:30Z (Europe/London)

Description: OWASP Warwick is back for the 1st event in 2025. Please come and join us for some good talks and food. #### TALKS #### #1: ** Security Culture - From “Full Metal Jacket” to “The Avengers” - Vincent Gilbert (Fundapps) #2: ** Threat Modelling in Engineering pipelines - Kreshnik Rexha (IBM)


Event: March community call - OWASP SAMM

Group: Samm

Time: 15:30-04:00 (America/New_York)

Description: During our next community call we'll share project updates and, as always, we'll have time for Q&A. See you there!



March 13, 2025


Event: March 2025 OWASP Happy Hour sponsored by DefectDojo

Group: Austin

Time: 17:30-05:00 (America/Chicago)

Description: **When:** Thursday, March 13th, 5:30 pm - 7:30 pm **Where:** Lavaca Street Bar at the Domain Northside (Rock Rose District), 11420 Rock Rose Ave #100, Austin, TX 78758. We will have tables reserved inside the bar, to the right as you enter. Parking: nearest parking in the Red Garage located off of Rock Rose Ave ([map of Domain](https://domainnorthside.com/map/)). **What:** The Austin Security Professionals Happy Hour is a monthly event coordinated by the OWASP Austin Chapter and sponsored by various companies. We try to meet every second Thursday of the month from January to September (but occasionally we make schedule adjustments when needed). The event is an informal social gathering of local information security professionals. If you're involved with InfoSec or even if you have an interest, come on out for drinks, good food and conversation. **Sponsor:** [DefectDojo](https://defectdojo.com/) *DefectDojo is the engine that drives DevSecOps, providing an open, scalable platform that connects security strategy to execution. By aggregating data from over 180 security tools, automating manual processes, and delivering AI-powered insights, DefectDojo empowers organizations to have a unified view of security posture and compliance, automate operations to increase productivity and improve decision-making. For more information, visit defectdojo.com.*


Event: OWASP Italy @ Security Summit 2025

Group: Italy

Time: 09:00+01:00 (Europe/Rome)

Description: - - - ://. Anche quest'anno OWASP Italy è ospite del Security Summit Milano, con una sessione interamente dedicata all'Application Security. La sessione è rivolta a professionisti della sicurezza delle applicazioni, sviluppatori di software professionali, ingegneri della qualità del software, ricercatori e studenti di informatica. L'obiettivo della sessione è stimolare l'interesse per le pratiche di ingegneria del software applicativo e sicuro e per le nuove iniziative all'interno delle organizzazioni. All'interno della sessione, saranno ospitate 2 talk da 20 minuti ciascuna, per i quali è aperta la Call for Talks qui di seguito descritta. Gli argomenti speciali di interesse sono i seguenti: \- AppSec \- Intelligenza artificiale \(AI\) \- Sicurezza per applicazioni mobile\, cloud e serverless \- Blockchain e Internet of Things per usi legati alla sicurezza \- Penetration testing e attacchi a livello applicativo \- Threat modeling\, architettura delle applicazioni e dei sistemi \- DevSecOps \- Pianificazione e implementazione di un programma di sicurezza applicativa \- Creazione di un team e di una cultura dedicata alla sicurezza applicativa \(AppSec\) Incoraggiamo i professionisti della sicurezza delle applicazioni, gli sviluppatori di software professionali, gli ingegneri della qualità del software, i ricercatori e gli studenti di informatica a presentare proposte come opportunità per condividere le conoscenze e le lezioni apprese su argomenti rilevanti per la sicurezza delle applicazioni e del software con una precedente esperienza di presentazione alle conferenze sulla sicurezza. I candidati speaker possono inviare un abstract del loro intervento proposto tramite Easychair entro il 14 Febbraio 2025. Il link Easychair per l'invio è riportato di seguito. L'abstract deve essere in formato PDF e deve contenere le seguenti informazioni: \- Nome e cognome del relatore \- Istituzioni e ruoli ricoperti dal relatore \- Breve biografia del relatore \- Titolo del contributo \- Abstract della presentazione La presentazione non deve superare le 2 pagine complessive. Non sono previsti ulteriori requisiti di formattazione. La durata prevista degli interventi proposti è di 20 minuti. Le presentazioni saranno esaminate dal comitato di programma e le proposte di intervento più interessanti saranno selezionate per la conferenza. : 14 Febbraio 2025 : 21 Febbraio 2025 : 13 Marzo. : [https://lnkd.in/dzGHvz7Q](https://lnkd.in/dzGHvz7Q)


