OWASP Community Meetings

Description: **Everyone is welcome! Bring a friend...** Join us on November 20th for food, drinks, networking and an exciting presentation. Networking with your peers starts at 5:00 - food is served at 5:30 and the presentation starts at 6:00. This month's presentation is brought to you by Mend.io! **Presentation:** From Reactive to Effective: Building Application Security that Works **Abstract**: In 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -– while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how? The key is to move from a compliance-based approach to managing application risk. Join us for an in-depth discussion of what it takes to stop playing defense when it comes to application security. He'll wrangle over topics like: * The tell-tale signs of reactive mode * The value of preventative best practices * How to build security actions into the developer experience * The need for a holistic view and effective prioritization * Arming the security team with instant control at scale

Description: **OWASP Gothenborg Chapter invites you to an evening of security and entertainment!** Come hang out, grab a beer, and play arcade games with other security minded people! The event is open to anyone, but people on the guest list will receive arcade tokens from our sponsor KITS (if they show up before 18:30, or the tokens will be given to others). When: Wednesday 20/11 17:30 - 21:30 Where: Zamenhof, Esperantoplatsen 5, 411 19 Göteborg

Description: **Welcome to our in-Person Meetup at the University of Ottawa** In-Person Location: 150 Louis-Pasteur Private, Ottawa, University of Ottawa Room 117 We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live! **YouTube Live Stream Link**: https://www.youtube.com/watch?v=OGbhN2UazZI **6:00 PM EST** Arrival, setup, mingle, PIZZA!!! **6:30 PM EST** Technical Talks 1. Introduction to OWASP Ottawa, Public Announcements. 2. **A Brief Overview of the OWASP Top 10 with Gabriel Kronfeld.** 3. **DevSecOps Worst Practices with Tanya Janca.** **Abstract:** *A Brief Overview of the OWASP Top 10 with Gabriel Kronfeld.* The OWASP Top 10 reveals the most critical security vulnerabilities facing modern web applications. This talk will walk attendees through each item on the 2021 list, from broken access control to server-side request forgery. Each vulnerability is explored in detail—understanding how it works, why it’s dangerous, and what’s needed to prevent it. With real examples to bring these threats to life, this session is an accessible introduction for beginners and a useful refresher for seasoned practitioners. Join us to get a solid foundation in web security essentials. *DevSecOps Worst Practices with Tanya Janca.* Quite often when we read best practices we are told ‘what’ to do, but not the ‘why’. When we are told to ensure there are no false positives in the pipeline, the reason seems obvious, but not every part of DevOps is that intuitive, and not all ‘best practices’ make sense on first blush. Let’s explore tried, tested, and failed methods, and then flip them on their head, so we know not only what to do to avoid them, but also why it is important to do so, with these DevSecOps WORST practices. **Speakers:** **Gabriel Kronfeld** is a graduate from the University of Ottawa with a degree in Computer Engineering. With experience spanning backend programming, DevOps, system administration, and database management, Gabriel has collaborated with various Ottawa-based companies on technical projects. Although new to cybersecurity, he brings a strong technical foundation and is keen to expand his knowledge in this field. Outside of work, Gabriel enjoys cycling, photography, and building drones as hands-on hobbies. **Tanya Janca**, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and ‘Cards Against AppSec'. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently leads education and community for Semgrep.

Description: *This will be at the new location, as shown below! Don't go to the wrong place!* Hands-on hacking time! Security Journey has graciously allowed us to borrow their CTF for the evening to see and fix coding flaws that lead to security vulnerabilities. It's all web based, so bring your laptop! (There really isn't anything to install, so bring your work laptop.) But be there! We'll start off with a few highlights related to what is new in the world of appsec, and have a good-of-the-order style chat about the near, they we will dig into finding and fixing some stuff. Here is the link to our presenter, for the evening of the meeting. [https://us02web.zoom.us/j/89474737260?pwd=Zsvne4g3Qu3PoFAdVhjTBT9aFaNMiE.1&from=addon](https://us02web.zoom.us/j/89474737260?pwd=Zsvne4g3Qu3PoFAdVhjTBT9aFaNMiE.1&from=addon)

