Quick List (Details below)
-
September joint meetup with CSA - Bay Area, Sep 23
-
OWASP Seoul Chapter 9 : - Seoul, Sep 23
-
OWASP Student Chapter UPY Inauguration - Universidad Politecnica De Yucatan Student Chapter, Sep 23
-
15. OWASP Augsburg Stammtisch - Augsburg, Sep 24
-
OWASP Frankfurt Chapter Meetup #73 - Hands-On OWASP Workshop - Frankfurt, Sep 24
-
OWASP LA Monthly In-Person Meeting - Sep 24, 2025 - Los Angeles, Sep 24
-
Modern Security Strategy and Safeguarding the Public Services Sector - Los Angeles, Sep 24
-
Future-Proofing Your Application Security for 2025 and Beyond - Nashville, Sep 24
-
Wasatch AppSec/OWASP-SLC - Hosting a CTF using OWASP Juice Shop - Salt Lake City, Sep 24
-
OWASP Frankfurt Chapter Meetup #73 - Hands-On OWASP Workshop - Wrongsecrets, Sep 24
-
OWASP Colorado Springs Social Hour - SEP 25th - Colorado Springs, Sep 25
-
Stop Threats Before They Reach Your Network - Orange County, Sep 25
-
Monthly Networking Social: Brewery Tap! - Peterborough, Sep 25
-
7th OWASP Stuttgart Chapter Stammtisch - Stuttgart, Sep 25
-
OWASP Austin Chapter Monthly Meeting - September 2025 (Online) - Austin, Sep 30
-
OWASP BE chapter meeting (30/09/2025, Louvain-La-Neuve) - Belgium, Sep 30
-
OWASP & WiTCH: Distributed Security Champions - Bristol Uk, Sep 30
-
OWASP Saint Louis In-Person Meetup - Saint Louis, Sep 30
-
OWASP UY Meetup - Setiembre - Uruguay, Sep 30
-
First Annual Security Champions Summit - Los Angeles, Oct 01
-
Practical approach to building AI multi-agent systems - Suffolk, Oct 02
-
The 2025 California Technology Summit - Los Angeles, Oct 08
-
Security Social Lunch Hours - Seattle, Oct 08
-
October community call - OWASP SAMM - Samm, Oct 08
-
A Night of AI Hacking - Copenhagen, Oct 09
-
OWASP DevSecOps in Action: Secure by Design – From Containers to AI Agents - Dubai, Oct 09
-
Hands-on Workshop OWASP LA - OCT 9, 2025 - Los Angeles, Oct 09
-
OWASP NYC Chapter NYC Hackfest with a Secure Code Showdown - New York City, Oct 09
-
OWASP Ottawa Oct 9th 2025: Secure Code Is Critical Infrastructure with T. Janca - Ottawa, Oct 09
-
Security Journey - Secure Coding Tournament - Edmonton, Oct 10
-
National Level CTF Competition Round 1 - Jaihind College Of Engineering Kuran, Oct 10
-
OWASP SAMM Community Call - Samm, Oct 10
-
Authenticate 2025 Conference (FIDO Alliance) - Los Angeles, Oct 13
-
OWASP October In-Person Meet - The AI Appsec Nightmare - Dallas, Oct 14
-
OWASP Virtual Chapter with Guest Speaker Aaron Lord - Virtual, Oct 15
-
WebRTC forFun and Profit - Columbus, Oct 16
-
From Zero to Security Hero: Career Growth in Application Security - Vancouver, Oct 16
-
OWASP AppSec Days Bangalore Conference - 2025 - Bangalore, Oct 18
-
Business Logic Abuse: Technology Agnostic Mapping of Attack Types - Jacksonville, Oct 20
-
Demystifying SOC 2 for Your AppSec Program - Northern Virginia, Oct 21
-
Secure Coding Tournament with Security Journey - Cincinnati, Oct 22
-
OWASP LA Monthly In-Person Meeting -Oct 22, 2025 - Los Angeles, Oct 22
-
Secure Vibe Coding: 3 Key Lessons - Nashville, Oct 22
September 23, 2025
Time: 17:00-07:00 (America/Los_Angeles)
Description: Join us for the Bay Area OWASP group's upcoming event. Event is jointly hosted with CSA SF Chapter and sponsored by Corgea.
Join us for an evening of great conversations, community networking, and insightful security discussions — all in an awesome venue provided by **Corgea**. And yes, there will be **delicious food and drinks** generously provided by our sponsors
5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introductions
5.40-6.25 PM :- **Vibe coding in action: When AI meets creativity -Ahmad**
6.25-7.10 PM :- **How to do MCP security right**
7.10-7.55 PM :- **Panel discussion : Panel Topic: AI on day one: Building Trust , Busting Myths, and Dodging Pitfalls Abhishek Bansal , Ahmed Sadeddin and Badari Kalagi**
**Talk:-** **How to do MCP security right**
The **Model Context Protocol (MCP)** is emerging as a standard for connecting LLMs to tools and data sources. But while it unlocks powerful capabilities, its approach to security leaves much to be desired. In this post, I’ll walk through the problems with MCP security, why we need a stronger model, why “biscuits” are a surprisingly effective foundation, and how we’re demonstrating this with a proof-of-concept on healthcare data.
**Speaker:** Eugene Weiss is a cybersecurity and AI leader who has pioneered Zero-Trust architectures, deep-learning threat detection, and secure AI frameworks integrating human and machine identities. Currently CTO at Stash Global.
Time: 19:00+09:00 (Asia/Seoul)
Description: OWASP Seoul Chapter 2025 9 !
OWASP 9 . . .
**! . .**
!
(All sessions will be equipped with AI-powered real-time translation.)
** (5)**
* OWASP Foundation Seoul Chapter
* OWASP
** #1: ComplOps . (ft. Integration & Automation) (40)**
- Security Compliance Analyst
IT . Security Compliance Team . 'ComplOps' .