Event: OWASP Orlando - Application Security

Group: Orlando

Time: 18:00-04:00 (America/New_York)

Description: This is an In-Person OWASP Orlando Chapter Meeting Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **TBD** Topic: TBD Speaker 2: **TBD** Topic: TBD


Event: OWASP UY Meetup - Marzo

Group: Uruguay

Time: 18:00-03:00 (America/Montevideo)

Description: **¡OWASP UY te invita a su próximo Meetup!** **Diego Franggi:** Hands-On Dive into the OWASP Top 10 for LLMs *En esta sesión práctica exploraremos el OWASP Top 10 for LLMs, analizando las principales vulnerabilidades en modelos de lenguaje y cómo atacantes pueden explotarlas.* **Sebastián Passaro:** OWASP Top 10 para aplicaciones de LLM 2025 *Se recorrerá la versión 2025 del OWASP Top 10 para aplicaciones de LLM, recientemente traducida al español. Se analizará brevemente cada categoría con ejemplo de riesgo o vulnerabilidad, escenario de ataque y recomendaciones de remediación o mitigación.* **¿Cuándo?** Jueves 13/03, 18:00. **¿Dónde?** Qubika, José Agustín Iturriaga 3597. **¿Cómo participar?** Simplemente te registras al evento. Los cupos son limitados por capacidad del lugar. Si estás en lista de espera serás notificado cuando se liberen lugares. **¡Te esperamos!**


Event: OWASP Victoria | From Basics to Burp - Part 3: Navigating PortSwigger Academy

Group: Victoria

Time: 17:30-07:00 (America/Vancouver)

Description: The OWASP Victoria Chapter is pleased to partner with UVIC VikeSec to host the third iteration of a hands-on introduction to Burp Suite and the PortSwigger Web Security Academy. Wyatt Harvey and Sebastian Bethell will be presenting a workshop titled "From Basics to Burp - Part 3: Navigating PortSwigger Academy". The event will be held on March 13, 2025 from 5:30 PM to 8:20 PM at The University of Victoria in Room 116 of the Engineering and Computer Science building. The event will feature the workshop, an introduction to PortSwigger's Web Security Academy, and working through some of the introductory labs using Burp Suite, a comprehensive tool for performing security testing on web applications. PortSwigger's Web Security Academy is an online platform offering interactive learning materials and labs focused on web application security and instructions on how to identify and exploit a wide range of web application vulnerabilities. Don't miss out on this valuable opportunity to enhance your knowledge and develop hands-on skills in web application hacking. If you would like to attend, please click the RSVP button to reserve your spot as we have limited seats available. Bring your laptop with Burp Suite installed, your PortSwigger account ready, and join us for a hands-on evening of web application hacking and networking fun! Burp Suite Community can be installed from the following link: * https://portswigger.net/burp/communitydownload ‎ You can register your PortSwigger account at the following link: * https://portswigger.net/users/register ‎ Once you have Burp Suite installed and a PortSwigger account created, browse through Web Security Academy to get an idea of the content offered on the platform in preparation for the event: * https://portswigger.net/web-security We would also like to give a special thanks to UVIC VikeSec for helping facilitate this event.