Description: **OWASP LA** has organized \***ANOTHER**\* exceptional offer for our meetup membership to participate in ***Ninth Annual Los Angeles Cybersecurity Summit*** on November 21st, in Los Angeles, CA. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals. [Register ](https://cybersecuritysummit.com/register/losangeles24/)now using code **CSS24-OWASPLA** for your **complimentary** pass! Space is limited so act now to secure your place. Check the full schedule at [2024 California Technology Summit Agenda](https://cybersecuritysummit.com/summit/losangeles24/) The **Ninth Annual Los Angeles Cybersecurity Summit** connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. Admission gives you access to all Interactive Panels, Discussions, Catered Breakfast, Lunch & Cocktail Reception. **Conference Highlights:** ### Interactive Panel Discussions **Defining Cybersecurity-Readiness: How do you evaluate yours?** When looking at how to best protect your business, cybersecurity readiness should be top priority, but what is it? Let’s discuss GRC & the best steps to take when quantifying cyber risk, developing your incident response plan, creating a data security policy & more. **2024 & The Biggest Threats to Your Business** On this panel our lineup of industry experts will discuss the most dangerous and emerging threats to your organization as well as the solutions that go beyond anti-malware/anti-virus to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption. **Conceptualizing Cloud Security & Why it Matters Today** Cloud computing solves many problems like flexibility, cost-efficiency & scalability, so it’s no surprise that use of the cloud is consistently growing. Our experts will look at hybrid and multi-cloud environments, adopting the concept of cybersecurity mesh & Zero Trust, the Secure Access Service Edge (SASE) framework, cloud-native tools & platforms, as well as why the future of network security is in the Cloud. ### Top 8 Reasons to Attend the Cybersecurity Summit 1\. Learn 2\. Evaluate Demonstrations 3\. Time\, Travel and Money Savings 4\. Engage\, Network\, Socialize & Share 5\. CEUs / CPE Credits 6\. Investment 7\. Atmosphere 8\. Reality Check ### [Questions](mailto:[email protected]) For any questions, please contact **[[email protected]](mailto:[email protected])** or call **212.655.4505 ext. 225** And finally **don't forget** to visit us at the OWASP Los Angeles booth!

Description: OWASP has been asked to participate in a Wonderful Event at Quinnipiac University \~ North Haven Campus with CyberSecurity & Fraud Leaders. In a joint effort, OWASP New York City, along with the OWASP CT Chapter, is a proud partner of this 2024 \~ Northeast Cyber Security Summit Event. Please signup @ Register here: https://tinyurl.com/NorthEastCyberSummit-OWASP Register, please choose OWASP and then apply code: "OWASP" Or use the QR Code on the Flyer: Come learn for industry Experts: CyberSecurity & Fraud Leaders Sharing Cyber industry trends with respect to vendors, investment, and product sprawl for 2025 planning * AI: Securing products, ensuring safety and trustworthiness * Case studies from law enforcement agencies, focusing on recent trends * Current prevalence of AI-based cyber attacks, intrusions, responses, etc. * The convergence of fraud prevention/risk management and cybersecurity * Zero Trust, what it means in the context of risk strategy vs products & services When: Thursday November 21, 2024 @ 9:00 - 4:00 Where: Quinnipiac University \~ North Haven Campus 370 Bassett Road North Haven, Connecticut 06473 Register here: https://tinyurl.com/NorthEastCyberSummit-OWASP The agenda will offer informative sessions and the opportunity to earn In addition. By attending a full day at the Cybersecurity Summit, you will receive a certificate granting you Continuing Education Units or Continuing Professional Education Credits. To earn these credits, you must participate in the entire summit & confirm your attendance at the end of the day. Breakfast and Lunch provided Don't forget to stop by our OWASP NYC & CT Chapter Booth

Description: **NOTE: The following will be in effect and mandatory for this meeting venue.** * **RSVPs will close at 11:59 PM PT on Monday, November 18th, so kindly submit your RSVP by then. Walk-ins will not be permitted.** * **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.** * If your first and last name do not appear in our admin view, we will contact you. * Alternatively, feel free to reach out directly or email us at [email protected] to provide that information or any questions you may have regarding the event. **Parking** Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage. **Live Stream** Stream us live on Twitch: http://twitch.tv/owaspoc *Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.* **Talk 1** **The Defender's Advantage: A guide to activating cyber defense** Organizations today face relentless cyberattacks that can compromise their critical assets. The Defender’s Advantage is the concept that organizations have the upper hand in defending against attacks on their own environments. The overview will guide you through understanding the threat landscape, detecting and investigating malicious activity, testing and validating the effectiveness of controls and operations, hunting for active threats. The book goes into detail about each of these concepts to help organizations take control and galvanize their defender’s advantage. **Speaker 1 Bio** Gursev Singh, Sr. Information Security Consultant at Google. A seasoned cybersecurity professional with over 16 years of experience in the field. He has a strong track record of success, leading and managing cybersecurity projects for major customers.Gursev's expertise in cloud security (Google, AWS & Azure), SIEM, and data protection. His deep understanding of infrastructure security and cyber threat and vulnerability management further enhances his ability to analyze threats, identify vulnerabilities, and respond to security incidents.Currently, he's a Sr. Information Security Consultant at Google. **Talk 2** **Developing an Application Security Champions Program** Application security focuses on a specific set of issues which incur risk. Software security in general may cover everything from IT to cloud to access, to authentication, etc. What we are addressing in this discussion is a security program designed to surface and mitigate risk found within applications. Agenda * Remote Code Execution – an infamous example * The recurring cycle of scan, assess, mitigate * Update, Update, Update! * Ownership is essential **Speaker 2 Bio** Rich Newman, Technical Account Manager at Black Duck Software, Inc. Rich was a developer for 13 years in the embedded space, primarily embedded C and assembly code. He then transitioned to field engineering for Wind River, Intel, Coverity and Synopsys for the past 26 years. The technologies he supported covered a wide range of embedded operating systems and tools, live patching, static analysis and security tools and services. He has an active CISSP certification.