** #2: Security Compliance Engineer: (30)**
- Security Compliance Engineer
IT AI , 'Security Manager' . Security Compliance Engineer , Security Compliance Engineer 3 .
* : 2025 9 23() 19:00 \~ 21:00 (KST)
* : 13 - https://naver.me/GmbM1R74 ( )
* :
* Meetup . meetup . .
OWASP Seoul Chapter
OWASP Slack .
* : [https://open.kakao.com/o/gS5IxXxh](https://open.kakao.com/o/gS5IxXxh)
* OWASP Slack ([https://owasp.org/slack/invite](https://owasp.org/slack/invite)) , (#chapter-Seoul) .
* OWASP .
[email protected] .
* - https://forms.gle/xvEJCjDMEmYr1rKN7
Time: 10:00-06:00 (America/Merida)
Description: ¡Únete a nosotros para celebrar la inauguración de nuestro capítulo estudiantil de OWASP! Este evento marca el inicio de un espacio dedicado a la ciberseguridad, la privacidad digital y la colaboración entre estudiantes interesados en proteger el mundo digital.
Durante la inauguración contaremos con una **charla principal** a cargo de expertos en seguridad, **palabras del rector** de la universidad, una presentación sobre **oportunidades y participación en OWASP**, y un **taller práctico sobre el OWASP Top 10**, donde aprenderás las principales vulnerabilidades web y cómo mitigarlas.
Este es un evento ideal para estudiantes de todas las carreras que quieran introducirse en la seguridad informática, conectar con profesionales del área y comenzar a formar parte de la comunidad OWASP.
**¡No te lo pierdas y asegura tu lugar!**
September 24, 2025
Time: 19:00+02:00 (Europe/Berlin)
Description: In der Fuggerstadt wird IT-SECURITY groß geschrieben. Egal ob IT-Security-Interessent\*in, CISO, Hacker/Haeckse, Pentester\*in, Entwickler\*in, Netzi, Endanwender\*in oder whatever - alle sind willkommen. Eine OWASP-Mitgliedschaft ist (natürlich wünschenswert, aber) nicht notwendig!
**Wir freuen uns auf neue Gesichter, Stammgäste und sporadische Teilnehmer\*innen :-)**
**Agenda: tbd -> Wir suchen noch Vorträge!**
**Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben.
Du hast eine Idee oder willst auch einen Talk halten? Super, wir sind immer auf der Suche nach interessanten Inhalten. Egal ob Vortrag, Diskussion, Idee, Lightning-Talk, etc. Wir dienen auch gerne als Probepublikum :-) Melde dich einfach!
Wichtiges für Talks in aller Kürze:
* Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung
* Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo
* Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest
* Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben
Time: 18:00+02:00 (Europe/Berlin)
Description: Hello everyone, we're excited to invite you to the **OWASP Frankfurt Chapter** Meetup #73!
Our OWASP Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event.
*What are we going to do?*
* We’re excited to welcome **Javan Rasokat** for a 2-hour **hands-on OWASP workshop** that tackles the challenges of modern web security – *moving from reactive patching to proactive prevention.*
**IMPORTANT NOTE:** As this is a hands-on workshop, **you'll be expected** to **bring along a laptop with** **a pre-configured environment** (nodeJS or Docker) and a code editor of your choice (see further information below).
In this interactive session, you’ll explore how to eliminate entire classes of web vulnerabilities using modern browser security features such as:
* Content Security Policy Level 3 (CSPv3)
* Trusted Types
* Sec-Fetch Metadata
Through group-based, hands-on exercises using a pre-secured demo application, you’ll test real-world security features, analyze their effectiveness, and learn how to enforce them at scale across your own environments. This workshop is designed to be language-agnostic and accessible – whether you're a developer, security engineer, or architect.
*What To Bring?*
* A **laptop** capable of running either a **NodeJS-based** web app or a **Docker container**
* A **code editor** of your choice
* Note: **No programming knowledge** is needed.
**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.
*Afterwards?*
We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks.
*When?*
Our Meetup takes place on **24.09.2025** from **18.00 to 21.00** o'clock CEST.
*Where?* The event will be held at usd AG, located at Frankfurter Str. 233/Haus c1, 63263 Neu-Isenburg, Germany.
*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)
*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.
*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!
Time: 17:30-07:00 (America/Los_Angeles)
Description: **TOPIC:** **From input-handling flaws to crashables: Security lessons from LLM-based coding tools**
Join us for great networking, dinner and drinks, and see a presentation by **Mahesh Babu**, is a former VP of Information Security turned company builder who now leads growth at **Kodem Security**.
**ABSTRACT**: Claude Code illustrates how LLM-based coding tools expand the attack surface. Design choices around approvals, parsing, and error handling can turn into security flaws. We present specific findings Kodem uncovered in Claude Code. Both issues highlight how LLM-based coding tools introduce new misconfiguration and input-handling risks. This talk dissects the issues, their broader implications for AI developer tools, and practical mitigations.
**Thanks to our SPONSOR**: *[Kodem Security](https://www.kodemsecurity.com/)*
*The AppSec chase is over.*
*Swap endless alerts with focused action. Simplify the remediation of your most exploitable issues through runtime security.*
**SPONSORSHIP Opportunities Available**
*Vendors interested in sponsoring please send an email to
[email protected]*
**Thanks to our HOST**: *[Accenture](https://www.accenture.com/)*
*Assisting our customers in creating their future*
**CODE OF CONDUCT**
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)
Time: 15:00-07:00 (America/Los_Angeles)
Description: If you plan on joining OWASP LA's event on Sep 24, 2025, consider joining an exclusive event (right before ours) with [Accenture](http://accenture.com/) and [Nozomi Networks](https://www.nozominetworks.com/); bring your expertise to the table and contribute to the discussion from an **AppSec** perspective.