March 14, 2025


Event: SnowFROC 2025

Group: Denver

Time: 08:00-06:00 (America/Denver)

Description: **SnowFROC 2025** March 14, 2025 (Pi Day) *Location:* The Cable Center at the University of Denver Doors open: 8:00 am *Registration and additional details*: www.snowfroc.com *Conference tickets:* $100 *Workshops:* $31.41 each (conference ticket required) *Key Note:* HD Moore (The Metasploit Project) *Notable speakers:* Tanya Janca (@SheHacksPurple), Jim Manico (@Manicode) Talks and workshop schedule on www.snowfroc.com A CTF from Security Journey will start March 10th and run until 3:00 pm MT on March 14th. You ***MUST*** register via EventBrite (link at www.snowfroc.com) to attend


Event: OWASP SAMM Monthly Community Call (Europe-Asia)

Group: Samm

Time: 09:00-04:00 (America/New_York)

Description: The SAMM Core team is happy to host a community call during a more friendly time for users in EU and Asia. This is not a replacement of the regular community call. We will share any project news and updates during the call. We also encourage bringing your SAMM questions and we are happy to discuss them.



March 17, 2025


Event: OWASP Monthly Meeting

Group: Jacksonville

Time: 18:30-04:00 (America/New_York)

Description: Monthly local meetup to discuss security related topics.



March 19, 2025


Event: Cyber Booked 2025

Group: Netherlands

Time: 17:00+01:00 (Europe/Amsterdam)

Description: n o! Cyber Books + Boekenweek = a match made in literary cyber heaven We are thrilled to announce the in collaboration with the esteemed Dutch Chapters of [ISACA NL Chapter](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) [ISC2](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) and the [Secure Software Alliance](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) (SSA). This event is unique in itself wherein it brings together the brightest minds in to explore cutting-edge books and ideas. After a huge success from last year , this year, we are more excited to bring to you several renowned authors who will share their , , in the cybersecurity field. : • [Ali Abdollahi](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – A Beginner’s Guide to Web Application Penetration Testing • [Brenno de Winter](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – De Validatiecrisis • [Geert Baudewijns](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – Onderhandelen in het duister • [Mark Butterhoff](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – Digital Security Leadership • [Ramses Sloeserwij MBA](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – Code Rood Dont miss out this unique opportunity to learn from industry experts and connect with like-minded peers in IT, GRC and CyberSecurity. Plus, you'll have the chance to engage directly with the authors after the presentations! : 19 March 2025 : 17:00 - 20:45 (3 CPE points) : Van der Valk Hotel Utrecht **Registration Link**: https://lnkd.in/eXGaQ6pv Looking forward to seeing you all there! Please note : It is important that you register for the event via the registration link above with your full name to attend and to get the relevant CPE points. Registering just via the Meetup page will not guarantee your admission.


Event: How to Utilize AI in Offensive Security—An Intro to Offensive AI Tooling

Group: Toronto

Time: 18:30-04:00 (America/Toronto)

Description: Want to learn how to effectively apply AI to offensive security at scale while getting real, practical results? Set sail with Dreadnode Staff Security Researcher and Founding Member of the OWASP Top 10 for LLM Applications, Ads Dawson, as he explores the various offensive AI tools that could change the game for today’s security teams. Join us for an interactive demo of AI red team tools, Burp Suite extensions, as well as tools that assist you in building and deploying your own offensive AI agents (see: `dyana`, `robopages`, `rigging`). Plus, get a live walkthrough of a challenge in `Crucible`, Dreadnode’s CTF environment where you can practice and learn to exploit vulnerabilities in AI systems—then try it yourself! Whether you're a seasoned AI red teamer or just getting started in offensive AI, Ads will share relevant resources and knowledge to help you navigate the inevitable shift to an AI native future. https://crucible.dreadnode.io/ https://github.com/dreadnode/dyana https://github.com/dreadnode/burpference https://github.com/dreadnode/robopages



March 20, 2025


Event: Reducing AppSec Risk with ASPM (Application Security Posture Managament)

Group: Atlanta

Time: 18:00-04:00 (America/New_York)