Description: **Building tools using eBPF to trace applications / containers** with **Adam Harrison** eBPF is a revolutionary technology that can help solve a variety of use-cases. This talk will provide an introduction to building tools with eBPF, and show how it can be leveraged in the application and network security space.

Description: Hello OWASP Vilnius community! It's been a while and I'm super happy to announce, that there will be a physical event again organised at the new Visma Tech office in Artery Vilnius ! Beer and snacks guaranteed :) Save the date in your calendars: Thursday, November 21st. **Agenda:** **17:30 Welcome coffee, snack & refreshments** **18:00** Opening words from OWASP Vilnius Chapter leader **18:05** **Building a successful Bug Bounty program for Open-Source software-** Darius Šveikauskas, Bounty & Data Overlord at Patchstack OÜ. Darius will discuss the creation and development of the Bug Bounty program for Open-Source software, share his journey from zero to over 6,000 CVEs in just three years, and explain how the program supports other projects. **19:00 Cookies and CHIPS** \- Paulius Leščinskas\, Engineering Manager @ Omnisend\. During the presentation Paulius will elaborate on the 1st and 3rd party cookies\, their differences and the cookie partitioning feature\. **19:45-22:00** Discussions continue with snacks and refreshments sponsored by Visma Tech. The event is free of charge, welcome! -Dominykas

Description: **This event is kindly hosted by Civo Tech Junction and sponsored by Security Compass. There is limited seating available for in-person attendees. Registration required.** **This event will be live-streamed on YouTube.** **Recordings will be available on the OWASP London YouTube channel.** **Venue Location**: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW **Nearest Tube:** Old Street (Northern Line), Cowper Street exit - 1 min walk **Doors Open at 6pm** for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!). **TALKS:** **OWASP Introduction, Welcome and News** \- Sam Stepanyan\, Andra Lezza\, Sherif Mansour \- OWASP London Chapter Leaders **"Security by Design, Not Injection"** – Trevor Young Security by Design encompasses a variety of processes and technologies aimed at embedding security and compliance early in the development lifecycle. We know adopting Security by Design culture and processes can lower risk by preventing vulnerabilities in software, however effectively educating and shifting teams to implement these changes is notoriously difficult. It is a paradigm shift for most organizations, and many of them fail on their first attempt before finding something that works for them. This discussion will highlight how to explain what Security by Design is and will present strategies for communicating the importance and value it delivers. **"OWASP Depscan v6 - The SCA Tool For Agile Builders, Creators, And Doers"** \- Prabhu Subramanian Most SCA tools can be best described as simple SBOM scanners with a backing vulnerability database. This naive design can lead to numerous false positive alerts due to a lack of comprehensive context. To accurately assess an application's security posture, it's crucial to consider its entire lifecycle, from pre-build to post-build, and capture the full-stack information in the form of SBOM, SaaSBOM, CBOM, OBOM etc. OWASP depscan v6 is a groundbreaking SCA tool that addresses these limitations by leveraging full-stack information. This innovative approach enables more precise vulnerability triage and prioritization, empowering developers to take informed action. Join us to meet the project leader behind depscan v6, explore live demos, and delve into the technical intricacies of an xBOM-based SCA tool. **Guest Talk: TBC** **RAFFLE - win a prize kindly donated by our sponsors!** **SPEAKERS:** **Trevor Young** Trevor Young is an entrepreneurial product and technology leader who stays on top of the latest in design, architecture, and creative technologies. Having founded and led companies providing digital offerings, he uncovered his passion for collaborative problem solving, and innovation.He excels at finding inefficiencies in digital markets and disrupting them. Trevor combines strategic leadership with technical ability, formed from experience in a broad background of practical applications. Trevor currently serves as Chief Product Officer at Security Compass, where heleads product strategy for the company's Secure by Design platform, and Application Security Training library. **Prabhu Subramanian (@_prbh)** Prabhu Subramanian is a distinguished security expert and active contributor to the open-source security community. Prabhu is the author and OWASP Leader behind projects such as OWASP CycloneDX Generator (cdxgen) and OWASP depscan. He specializes in Supply Chain Security and offers consultancy to global clients via his company, AppThreat Ltd. **TICKETS:** OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. **CODE OF CONDUCT:** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)