Discover how a modern security strategy can safeguard the Public Services sector against evolving Operational Technology (**OT**) and **IoT** security threats, as traditional approaches like segmentation and air gapping fall short in the face of human error, physical sabotage, and increasingly complex cyberattacks.
**Wednesday, September 24th**
3 – 4:15 pm Presentation
4:15 – 5:30 pm Refreshments, Light Bites, Networking
**Accenture Los Angeles Office**, 1003 E. 4th Place, 8th Floor, Los Angeles, CA 90013
**What to expect:**
* Emerging threats and vulnerabilities in OT/ICS/IoT environments
* How Accenture and Nozomi Networks deliver end-to-end OT security solutions
* Real-world case studies and deployment insights
* Gaining full asset visibility and identifying network blind spots
* Advanced threat detection and vulnerability assessment techniques
* Predicting and detecting OT process and stability issues to prevent downtime
* Live Q&A with our OT security experts
* Wrap up the event with an opportunity to connect with fellow attendees over refreshments and light bites
**Space is limited.** **[Register today](https://web.cvent.com/event/bda8928b-2676-427b-a84b-381d0a76b186/summary?RefId=Home)**. \*\* **Make Sure** \*\* after you fill out your information, select the registration for **the Los Angeles Office** on the 2nd page.
**Arlene Mordeno**
Security, Public Services - California
Time: 17:00-05:00 (America/Chicago)
Description: Software development has undergone seismic shifts over the last 20 years: the Agile movement, the rise of DevOps and cloud native practices, and now the AI and generative development era. With AI code assistants and “vibe coding” on the rise, we’re seeing faster delivery—along with new and complex risks. Over the last 10 years of DevSecOps journey, shift-left also achieved little success. Application Security needs a fundamental reset for the future. In this talk, we will discuss how modern approaches and technology innovations that are built to solve three of the biggest challenges in application security that must evolve for the AI Era – Speed, Coverage & Scale, and Context. We will explore three common scenarios: (1) Inventory and Secure net new applications, (2) Reduce risk and volume of existing security backlog by prioritizing and fixing what matters, and (3) Expand coverage to address emerging blind spots in AI-assisted application development
Time: 12:00-06:00 (America/Denver)
Description: Learn how to set up a CTF using OWASP Juice Shop and use it as a training tool in your organization. We will be reviewing Juice Shop, configuring a Juice Shop CTF, and talking about the logistics for the players.
Zoom Link: https://us06web.zoom.us/j/82871949172?pwd=WbhgOa2AzHh1WSStB0ws1UL4Sa3GW0.1
Resources:
[OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
[Pwning OWASP Juice Shop CTF-mode](https://pwning.owasp-juice.shop/companion-guide/latest/part4/ctf.html)
Time: 18:00+02:00 (Europe/Berlin)
Description: Hello everyone, we're excited to invite you to the **OWASP Frankfurt Chapter** Meetup #73!
Our OWASP Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event.
*What are we going to do?*
* We’re excited to welcome **Javan Rasokat** for a 2-hour **hands-on OWASP workshop** that tackles the challenges of modern web security – *moving from reactive patching to proactive prevention.*
**IMPORTANT NOTE:** As this is a hands-on workshop, **you'll be expected** to **bring along a laptop with** **a pre-configured environment** (nodeJS or Docker) and a code editor of your choice (see further information below).
In this interactive session, you’ll explore how to eliminate entire classes of web vulnerabilities using modern browser security features such as:
* Content Security Policy Level 3 (CSPv3)
* Trusted Types
* Sec-Fetch Metadata
Through group-based, hands-on exercises using a pre-secured demo application, you’ll test real-world security features, analyze their effectiveness, and learn how to enforce them at scale across your own environments. This workshop is designed to be language-agnostic and accessible – whether you're a developer, security engineer, or architect.
*What To Bring?*
* A **laptop** capable of running either a **NodeJS-based** web app or a **Docker container**
* A **code editor** of your choice
* Note: **No programming knowledge** is needed.
**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.
*Afterwards?*
We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks.
*When?*
Our Meetup takes place on **24.09.2025** from **18.00 to 21.00** o'clock CEST.
*Where?* The event will be held at usd AG, located at Frankfurter Str. 233/Haus c1, 63263 Neu-Isenburg, Germany.
*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)
*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.
*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!
September 25, 2025
Time: 18:00-06:00 (America/Denver)
Description: **OWASP Colorado Springs Social Hour – Save the Date!**
Here’s your chance to connect with the local security community, share ideas, and find out what's new with OWASP projects.
Come for the community, stay for the conversations.
Join us **September 25th, 6 to 8 PM** (in person) for a casual evening of networking, conversations, and community.
We’ll also highlight ongoing **OWASP projects** you can still jump in on, this is a great chance to connect and contribute!
TRiNiTY Brewing at Forge Road Brewery
** September 25th, 6 - 8 PM (in person)**
Time: 18:00-07:00 (America/Los_Angeles)
Description: **NOTE: We will email attendees the address.**
**The following will be in effect and mandatory for this meeting venue.**
* **RSVPs will close at 11:59 PM PT on Tuesday, September 23rd, so kindly submit your RSVP by then. Walk-ins will not be permitted.**
* **Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.**
* If your first and last name do not appear in our admin view, we will contact you.
* Alternatively, feel free to reach out directly or email us at [
[email protected]](http://
[email protected]) to provide that information or any questions you may have regarding the event.
**Parking**
Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage.
Time: 19:00+01:00 (Europe/London)
Description: **What & Where?**
* Social Drinks @ The Brewery Tap!
**When?**
* \- Thursday 25th September
Everybody welcome!