Description: In an era of increasingly sophisticated threat actors, application security has become a critical concern for most organizations. This talk, "Reducing Application Security Risk with ASPM (Application Security Posture Management)," will explore the emerging role of ASPM in fortifying application security and accelerating DevSecOps and cloud native adoption. Attendees will gain insights into the current state of application security and DevSecOps adoption trends: challenges and opportunities across people, process, and technology. This also includes the impact of AI. The talk will have a focus on ASPM and how it will help overcome some of the challenges and capitalize on the opportunities. We will delve into key ASPM features and how each of these use cases could be leveraged to solve common application security & DevSecOps adoption challenges and further mature your program. Through practical examples and case studies, the session will highlight best practices for implementing ASPM in large scale application development ecosystems to reduce application security risks. Whether you're a developer, security professional, manager or executive, this talk will equip you with actionable strategies to improve your application security posture and accelerate DevSecOps adoption.


Event: Peace, Love and Hacking: How to Bring Security & Development Teams Together

Group: Columbus

Time: 18:00-04:00 (America/New_York)

Description: FEEL A LITTLE! It is an unlikely duo to pair with cold-hard-tech, but empathy and creativity are cornerstones to a successful vulnerability remediation effort. Although I have sat in on countless talks about empathy in the tech sector, the one thing ALL these talks miss is the language barrier when it comes to dealing with tech-savvy teams. If you are in a foreign country and cannot speak the language, it's going to be difficult to communicate regardless of the compassion in your heart. My unique art-&-technology background allows me to not only empathize with the strife of development teams, but helps facilitate a thriving pipeline of communication between security, developers and other hackers. In this talk I will illuminate the perspective of a researcher participating in a bug bounty program, what to expect from researchers, and how to effectively escalate risks to development teams for remediation.


Event: OWASP Frankfurt Chapter & Women in CyberSecurity Meetup #71

Group: Frankfurt

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to joint **OWASP Frankfurt Chapter & Women in CyberSecurity** Meetup #71! Our OWASP Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. WiCyS aims to break down barriers and promote diversity in cybersecurity by empowering women and other underrepresented groups with resources for professional growth. Additionally, the organization is committed to creating a safer digital environment by supporting vulnerable individuals and advocating for inclusivity in the cybersecurity community. *What are we going to talk about?* * **AI and Machine Learning im Cybersecurity: Weapon, shield, or both?:** We are excited to welcome **Sara Rahimi**, Concierge Security Engineer at Arctic Wolf - who will explore the dual role that Artificial Intelligence and Machine Learning play in the Cybersecurity area as a powerful tool for attackers and offensive purposes, also for enhancing the defense mechanisms and detection aspects. * **Web 3.0 security: same fundamentals, higher stakes** - **Dr. Gulnara Hein**, CISO at Chintai, will dive into how Web3, while introducing decentralization and new security challenges like smart contract vulnerabilities and irreversible financial losses, essentially reflects the same fundamental risks as in traditional systems. By focusing on core security controls, we can effectively address these challenges without adding unnecessary complexity. **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. *When?* Our Meetup takes place on **20.03.2025** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at Arctic Wolf, located at 19th floor of Messeturm, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


Event: Futurecon 2025 Conference - Los Angeles, CA

Group: Los Angeles

Time: 09:00-07:00 (America/Los_Angeles)

Description: ***FutureCon the Annual CyberSecurity*** , will take place March 20, 2025 at the Hilton Los Angles Airport in Los Angeles, CA \*\*[Register Now](https://www.engagez.net/node/1842956?)\*\* **FutureCon** a cutting edge Cybersecuirty event high-level cyber security training, and learn cutting-edge security approaches to manage risks in the constantly evolving world of cyber threats. Don't miss this amazing opportunity to attend this conference and expand your knowledge or brush up on what you already know. \*\*[Register Now](https://www.engagez.net/node/1842956?)\*\* /\*\* THIS IS A PAID CONFERENCE \*\*/ And finally **don't forget** to visit us at the OWASP Los Angeles booth!