Description: In der Fuggerstadt wird IT-SECURITY groß geschrieben. Egal ob IT-Security-Interessent\*in, CISO, Hacker/Haeckse, Pentester\*in, Entwickler\*in, Netzi, Endanwender\*in oder whatever - alle sind willkommen. Eine OWASP-Mitgliedschaft ist (natürlich wünschenswert, aber) nicht notwendig! **Wir freuen uns auf neue Gesichter, Stammgäste und sporadische Teilnehmer\*innen :-)** **Agenda:** **GOD in a Nutshell** Christian Kölbl wird einen kurzen Erfahrungsbericht über den German OWASP Day 2024 geben: Insights, Training, Chapter Meeting und Vorträge. ...es ist aber natürlich noch Platz für einen Vortrag :-) Du hast einen Vortrag? Melde dich! Wir sind immer auf der Suche nach interessanten Inhalten!! **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst einen Talk halten? Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* **DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event—details to be announced soon! **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 AG, located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!

Description: Velkommen til OWASP temakveld om bug bounty! Finnerlønn for sårbarheter burde vært obligatorisk for viktige publikumsløsninger på internett, men i Norge er det unntaket heller enn regelen. Vi har gleden av å invitere til to erfaringsforedrag om innføring og drift av bug bounty-programmer, og et foredrag om hvordan det er å delta som tester. Det serveres mat kl 17:30, og foredragene starter kl 18:00. Vi vil ha tid til spørsmål og diskusjoner. Temakvelden arrangeres i SpareBank 1 Utviklings møteromssenter. Vi ber om at dere oppgir telefonnummer under påmelding, så vi kan forhåndsregistrere dere som besøkende. **Sett skuddpremie på sårbarhetene dine - Jon Are Rakvåg, SpareBank 1 Utvikling** SpareBank 1 Utvikling lager nettbank, og vi gjør alt vi kan for å gjøre den sikker. Likevel var vi overbevist om at vi hadde sårbarheter vi ikke hadde funnet ennå. Det stemte! La oss snakke om hva SpareBank 1 lærte av å innføre finnerlønn for sårbarheter, og hvorfor du er sprø om du ikke gjør det samme. Hva gjør bug bounties unikt, og hvordan reddet det rumpa til foredragsholderen? 30 min **FINN.no's Secret Sauce: how we went from finding 15 vulnerabilities to over 100 per year! - Emil Vaagland, FINN.no** Since 2019 FINN.no has tried a lot of different appsec tools and processes to improve our security. In this talk you will learn about the most effective of them all, namely our private bug bounty program. In terms of finding real vulnerabilities, this activity outshines any other appsec tool or process by a large margin, it enables us to find a lot more vulnerabilities than before at a fraction of the cost of traditional pen-testing. We will talk about how to run an effective bug bounty program and why it should be the key ingredient of your appsec program. We will also show-case some high impact vulnerability reports we have received to show the real impact you can get from a bug bounty program. 20-30 min **Sårbarheter som hobby - Joakim Harbitz** Å jakte etter sårbarheter kan være både spennende og utfordrende, men hvordan starter man egentlig? Joakim er pentester på dagtid og en dedikert bug bounty hunter på kveldstid. I dette foredraget deler han sine beste tips og triks for å komme i gang, og hvordan man utvikler et tankesett som øker sjansene for å finne den neste sårbarheten. Enten du er nybegynner eller har litt erfaring, vil dette foredraget gi deg innsikt i hvordan du kan skille deg ut i en konkurransepreget arena. Hvordan små detaljer kan avsløre store muligheter og lede deg til sårbarheter ingen andre ser. 20-30 min

Description: It's time for our next OWASP monthly event and on this occasion, we will be having a CTF- style security game night in Detectify Stockholm office. We will start the evening with a mingle at 17:30 followed by the welcome talk that will start at 18:00. After the welcome talks, we will start playing the challenges. Light refreshments and pizzas will be provided. And do not forget to bring your laptops with you! \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- Join OWASP Stockholm mailing list to get notified of upcoming events [https://groups.google.com/a/owasp.org/g/stockholm-chapter](https://groups.google.com/a/owasp.org/g/stockholm-chapter) Join our Slack channel on OWASP Slack *[#chapter-stockholm](https://owasp.slack.com/)*

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* **DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event—details to be announced soon! **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 AG, located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!