Thank you,
Ryan & Mark
Time: 18:00+02:00 (Europe/Berlin)
Description: **All about MCP Security**
Imagine giving your AI assistant a universal plug to access all your tools and data - sounds convenient, right? That's what the Model Context Protocol (MCP) offers, acting like a USB-C for AI integrations. However, this convenience comes with significant security risks.
In this session, we'll explore how MCP's open connections can be exploited, leading to issues like unauthorized data access and malicious command execution. We'll discuss real-world examples of vulnerabilities, such as command injection flaws and tool poisoning attacks, that have been identified in MCP implementations
**Agenda (Subject to Change):**
* **6:00 PM**: Arrival
* **6:30 PM - 7:30 PM**: Presentation
* **7:30 PM - approximately 9:00 PM**: Barbecue, drinks, discussion, and networking
September 30, 2025
Time: 11:30-05:00 (America/Chicago)
Description: 30 minutes of meet-and-greet and Chapter information, then the Presentation!
*Note: if attending in person, sign up at [https://owasp-austin-2025-september.eventbrite.com](https://owasp-austin-2025-september.eventbrite.com))*
**Terraforming Your Way To Better Security**
by Mark Spears
Terraforming isn’t just for cloud infrastructure. There are security considerations and providers that also are on Terraform. In this presentation, we will look and demo at how to Terraform our security pieces like Web Application Firewall and Zero Trust into our environments along with the cloud infrastructure keeping our OWASP environments safe(r).
Time: 17:30+02:00 (Europe/Brussels)
Description: On September 30th, we organize our next OWASP Belgium chapter meeting at The Gate (Mont-Saint-Guibert).
**Agenda**:
* 17:30 - 18:20 : Welcome (drinks + sandwiches)
* 18:20 - 18:30: **OWASP update**
* 18:30 - 19:30: **Learning to Detect Malware: Features, Pitfalls, and Adversarial Threats** (by Charles-Henry Bertrand Van Ouytsel, UCLouvain)
* 19:30 - 19:45 : break
* 19:45 - 20:45 : **Integrating Security Without Slowing Development: A Pragmatic DevSecOps Approach** (by Steve Mihy, Approach Cyber)
* 20:45 - 21:30 : Refreshments
More info can be found on the Belgium OWASP chapter page at [https://owasp.org/www-chapter-belgium#div-meetings](https://owasp.org/www-chapter-belgium/#div-meetings) .
Our chapter meetings are open for everyone, and attendance is free of charge. We ask you to register on Meetup in order to provide you with last-minute updates, if needed.
Time: 18:00+01:00 (Europe/London)
Description: Another joint event with WiTCH (Women in Tech & Cyber Hub), starting with a talk from Jon Gadsden titled 'Distributed Security Champions: working for developers'
* **6:00** Meet and greet with light refreshments
* **6:30** Introduction to OWASP and news, with a warm welcome to WiTCH
* **6:40** Talk "Distributed Security Champions" by Jon Gadsden from Ping Identity
* **7:15** Discussion led by Chloe Gibbs from WiTCH
* **7:45** Wrap up with any final comments and discussion
Most of us are familiar with Security Champions programs and how they can help bridge the gap between the developers and security teams.
Ideally with a Security Champions program is in place the development team can ensure the Secure Development LifeCycle is effective, but what about in practice?
This talk seeks to identify problems with existing Security Champions programs and suggests a new paradigm: Distributed Security Champions.
**Location**:
Hybrid event hosted by Ping Identity, 7th Floor, Prologue Works, 25 Marsh Street, Bristol BS1 4AX
If you can not attend in person then there is the option of attending remotely, the link to join the meeting will be shared on registration.
It is intended that the meeting will be recorded
Time: 18:00-05:00 (America/Chicago)
Description: **OWASP Saint Louis Chapter Relaunch – First Meeting**
The OWASP Saint Louis Chapter is back! Join us for our first meeting as we officially restart the local chapter. Whether you’re a security professional, software developer, technology leader, or simply curious about application security, this is your chance to connect with like-minded peers in the Saint Louis area.
**What to Expect**
* Meet the new chapter co-leaders, **Andre Van Klaveren** and **Nathan Byrd**.
* Learn about OWASP’s mission and the vision for our local chapter.
* Help shape the future of OWASP Saint Louis by sharing what topics, speakers, and activities you’d like to see in upcoming meetings.
* Network with fellow professionals who care about building and securing great software.
* **Food & Drink provided!**
**Speakers**
Our first session will focus on introductions and planning, with featured speakers for future meetings to be announced soon.
**Event Details**
**Location:** RubinBrown, 7676 Forsyth Blvd., Suite 2100, Saint Louis, MO 63105
**Date/Time:** September 30, 2025 / 6:00pm CDT
ℹ **Parking Directions:**
* Google map to “North Lyle Avenue & Forsyth Boulevard, Clayton, MO 63105” Link: https://maps.app.goo.gl/WYqyZ3Jv9cUBBF289
* Enter the **Parking Garage #4** (from Forsyth Blvd) next to Dry Bar
* **Pull a ticket at the gate** and proceed into the garage, turning right.
* Up the ramp is visitor parking. **You may have to go up past the 6th floor.**
* **Take elevator to \*L** (Lobby of Centene Plaza C)
* Check in at the OWASP sign-in table in the lobby; you'll be escorted up
* **Bring your parking ticket with you** to get validated at the meetup.
**Who Should Attend**
* Application & security professionals
* Software engineers and developers
* IT leaders and managers
* Anyone with an interest in application security
**About OWASP**
The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation dedicated to improving the security of software. Local chapters provide opportunities to learn, network, and collaborate with others in the field.
Come be part of the restart - your voice will help shape what OWASP Saint Louis becomes next.