Event: Cyber Peterborough Presents: Get into Cyber Security!

Group: Peterborough

Time: 17:30Z (Europe/London)

Description: Cyber Peterborough presents *Get Into Cyber Security*! An evening of focused discussion, interactive sessions and presentations on how to get into the field of cyber security. Technical or non-technical, this event will help you break down how to get into the cyber security field. Join us and meet other people interested in Cyber. **Where?** * TBC - specific details will be published closer to the date. **When?** * Thursday 20th March Please respond to this event to confirm numbers for the event ensuring each attendee is catered for. Thank you, Ryan


Event: Security Journey Secure Coding Tournament

Group: Pittsburgh

Time: 18:00-04:00 (America/New_York)

Description: Join us for a competitive experience for learners, where they will use the security journey platform to complete hands-on lessons or coding exercises in exchange for tournament points. This tournament welcomes developers and non-developers alike.


Event: Blocking with Confidence and TRACE: a tool for supply chain security

Group: Vancouver

Time: 18:00-07:00 (America/Vancouver)

Description: *We are doing a double header this month!* **Blocking with Confidence** with **Raphael Theberge** We know that security can be cumbersome for parts of an organization. How can we lower the existing friction white maintaining our high standards? Learn how Relativity approached this question and reduced developer burden without sacrificing our security posture. **Raphael** is Director of Security Enablement at Relativity, where he owns all of Application Security, Vulnerability Management, AI Security and secure M&As. Previously spent time at Salesforce, Demonware, Booking.com and otherwise travelling the world. **TRACE: Securing Supply Chain One Repository at a time** with **Vrushal Nedungadi** The talk will cover the motivation behind and the working of TRACE, a tool that helps detect anomalies in open source repositories that could result in vulnerabilities. This is an attempt to identify and minimize supply chain attacks and threats. **Vrushal** is a passionate software developer with a keen interest in security. **This event is sponsored by [Endor Labs](https://www.endorlabs.com/) and [Forward Security](https://forwardsecurity.com/).**


Event: OWASP Frankfurt Chapter & Women in CyberSecurity Meetup #71

Group: Wrongsecrets

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to joint **OWASP Frankfurt Chapter & Women in CyberSecurity** Meetup #71! Our OWASP Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. WiCyS aims to break down barriers and promote diversity in cybersecurity by empowering women and other underrepresented groups with resources for professional growth. Additionally, the organization is committed to creating a safer digital environment by supporting vulnerable individuals and advocating for inclusivity in the cybersecurity community. *What are we going to talk about?* * **AI and Machine Learning im Cybersecurity: Weapon, shield, or both?:** We are excited to welcome **Sara Rahimi**, Concierge Security Engineer at Arctic Wolf - who will explore the dual role that Artificial Intelligence and Machine Learning play in the Cybersecurity area as a powerful tool for attackers and offensive purposes, also for enhancing the defense mechanisms and detection aspects. * **Web 3.0 security: same fundamentals, higher stakes** - **Dr. Gulnara Hein**, CISO at Chintai, will dive into how Web3, while introducing decentralization and new security challenges like smart contract vulnerabilities and irreversible financial losses, essentially reflects the same fundamental risks as in traditional systems. By focusing on core security controls, we can effectively address these challenges without adding unnecessary complexity. **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. *When?* Our Meetup takes place on **20.03.2025** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at Arctic Wolf, located at 19th floor of Messeturm, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!



March 21, 2025


Event: Who’s Engineering Your Socials? Let’s Talk About Social Engineering!