Description: Exciting News! Join us at the "OWASP BeNeLux Days 2024" edition on November 28th and 29th in Utrecht, the Netherlands. Explore the latest in security, devops, and cloud with technical talks by industry experts. Get hands-on with top security training sessions. Gain insights from keynotes by industry leaders. Discover cutting-edge security tech at vendor booths. Check the link below for more information and registering for the event: [https://www.owaspbenelux.eu/](https://www.owaspbenelux.eu/)

Description: Exciting News! Join us at the "OWASP BeNeLux Days 2024" edition on November 28th and 29th in Utrecht, the Netherlands. Explore the latest in security, devops, and cloud with technical talks by industry experts. Get hands-on with top security training sessions. Gain insights from keynotes by industry leaders. Discover cutting-edge security tech at vendor booths. Check the link below for more information and registering for the event: [https://www.owaspbenelux.eu/](https://www.owaspbenelux.eu/)

Description: It's music night! Come join us for live music and great chat. Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).

Description: **Criptografia Pós-Quântica: O Futuro da Segurança Digital - OWASP BH no BHack Conference 2024** **Apresentação Especial OWASP Belo Horizonte** **Data: 30/11/2024 (Sábado)** ⏰ **Horário: 12:00** ** Local: MinasCentro - Auditório Principal** **Desconto Especial para Membros OWASP BH** **ATENÇÃO ESPECIAL** Nossa palestra acontecerá durante o intervalo do almoço. Quando for anunciado o horário de almoço, pedimos que os interessados na apresentação **permaneçam no auditório principal**. A palestra começará logo em seguida! **Sobre a Palestra** Em um momento crucial para a segurança da informação, onde a computação quântica ameaça os fundamentos da criptografia atual, convidamos você para uma apresentação especial sobre Criptografia Pós-Quântica (PQC). Nesta sessão, exploraremos: \- Fundamentos da criptografia pós\-quântica \- Análise detalhada do paper NIST sobre PQC \- Os algoritmos selecionados para padronização FIPS \- Impactos práticos para a segurança da informação **Nosso Palestrante** Lucas Gontijo \- Gerente Sênior de Cybersecurity do Inter \- \+20 anos de experiência em Tecnologia \- Membro do PCI Standards Security Council \- Membro da liderança do capítulo OWASP Belo Horizonte \- Conselheiro regional e global de segurança de cartões [LinkedIn do Palestrante](%5Bhttps://www.linkedin.com/in/lucas-gontijo/%5D(https://www.linkedin.com/in/lucas-gontijo/)) **Como Participar** **Ingressos** [Adquira seu ingresso aqui](https://www.sympla.com.br/evento/bhack-conference-2024/2370955) **Desconto Especial OWASP** **Membros OWASP BH**: Use o cupom **BHack-OWASP2024-68AJFR** para obter 20% de desconto! **Local do Evento** MinasCentro Rua dos Guajajaras, 1022 - Centro Belo Horizonte, MG **Informações Importantes** Esta apresentação faz parte da programação oficial do BHack Conference 2024, um dos mais importantes eventos de segurança da informação do Brasil, em sua 13ª edição. **Cronograma do Dia** \- Quando for anunciado o intervalo para almoço\, fique no auditório principal \- Nossa palestra começará pontualmente às 12:00 \- Duração: 2 horas de conteúdo exclusivo **Observações** \- Este é um evento presencial \- A apresentação acontecerá no auditório principal do MinasCentro \- Aproveite a oportunidade para networking durante o horário do almoço Não perca esta oportunidade única de aprender sobre o futuro da criptografia com um dos principais especialistas da área! #OWASP #BHack #Cybersecurity #PQC #CriptografiaPosQuantica #InfoSec