Time: 18:30-03:00 (America/Montevideo)
Description: **¡OWASP UY** te invita a su próximo Meetup, último evento antes del **OWASP AppSec Days Uruguay** (con aún lugar para sponsors y cerrando la lista de charlas y talleres preparando la publicación de la grilla)**:**
https://owasp-uruguay.github.io/
***Caminos en ciberseguridad,***
**Sebastián Passaro - OWASP UY**
Como sabrás, hay más en ciberseguridad que hackers, ¿pero qué más? En esta charla interactiva mostramos diversas carreras/puestos en ciberseguridad, divididas en los campos ofensivo, defensivo y de construcción. Vamos a charlar sobre los distintos roles, tareas y habilidades necesarias para cada uno.
No se trata de una charla formal, sino de un espacio para compartir. Si ya trabajas en el área, te invitamos a que compartas tu experiencia. Si estás empezando o simplemente tenés curiosidad, vení a escuchar y preguntar. Quién dice que no encuentres tu lugar…
***De la idea al producto: creando soluciones seguras para el mercado de ciberseguridad en EE. UU.***
**Marcos Martínez - CTO @LoopStudio**
Compartiremos cómo pasamos de ser una empresa generalista a ayudar a founders a transformar ideas en productos de ciberseguridad, hasta implementar un proceso completo de Secure Software Development.
Hablaremos de cómo llevar frameworks como NIST SSDF a la práctica, threat modeling, desarrollo seguro y el uso de herramientas como Snyk, SonarQube y CodeRabbit, mostrando ejemplos reales de proyectos en el mercado de EE. UU.
Sumate a escuchar nuestra experiencia y compartir tu visión.
**¿Cuándo?** Martes 30/9, 18:30.
**¿Dónde?** ISACA, Cerrito 420 oficina 505.
**¿Cómo participar?** Simplemente te registras al evento. Los cupos son limitados por capacidad del lugar. Si estás en lista de espera serás notificado cuando se liberen lugares.
**¡Te esperamos!**
October 01, 2025
Time: 08:00-07:00 (America/Los_Angeles)
Description: **Build Your Program. Grow Your Champions.**
Kick off Cybersecurity Awareness Month with a virtual conference built exclusively for the people—and programs—leading security from within.
Whether you're stepping into your role as a Security Champion or you're looking to upscale your champion program, this virtual summit equips you with the strategies, insights, and practical tools to confidently lead security within your team.
**Why Attend?**
Security Champions Summit is designed for developers, engineers, AppSec leads, and program owners who embed security into the way software gets built—team by team, sprint by sprint.
This is your opportunity to:
* **Level up your role as a Security Champion** or launch a new program from scratch
* **Learn directly from Champions and program leaders** who’ve built successful initiatives across industries
* **Get tactical insight** into what works, and what doesn’t, when driving secure development from within teams
* **Network with peers and leaders** who are shaping security culture in their organizations
* **Leave with a practical playbook** for championing security at every stage of your development lifecycle
October 02, 2025
Time: 19:30+01:00 (Europe/London)
Description: **Practical approach to building AI multi-agent systems: examples, pitfalls, and a cloud security use case.**
Join our Ilya Kudryavtsev for an engaging session where he'll walk us through common pitfalls in AI programming.
We’ll explore how multi-agent AI systems can collaborate using RAG over internal knowledge and other data sources. The talk will cover practical challenges, potential pitfalls, and key considerations around data privacy and security. As a example, we’ll look at how AI agents can be used to simulate a cloud security audit.
After the talk, enjoy the opportunity for insightful networking, accompanied by Thai food snacks prepared by resident chef Sonia of Bangkok Heightz restaurant and bar. This session aims to equip you with actionable ideas and a deeper understanding of multi-agent AI systems.
**Agenda;**
Greetings and updates - WTC
Short talk - Ilya
Professional networking over food and beer (food provided).
This talk will be hybrid. You may join online but we cannot guarantee the quality - in person would is preferred. The video may be recorded and posted online at a later date.
October 08, 2025
Time: 09:00-07:00 (America/Los_Angeles)
Description: OWASP LA has organized an exceptional offer for our Meetup membership to participate in the **2025 California Technology Summit** on **October 8th in Anaheim, CA**. Join us for a full day of professional development, technical insight, and networking with top minds in IT and cybersecurity.
[Register](https://technologysummit.net/register.html) now using code **CTS25OWASP** for your **complimentary** pass! Check the full schedule at [2025 California Technology Summit Agenda](https://technologysummit.net/register.html)
### Conference Highlights:
* **Opening Keynote**: Fred Donatucci, CTO – San Bernardino County
* **AI vs AI**: Exploring how artificial intelligence is being used to fight AI-driven cyber threats
* **CISO & CIO Forums**: Executive roundtable sessions for strategic leadership and resilience planning
* **Tech & Security Theaters**: Covering deepfake detection, wireless architecture, cyber insurance, observability, compliance, and more
* **Lunch Sessions**: Including presentations on cybersecurity tactics inspired by Sun Tzu, Layer 2 vulnerabilities, and the evolving threat landscape
* **Networking & Happy Hour** with live sponsor demos and discussions
* **Earn CPE Credits** while attending technical and executive sessions
* **Exhibit Hall** featuring over 30 leading technology sponsors
* **Sponsor Giveaways** including gift cards, tech swag, and security services
* **Grand Prize Drawing**: Attend the conference for your chance to **win the dream vacation you always wanted**, plus other exclusive giveaways!
And finally don't forget to stop by the **OWASP Los Angeles booth** and connect with our local chapter members.
Time: 12:00-07:00 (America/Los_Angeles)
Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation.
Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one.
Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack)
[email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)
Time: 15:30-04:00 (America/New_York)
Description: **Join us for the SAMM Monthly Community Call,** a regular space to hear what’s new with the project, share experiences, and talk about all things SAMM.
What to expect:
* Project updates and what’s coming next
* Occasional podcast-style chats with community guests
* Open discussion + Q&A: bring your thoughts, questions, or challenges
Whether you’re just starting with SAMM or are already involved, your voice matters. Everyone’s welcome!