Group: Manchester

Time: 18:00Z (Europe/London)

Description: Hello & Welcome! In this session we'll be discussing social engineering with Holly Grace Williams! Due to a corporate policy from the venue sponsor, to get into the venue & up to the event, **you will need to register with your full name** when signing up to the event. Please note this event will be recorded so we can put these talks on our YouTube channel afterwards. **6:00 - Open doors & networking & drinks** **6:30 - First Speaker (to be announced)** **7:15 - Refreshments (Food & Drinks & Networking)** **8:00 - Holly Grace Williams - Breaking into Computers and Buildings For a Living.** Information Security these days has a strong focus on cyber security but you there's more to security than shouting at computers. In this talk Holly will cover how technical, social, and physical attacks can be combined to cause significant impact with low effort. This story covers how to break into buildings and hang out in other peoples offices in the name of c̷y̷b̷e̷r̷c̷r̷i̷m̷e̷ security testing. **9:00 - Vacate venue -> to the pub for more socialising** **LOCATION** \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- GM Digital Security Hub (DiSH) 47 Lloyd Street · Manchester M2 5LE **SPEAKERS** \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- **Holly Grace Williams** Holly Grace Williams is the Managing Director at Akimbo Core, a cybersecurity firm based in the UK. She has been working in cybersecurity since 2007, with a focus on penetration testing, training, and cybersecurity consultancy. Holly Grace is a CREST Fellow and has been a CREST Certified Application Tester since 2015. She has performed a significant number of penetration testing engagements for a wide range of companies from innovative start-ups to multinational corporations – in fields ranging from e-commerce to banking. Her expertise spans various areas of cybersecurity, such as web application security, infrastructure security, and cloud security. Holly is also an influential public speaker and media commentator, having appeared on platforms like Sky News and BBC, and she frequently speaks at cybersecurity conferences. **SPONSORS** (Thank you for supporting our community!!) \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- **DiSH** \- Venue Sponsor **Pen Test Partners** \- Food & Drink Sponsor \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- Are you passionate about a security topic? Do you want to speak at a future event? Submit your interest here - https://forms.gle/zcm9bVNhgDixe8Gq5 Does your company want to sponsor a venue and/or refreshments? Email Paul - [email protected]



March 25, 2025


Event: OWASP Aarhus Chapter Meeting - March

Group: Aarhus

Time: 19:00+01:00 (Europe/Copenhagen)

Description: This OWASP Aarhus meetup is co-hosted with LEGO Group. Agenda: **19:00 – 19:10** Welcome by LEGO Group and OWASP Aarhus **19:10 – 20:00** To be announced later (Presented by LEGO Group) **20:00 – 20:30** Networking break **20:30 – 21:25** "Phishing: How Attackers Exploit the Human Mind and Behavior" by Ahmed Morrad Phishing attacks are the most common method used by threat actors to gain initial unauthorized access. They are forms of cyber deception that prey on the human psychology. By exploiting emotions like curiosity or fear, attackers can manipulate individuals to submit sensitive information. During this presentation, it will be disclosed what phishing is, how threat actors turn human behavior into a weapon, what tools they use and how to mitigate these attacks.


Event: OWASP Austin Chapter Monthly Meeting - March 2025 (Online)

Group: Austin

Time: 11:30-05:00 (America/Chicago)

Description: 30 minutes of meet-and-greet and Chapter information, then the Presentation! (To Be updated)



March 26, 2025


Event: 10. OWASP Augsburg Stammtisch

Group: Augsburg

Time: 19:00+01:00 (Europe/Berlin)

Description: In der Fuggerstadt wird IT-SECURITY groß geschrieben. Egal ob IT-Security-Interessent\*in, CISO, Hacker/Haeckse, Pentester\*in, Entwickler\*in, Netzi, Endanwender\*in oder whatever - alle sind willkommen. Eine OWASP-Mitgliedschaft ist (natürlich wünschenswert, aber) nicht notwendig! **Wir freuen uns auf neue Gesichter, Stammgäste und sporadische Teilnehmer\*innen :-)** **Agenda - tbd** \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~ Es werden noch Speaker\*innen gesucht!! \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~ Erzähl uns was du Cooles gesehen hast, womit du dich gerade beschäftigst, welches Problem du aktuell siehst, auf welche Lösung du gerade setzt, usw. Halte auch gerne einen Vortrag bei uns Probe und hol dir Feedback ab - es beißt dich keiner! Der Stammtisch ist ein Forum des Austauschs. Nutze es! **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst auch einen Talk halten? Super, wir sind immer auf der Suche nach interessanten Inhalten. Egal ob Vortrag, Diskussion, Idee, Lightning-Talk, etc. Wir dienen auch gerne als Probepublikum :-) Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben



March 27, 2025


Event: Adversarial Intelligence: Redefining AppSec through the eyes of an attacker

Group: Orange County

Time: 18:00-07:00 (America/Los_Angeles)

Description: We have our normal room back! No more attendance cap, so RSVP and come. **NOTE: The following will be in effect and mandatory for this meeting venue.** * **RSVPs will close at 11:59 PM PT on Monday, March 24th, so kindly submit your RSVP by then. Walk-ins will not be permitted.** * **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.** * If your first and last name do not appear in our admin view, we will contact you. * Alternatively, feel free to reach out directly or email us at [[email protected]](http://[email protected]) to provide that information or any questions you may have regarding the event. **Parking** Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage. **Live Stream** Stream us live on Twitch: [http://twitch.tv/owaspoc](http://twitch.tv/owaspoc) *Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.* **Abstract** This presentation explores Adversarial Intelligence - an approach that views application security from an attacker’s perspective. Drawing from vulnerability research experience at the NSO Group and building Pegasus, the speaker will highlight how overlooked low and medium vulnerabilities can be combined to execute successful attacks. By examining attack chains and application runtime behavior, attendees will see how gaps often missed by traditional methods are exposed. Attendees will learn about effective tools and techniques for detecting and mitigating these threats, especially in cloud-native and distributed systems. Designed for security practitioners and academics, this session provides a deeper understanding of defending against sophisticated attackers by adopting their mindset.



March 28, 2025


Event: OWASP Tampa Chapter 2025-March Lunch and Learn

Group: Tampa

Time: 11:15-04:00 (America/New_York)

Description: **Welcome to our OWASP Tampa 2025-March Lunch and Learn!** We invite you to join us and members of our local Tampa Bay community to hear from industry experts in cybersecurity. This lunch and learn will bring topics that influence discussion among your peers and provide a venue to meet others that share your passions. **Agenda**: * 11:15am - Registration and Lunch * 12:00pm - Speaker - Chris Fago - AI is here for business users. What does that mean for AppSec? * 1:00pm - Depart **Speaker**: Chris Fago is a cybersecurity sales guy at Zenity with a knack for pretending to be more technical than he probably should. At Zenity he's focused on helping solve the emerging security challenges tied to AI agents and low-code development—showing enterprises “How to fail at AppSec” or what didn’t work for others so they can close gaps often overlooked by traditional security tools in this new threat vector. Previously, as a founding team member of Prisma Cloud (now part of Palo Alto Networks), he helped grow it into a market-leading CNAPP. During that time, Chris worked with major U.S. brands on complex digital transformations, helping them secure their cloud migrations and maybe even picking up a thing or two about Kubernetes. Outside of work, Chris loves spending time with his family, hanging out at Atlanta’s botanical gardens and aquarium, obsessing over UFOs, and staying hopelessly devoted to Atlanta’s sports teams (despite the emotional toll they consistently deliver). **Abstract**: **AI is here for business users. What does that mean for AppSec?** Gone are the days when coding skills were needed to create apps, automate processes, or reduce manual tasks. With AI now embedded in tools like email, business intelligence, and app development, business users can accomplish more without relying on IT or dev teams. However, this boost in productivity can come at the expense of security if not properly managed. As Gen AI, Copilots, and Agentic AI bring users closer to technology, security teams face tough choices: limit tool usage or risk data leakage. Traditionally seen as blockers, security teams now have the chance to transform into business enablers thanks to AI. **Location**: GuidePoint Security 3030 N Rocky Point Dr W, STE 600 Tampa, FL 33607 **Sponsors**: Zenity - [https://www.zenity.io/](https://www.zenity.io/)