Description: Participe do Evento OWASP Fortaleza! Data: 30 de novembro de 2024 ⏰ Horário: 10h Formato: Online Tema: Broken Access Control - Riscos para o setor financeiro e como evitá-los com modelagem de ameaças e outras medidas ‍ Palestrantes: **Pedro Vargas** \- https://www\.linkedin\.com/in/pedro\-vargas\-260b9714b **Danilo Costa** \- https://www\.linkedin\.com/in/danilomcosta/ Em 2020, Danilo descobriu a vulnerabilidade Fortinet CVE-2020-15939 (https://www.fortiguard.com/psirt/FG-IR-20-071). Essa CVE permite o download limitado pelo usuário e acesso restrito a informações específicas. Esse tipo de vulnerabilidade não é incomum; existem outros casos de CVEs com padrões semelhantes. Agora, vamos refletir sobre o risco para o setor financeiro: o que poderia acontecer se um usuário não autorizado acessasse informações confidenciais? Nesta apresentação, Pedro Vargas e Danilo demonstrarão como, por meio da modelagem de ameaças, é possível planejar um ataque e, ao mesmo tempo, mitigar os riscos utilizando requisitos de segurança. Inscreva-se agora e garanta sua participação! Não perca esta oportunidade de se atualizar com os melhores insights sobre segurança digital!

Description: Ce meetup se deroulera chez **OCTO Technology** que nous remercions chaleureusement de leur soutien. OWASP Paris est le meetup dédié à la sécurité applicative. Pour rappel, le meetup se veut non commercial. Il réunit toutes personnes désireuses de concevoir et maintenir des logiciels plus sûrs. Si vous êtes intéressé par le sujet, que vous soyez débutant ou expert, n'hésitez pas à nous rejoindre pour partager vos expériences ou vos problématiques. Ce meetup propose des sessions organisées en mode "forum ouvert". Les sujets sont proposés par les participants lors de la séance. Partages de connaissances, retour d'expériences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme! **Lightning Talks:** La soirée commence par de courtes présentations. Chacun peut s'il le veut proposer une présentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une démo ou un retour d'expérience, alors vous pouvez préparer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le présenter au début de la soirée. Si vous n'avez jamais fait de présentation avant, c'est l'occasion de commencer dans une ambiance sympa. **Workshop:** La soirée se poursuit avec des activités menées en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au début de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets préférés donnent lieu à des activités en groupes pendant un peu plus d'une heure. Des écrans seront disponibles Le format se veut bienveillant. Pas besoin d'être expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'échange et le partage. L'agenda et le compte-rendu des précédents meetups est accessible ici: https://owasp.org/www-chapter-france/

Description: **Reverse Engineering Basics** (75 min) We'll go over the basics of reverse engineering starting with what it is and why the activity is so important. We'll cover the reverse engineering mindset, executable formats, tools (we'll mostly use Ghirda [https://ghidra-sre.org/](https://ghidra-sre.org/), but touch on IDAPro, and ImHex) of the trade, we'll touch on reverse engineering techniques for embedded devices as well. Lastly we'll have an executable for everyone to reverse engineer. So bring your laptop with Ghirda installed (feel free to install the other two as well). **NOTE: We are starting at 7:30 pm beginning this month. Also, the date is Tues, December 3rd. The original email had the wrong date. Apologies!**

Description: Hi, This time we will focus on threat modeling - a proactive technique of risk analysis which could help to determine and fix potential vulnerabilities before they will even appear in the code, configuration or architecture. Nowadays "threat modeling" has become a trendy buzz word. During our meetup we will try to uncover it's real meaning and discuss how to practically implement threat modeling in software development lifecycle. Agenda: 1. **Threat modeling for application security – a case study** *Marta Rusek (Senior Cloud Security Engineer) & Wiktor Cudek (Principal Cloud Security Engineer) - Pegasystems.* Threat modeling is one of the parts of the SDLC process, that embed security throughout early stages of development. Thanks to that, we are able to detect potential problems at the beginning and avoid a lot of changes on the advanced maturity of the product. The goal of this presentation is to compare the most well-known Threat Modeling methodologies, their strong and weak sides. Based on our knowledge, we will compare these methods with the process and tools that are used in our company, and share our experience based on the work with development teams. 2. After the break, we will host a **discussion about threat modeling**. Share our experiences with TM. When it's applicable. How to start doing TM in your project? Which techniques and methodologies works and when? What should be our goals? Is it possible to simplify the threat modeling process? That's just example of questions that we want to ask. Please RSVP and save the date! If you have a minute, **please share this invitation** with friends and in your social media.