October 09, 2025
Time: 17:00+02:00 (Europe/Copenhagen)
Description: **Want to learn about hacking LLMs?**
**Then you're in luck!**
We're so lucky to have **Kevin Joensen** from *Baldur Security* coming to tell us about the recent challenge he made where he invited our community to hack the LLM he created for the chance to win tickets for BSides Copenhagen.
He'll talk about the basics of hacking LLMs, how he made the BSides CTF, how to defeat it - and how you can (try) to hack the new LLM CTF he created just for us!
Here's the schedule and description he sent us:
**17:00**: Welcome
**17:10**: Talk about common vulnerabilities and misconfigurations seen in LLM/AI enabled systems.
**18:00**: Pizza!
**18:30**: LLM CTF
We’ll start with an in-depth talk on vulnerabilities in Large Language Models (LLMs) and AI-powered systems, exploring topics like prompt injection, data leakage, model manipulation, and real-world attack scenarios inspired by cases from Microsoft and others. Following the talk, you’ll get to apply what you’ve learned in a hands-on CTF with AI-focused challenges. These range from bypassing chatbot safeguards to exploiting misconfigured AI systems. This event is perfect for anyone looking to better understand, identify, and mitigate emerging AI security risks.
Time: 08:30+04:00 (Asia/Dubai)
Description: Join us for a high-impact event hosted by **OWASP Dubai Chapter, Docker, JFrog, and Codification**. Cybersecurity professionals and decision makers will explore how to embed security into every stage of the SDLC through **DevSecOps and Secure-by-Design practices**.
**Agenda:**
**OWASP Dubai Chapter - Ahmed Abdallah** – From SDLC to DevSecOps: Learn how automation, integration, and OWASP tools (DefectDojo, CycloneDX, Dependency Check, Dependency Track) streamline vulnerability management and risk tracking.
https://linkedin.com/in/ayossef
**Docker** \- Juan José Fernández – Securing the SDLC: Discover how hardened images and lessons from container security apply to emerging **AI agent vulnerabilities** and supply chain threats.
https://www.linkedin.com/in/juanjofernandez/
**Codification** \- Richard Smith – Applying OWASP in Practice: See how OWASP Top 10\, Dependency\-Check\, and SAMM can be embedded into CI/CD pipelines with Docker and JFrog\, enabling continuous assurance without slowing developers down\.
https://www.linkedin.com/in/richwsmith/
Gain actionable insights, learn from industry leaders, and network with peers driving **DevSecOps transformation**.
**Seats are limited — register today to secure your place!**
Time: 17:30-07:00 (America/Los_Angeles)
Description: **TOPIC:** API Security Hands-on Workshop
Join us for an action-packed hands-on workshop event led by **Dan Barahona**, Founder, **APIsec University**.
**ABSTRACT:** APIs are now the top target for attackers, who exploit logic flaws, authorization gaps, data exposure, and other hidden vulnerabilities. These threats often slip past traditional defenses such as WAFs, code scanners, and testing tools.
This API Security Workshop will feature:
* An exploration of why APIs are a prime target for attackers
* Case studies of real-world API breaches
* A guided review of the OWASP API Security Top 10
* Proven best practices for securing APIs
* An interactive, hands-on lab
In this lab, we’ll explore how to conduct comprehensive API testing from start to finish. Participants will gain hands-on experience in manual testing and learn how to accelerate their efforts through advanced automation tools. Together, we’ll tackle the key question: How can AI help us build safer applications while making our organizations more efficient?
What You’ll Need
* A device for taking notes or following along if you’d like too (laptop ideally)
* Software Used
* Firefox
* Burp Suite Community Edition
* APIsec - Downloaded from [apisec.ai](http://apisec.ai/) by signing up for a free account.
What We’ll Learn
1. How modern applications are leveraging APIs
2. How vulnerabilities are created within those APIs
3. How we can test for those vulns efficiently and comprehensively
**Thanks to our SPONSOR**: *[APIsec University](https://www.apisecuniversity.com/)*
*You can't stop what you can't see*
*Novel attacks can appear harmless without visibility into the grey areas of your application layer.Stop attacks in your applications and APIs from development to production.*
*Vendors interested in sponsoring please send an email to
[email protected]*
**CODE OF CONDUCT**
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)
Time: 11:00-04:00 (America/New_York)
Description: **Join the OWASP NYC Chapter for a NYC Hackfest with a Secure Code Showdown Tournament**
Date: Thursday - October 9th 2025
Where: AWS NYC Office - 7 W 34th St., New York, NY 10001 (near 5th Ave)
Time: 11:00 am to 4:00 pm
Lunch: Provided
Register Required:
https://tinyurl.com/OWASP-Hackfest-Tournament
Come and test your wonderful skill against others in a series of vulnerable code challenges that ask you to identify a problem, locate insecure code, and fix a vulnerability. You don’t need extensive programming knowledge, as this will be a great way to learn the foundations and intermediates of leveraging code that is not only functional but also secure. Players can choose to compete in their preferred software language, including Java Spring, C# MVC, C# WebForms, Go, Ruby on Rails, Python Django & Flask, Scala Play, Node.js, React, and both iOS and Android development languages.
Join industry experts and fellow cybersecurity enthusiasts to share knowledge and experiences in this ever-evolving field. Don't miss this opportunity to network, learn, and stay updated on the latest in application security.
Time: 18:00-04:00 (America/Toronto)
Description: **Welcome to our in-Person Meetup at the University of Ottawa**
In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 117
We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!