Description: OWASP IL is excited to announce our next Meetup! Join us for an evening filled with engaging discussions on application security, networking with the AppSec community, and of course, delicious food and drinks. We’re thrilled to have this event graciously hosted by JFrog at their amazing offices. Don’t miss this opportunity to connect, learn, and grow with fellow security enthusiasts! ==================================================================== Agenda: TBD ==================================================================== This event is hosted by JFrog in collaboration with OWASP Israel. Join us at the event physically as we will not include Zoom or remote participation this time.

Description: Come and join us at our first OWASP Warwick CTF. This is a ticketed event. Only those with a ticket will be able to participate. We are looking for both students and industry to take part.

Description: Hey all, Just a heads up to get this in your calendar - we've got our next meetup coming up! Date: Thursday 5th December 2024 ⏰ Time: 6:00 PM onwards Location: Hays Office, Central Birmingham As usual, we'll have: * Two exciting cybersecurity talks * Food and refreshments provided * A chance to talk and connect with folks from across the cyber sector in the Midlands All are welcome - from students to veterans and everyone in between! Full agenda and speaker details will follow closer to the date. *\*\*\*First Talk Announcement\*\*\** **Speaker:** David Archer (Solution Architect at Endor Labs) **Title:** Ship Happens: The Stormy Seas of Supply Chain Security **Synopsis:** Modern software development is a sprawling network of open-source dependencies, sophisticated build tools, plugins, pipelines, repositories and runtimes. This “supply chain” is under relentless attack and many of the potential threats are poorly understood by our development and security teams. We’ll take a warts-and-all look at how software is produced, re-used and “secured”. We'll explore strategies to mitigate some of the threats that exist and share practical takeaways that you can immediately implement in their software development practices. Expect to leave with a feeling of dread(!), but also hopefully a deeper understanding of supply chain security and where you should pay closer attention to your software factory. *\*\*\*Second Talk Announcement\*\*\** **Speaker:** James Holland (Technology Innovation at Palo Alto Networks) **Title:** How to secure the Black Hat infrastructure **Synopsis:** There's a good reason that the organisers of the Black Hat conferences don't use the hots venue's own infrastructure. In fact there are many: ethical hackers learning and testing their skills, not-so-ethical hackers looking for targets, researchers demonstrating new offensive techniques, plus a lot of legal implications too. We'll go behind the scenes at the network and security operations centres for the Black Hat conferences worldwide, to share more details, stories and plain-text credentials. Looking forward to seeing you there! Best regards, Jim + Nathe OWASP Birmingham Chapter Leaders

Description: Join us in celebrating yet another end to an amazing year. No presentations, just a catch up with all you hackers, security experts and enthusiasts alike. Tell us about sweet hacks you’ve done or things you’ve heard about. Hope to see you there!

Description: **Title** Online Secure Coding Tournament with Security Journey **Location** Virtual - Register at [https://info.securityjourney.com/owasp-indianapolis-ctf](https://info.securityjourney.com/owasp-indianapolis-ctf). You will be emailed login information before the tournament starts. There will be a Zoom call during the event - [https://us02web.zoom.us/j/87163909513?pwd=L3pCVSWXDuEreLZwS8o8wHr0c5INPh.1&from=addon](https://us02web.zoom.us/j/87163909513?pwd=L3pCVSWXDuEreLZwS8o8wHr0c5INPh.1&from=addon) **Details** * **Prizes** \- Security Journey will provide $100\, $50\, & $25 for first\, second\, and third place\. The tournament will be running for 48 hours\, but the prizes will be awarded to the leaders at 8PM on the day of the meetup\. * **Languages -** The supported languages in the tournament are C#, Java, JavaScript, Ruby, and Python

Description: This is an In-Person OWASP Orlando Chapter Meeting Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **Tony Turner** Topic: Five Elements of Trust - Tony with present on 5 elements of trustworthy software, useful in establishing software and technology assurance in your supply chains. Speaker 2: **TBD** Topic: TBD

Description: Join us for an exciting evening of cybersecurity challenges at the IT-University of Copenhagen on December 10th, starting at 5 PM! Get ready to embark on a thrilling adventure as we host a Viking-themed Capture The Flag (CTF) tournament, sponsored by Secure Code Warrior. Gather your crew, test your skills, and compete for prizes while enjoying pizza and drinks provided by our generous sponsor. Whether you're a seasoned pro or new to the world of CTFs, this event promises to be a fun and engaging experience for all. Put your best Viking attire, form your teams, and prepare for battle! Don’t miss out on this opportunity to sharpen your skills, connect with fellow enthusiasts, and have a great time!

Description: **Exploiting deserialization vulnerabilities in recent Java versions** Due to attack techniques such as Insecure Deserialization and JNDI Injection, Java applications were prime targets for attackers. However, recent changes in Java have rendered many known exploits and attack patterns ineffective in newer versions. This talk will provide an overview of these changes and discuss which techniques are still viable. Additionally, we will discuss how to harden existing Java applications that run on current Java versions. **Agenda (Subject to Change):** * **6:00 PM**: Arrival * **6:30 PM - 7:30 PM**: Presentation * **7:30 PM - approximately 9:00 PM**: Barbecue, drinks, discussion, and networking

Description: In der Fuggerstadt wird IT-SECURITY groß geschrieben. Egal ob IT-Security-Interessent\*in, CISO, Hacker/Haeckse, Pentester\*in, Entwickler\*in, Netzi, Endanwender\*in oder whatever - alle sind willkommen. Eine OWASP-Mitgliedschaft ist (natürlich wünschenswert, aber) nicht notwendig! **Wir freuen uns auf neue Gesichter, Stammgäste und sporadische Teilnehmer\*innen :-)** **Agenda tbd** **-> WICHTIG: Dieses Mal *nicht* im Thing, sondern bei Meteocontrol!** Du hast einen Vortrag? Melde dich! Wir sind immer auf der Suche nach interessanten Inhalten!! **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst einen Talk halten? Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben

Description: **Haley Kelly** is a dedicated cybersecurity professional who is passionate about sharing knowledge and inspiring others. After overcoming some challenges in the job market, she successfully landed an internship at GuidePoint Security. Through mentorship, networking, and continuous learning, Haley has gained valuable insights into the cybersecurity industry. In this talk, she will share practical tips and strategies that helped her break into the field, including the importance of building relationships, attending industry events, and staying current on the latest trends. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)

Description: Invite only meal, please submit attendance though group comms channel

Description: **Join us for the Edmonton OWASP Christmas Party at Beer Revolution!** Celebrate the holiday season with fellow cybersecurity enthusiasts as we socialize, enjoy great beer, and dive into fun and interactive cybersecurity board games. It's the perfect mix of networking, games, and festive cheer—don’t miss out! This casual event kicks off at 2 PM, but there’s no strict schedule. Drop by anytime in the afternoon or evening to join the fun. Whether you’re popping in for a quick drink, some socializing, or diving into a full game session, you’re welcome to come and go as you please. Relax, connect, and enjoy the festive vibes at your own pace! **Cybersecurity Games to Play:** 1. **Backdoors and Breaches** A strategic incident response game where players simulate cyberattacks and defenses using real-world TTPs. Can you outsmart the attackers or defenders? 2. **Hoxhunt Social Engineering Game** A *Cards Against Humanity*-style game with a cybersecurity twist! Craft hilarious and devious social engineering attacks for laughs and learning. 3. **SANS Pen Test Poster: Pivots & Payloads Boardgame** A hands-on pen-testing board game where players exploit networks, deploy payloads, and test their skills in lateral movement and defense. Come for the beer, stay for the fun, and celebrate the season with cybersecurity flair! **RSVP now to let us know you're coming and help us plan for an amazing time!** Whether you're a cybersecurity pro or just curious, we’d love to see you there!

Description: Hi everyone - Let's plan to meet up at the Indy Hackers Holiday Social as our final meeting of the year! **\*\* Important \*\*** RSVP'ing to this meetup event doesn't register you for the Indy Hackers Holiday Social. Please register for the event at - https://www.eventbrite.com/e/2024-indy-hackers-holiday-social-tickets-1063326240409?aff=ebdssbdestsearch

Description: OWASP topic TBA

Description: Free with RSVP, 21+ with valid ID Join the Atlanta Cybersecurity Engineers Holiday Party sponsored by OWASP Atlanta Chapter in partnership with BlackHat Society, DC404, and Cyber Breakfast Club. We will celebrate our vibrant community with fresh tunes from local DJs, and play video games from gaming pop-up CartridgeATL. The winner of the gaming tournament will receive a $100 prize! Arrive on time so you can sign up. Evening festivities will be from 7PM - 11PM on Tuesday, December 17th, 2024. If you're interested in donating to the evening so we can provide complimentary food and drinks, please email [[email protected]](mailto:[email protected]). They will provide you details on your tax deductible donation. Thank you! Please RSVP directly with the venue here: [https://smithsoldebar.freshtix.com/events/owasp-foundation-holiday-party](https://smithsoldebar.freshtix.com/events/owasp-foundation-holiday-party)