**YouTube Live Stream Link**: https://www.youtube.com/watch?v=ckC5TGGCE9w
**6:00 PM EST** Arrival, setup, mingle, PIZZA!!!
**6:30 PM EST** Technical Talks
1. Introduction to OWASP Ottawa, Public Announcements.
2. **"Secure Code Is Critical Infrastructure - Hacking Policy for the Public Good" with Tanya Janca**
**Abstract:**
***Secure Code Is Critical Infrastructure - Hacking Policy for the Public Good***
What happens when a security professional tries to help a government fix its insecure software? In this talk, I’ll share my story: from writing a secure coding policy and offering it to the Canadian government, lobbying elected officials, contacting agencies like CRA about their poor security practices—and being met with silence, deflection, or outright dismissal. I didn’t stop there. I wrote public letters, went on podcasts, published on Risky Biz, even got interviewed by CBC. But the institutions in charge of protecting our data? Either silence or “No comment, because security." This isn’t just a rant—it’s a roadmap. I’ll show you the secure coding guideline I created (free to reuse), explain why governments need public-facing AppSec policies, and outline how we can push for secure-by-default practices as citizens, hackers, and builders. Because secure code isn’t just for dev teams—it’s for democracy, privacy, and public safety. Let’s make it law. Let’s make it public.
**Speaker:**
**Tanya Janca,** aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding’ and 'Alice and Bob Learn Application Security’. She is currently the CEO and secure coding trainer at She Hacks Purple Consulting. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software.
Advisor: Smithy, Katilyst
Board Member: Forte Group
Founder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC
October 10, 2025
Time: 18:00-06:00 (America/Edmonton)
Description: Ready to test your secure coding chops?
[Checkout our promotional video for the upcoming Secure Coding Tournament 2025!](https://youtu.be/gefYXrQySDc)
Register for the platform in the link below
[Secure Coding Tournament - OWASP Edmonton](https://forms.office.com/pages/responsepage.aspx?id=nN3Ry-FltUypN_LSEfnjS-wndSb2oFRKmSBpP7AHiUdURDNLTUE3T0pXVFlBODZBNkIxUUVXSEJGVC4u&route=shorturl)
OWASP Edmonton is teaming up with **[Security Journey](https://www.securityjourney.com/)** and the **University of Alberta’s CHADS Club** (Cybersecurity, Hacking, and Digital Security) to bring you an engaging learning experience via hands-on **Secure Coding Workshop and Tournament** — and yes, there will be **prizes**!
Swag boxes for placing 1-3
Challenge coins for placing 4-10
Whether you're a student looking to flex your skills, a developer passionate about building secure apps, or a security pro who loves a good challenge, this event is for **you**.
What to Expect:
* A fun and competitive (Coding CTF) secure coding workshop/tournament powered by **Security Journey**
* Real-world secure coding scenarios across multiple languages and technologies
* Swag, and prizes for top performers
* Networking with Edmonton’s cybersecurity community
* A chance to hang out with fellow developers, hackers, and security enthusiasts
**All skill levels welcome** – come to learn, compete, or just connect!
This will be a hybrid event
University of Alberta - ETLC E1 - 003 - First Floor (Engineering Teaching and Learning Centre )
**Free to attend** – but spots may fill up fast, so RSVP early!
Time: 19:00+05:30 (Asia/Kolkata)
Description: https://unstop.com/o/j7E3ecI?lb=EReYUW1&utm_medium=Share&utm_source=parthpat6682&utm_campaign=Online_coding_challenge
Join us at OWASP Jaihind College of Engineering Kuran Chapter for an exciting workshop on Penetration Testing and Capture the Flag challenge. Following the success of our Chapter Inauguration and Cybersecurity Seminar, this event will dive deeper into practical aspects of cybersecurity with hands-on exercises. Our expert speakers will discuss the latest trends in cybersecurity, focusing on tools and techniques for securing Linux systems. Participants will have the opportunity to test their skills in a Capture the Flag competition, learning how to think like an attacker while improving their defensive strategies. Whether you're a beginner or an experienced professional, this workshop promises to enhance your knowledge and real-world cybersecurity abilities. Don't miss out on this opportunity to network with like-minded individuals and advance your career in the field of cybersecurity.
Register Here: [Hacker's Gambit :- An OWASP National Level CTF - 2025 | 1554173 // Unstop](https://unstop.com/hackathons/hackers-gambit-an-owasp-national-level-ctf-jaihind-college-of-engineering-kuran-narayangaon-maharashtra-1554173)
Time: 08:00-04:00 (America/New_York)
Description: The SAMM Core team is happy to host a community call during a more friendly time for users in EU and Asia. This is not a replacement of the regular community call.
We will share any project news and updates during the call.
We also encourage bringing your SAMM questions and we are happy to discuss them.
October 13, 2025
Time: 09:00-07:00 (America/Los_Angeles)
Description: **OWASP LA** has organized an exceptional offer for our meetup membership to participate in ***FIDO Alliance Authenticate 2025 Conference***, October 13 - 15, 2025 in Carlsbad, CA and **Virtual**. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals - Check out the full [Agenda ](https://authenticatecon.com/event/authenticate-2025/#agenda:~:text=No%20PDF%20selected.-,AGENDA,-This%20is%20the)and session details.
/\*\* THIS IS A PAID CONFERENCE \*\*/
\*\* **[Register Now](https://cvent.me/942o0y)** \*\* using code **OWASP15** to receive a **15% discount off registration!** Prices vary based on FIDO Alliance membership, in-person, and remote. **Single day options** are also available.
Hosted by FIDO Alliance, **Authenticate** is the **only** conference dedicated to all aspects of user authentication – with a focus on the FIDO standards-based approach.
**Now in its 6th year**, the **FIDO Alliance**-hosted Authenticate Conference has become renowned for its high-quality content and vibrant community of professionals committed to advancing passkeys and related technologies to create a more secure web.
The focus of the program for the Authenticate 2025 conference is “achieving usable security across the account lifecycle,” with a focus on deeper dives on how to achieve phishing-resistant authentication with passkeys and the adjacent areas necessary to achieve end-to-end account security with usability in mind.
2025 keynotes will be delivered by speakers with extensive experience bringing **#passwordless** experiences to workforces and consumers alike from organizations including Amazon, FIDO Alliance, Google, Microsoft, Sony and Yubico. The conference features content on four stages broken into 11 content tracks to suit attendees’ knowledge base, interests and phase of implementation, along with an interactive expo hall to discover solutions providers, and networking events to connect with peers and subject matter experts.
The agenda features content tracks that collectively build upon one another – covering topics such as FIDO fundamentals, business cases, and in-depth case studies. Attendees can expect to gain the latest insights and how-to information on FIDO authentication and passwordless deployments.
Whether you are new to FIDO, in the midst of deployment or somewhere in between, Authenticate 2025 will have the right content – and community – for you, so **don't wait** \*\* **[Register Now](https://cvent.me/942o0y)** \*\*
/\*\* THIS IS A PAID CONFERENCE \*\*/
And finally **don't forget** to visit us at the OWASP Los Angeles booth!
October 14, 2025
Time: 18:00-05:00 (America/Chicago)
Description: The era of AI-powered attackers is no longer theoretical. Autonomous and semi-autonomous tools are now capable of identifying, exploiting, and adapting to vulnerabilities at a scale and speed that surpass human capacity. This talk explores the implications of a world where AI-driven threats are a permanent part of the landscape.
We begin with a candid look at the current state of application security, where manual processes and outdated risk models struggle to keep pace with modern development. At the same time, AI-generated code is entering environments at an unprecedented rate, often with little to no review, expanding the attack surface in ways few organizations are prepared for.
Compounding the problem is a growing wave of global regulations pushing organizations to demonstrate security readiness, often without providing practical paths to achieve it. Within this context, the traditional approach of prioritizing and fixing only critical and high-severity issues is breaking down. Attackers, especially those leveraging AI, no longer view low or medium vulnerabilities as difficult hurdles. Most vulnerabilities should now be treated as easily exploitable.
This session offers a sharp, forward-looking assessment of the challenges ahead and outlines key shifts that application security teams must make to stay relevant and effective in the age of AI.
Jerry Hoff has decades of experience in technology and security, specializing in application security at an enterprise scale. He holds a Master’s in Computer Science from Washington University in St. Louis and has evaluated the security of applications for some of the largest financial, defense, and commercial organizations in the world.
October 15, 2025
Time: 12:00-04:00 (America/New_York)
Description: Coming soon!
October 16, 2025
Time: 18:00-04:00 (America/New_York)
Description: The most successful enterprises implement the most cutting-edge technology - especially if it is already embedded in every major web browser AND is free of charge! But with great power of WebRTC comes great responsibility! And great opportunities as well, both for business and for hackers. This October, we discuss:
\- Technical advantages of WebRTC
\- Security Highlights in 3D: client\-side\, server\-side\, and MITM perspectives
\- Security vs Performance: avoid the compromise and choose both\.
Many people think that security only blocks people from doing new cool things. Sam Lyhin believes this is not always the case, because security made right enables technology to be implemented faster. Join us at OWASP Columbus to get a safe intro into the world of modern telecommunication.
Time: 18:00-07:00 (America/Vancouver)
Description: Starting a career in Application Security, or looking to grow in the field? Join the OWASP Vancouver Chapter for an evening dedicated to exploring career paths in AppSec.
We’ll kick off with an introductory talk on the fundamentals of career growth in security, followed by interactive, topic-based discussion tables where you can ask questions, share experiences, and gain insights from professionals across the industry. Whether you’re a student taking your first steps into security, a developer interested in shifting into AppSec, or a seasoned professional looking to level up, this event offers a welcoming space to learn, connect, and grow.
Come network with peers, get practical advice, and discover how to take your journey from *Zero to Security Hero*.
Big thanks to EY for hosting this exciting event!
October 18, 2025
Time: 09:30+05:30 (Asia/Kolkata)
Description: OWASP AppSec Days Bangalore 2025
Event Date: October 18, 2025
Website: [https://bangalore.appsecdays.org/](https://bangalore.appsecdays.org/)
Submit your proposal today and be a part of the movement that’s shaping the future of secure development:
[https://sessionize.com/owasp-appsec-days-bangalore-2025-cfp-co4791/ ](https://sessionize.com/owasp-appsec-days-bangalore-2025-cfp-co4791/)
Registration Link - [https://www.eventbrite.com/e/owasp-appsec-days-bangalore-2025-tickets-1353371623959?aff=oddtdtcreator](https://www.eventbrite.com/e/owasp-appsec-days-bangalore-2025-tickets-1353371623959?aff=oddtdtcreator)
We are thrilled to announce the Call for Papers (CFP) for OWASP AppSec Days Bangalore 2025, one of India’s premier gatherings for application security professionals, developers, researchers, and thought leaders!
Whether you're building secure systems, breaking them to uncover their flaws, or creating a culture of security in your organization, this is your chance to share your knowledge and insights with a vibrant global audience.
What We’re Looking For:
Talks, demos, case studies, and workshops on application security, DevSecOps, cloud security, AI/ML security, SBOMs, mobile security, supply chain security, secure development, and everything in between. If it's advancing the mission of secure software, we want to hear it!
CFP Opens: 01 April 2025, 12:00 AM IST
CFP Closes: 31 July 2025, 11:59 PM IST
Location: Bangalore, India
Get ready for a day packed with cutting-edge insights, leading speakers, hands-on learning, and the unmatched energy of the OWASP community.
Let’s secure the future together.
October 20, 2025
Time: 18:30-04:00 (America/New_York)
Description: OWASP's technology specific top 10 lists have provided a ton of value, but it's time for a different approach to business logic abuse. The rise of APIs and complex business logic attacks requires a new taxonomy that isn't tied to a specific technology. In this talk we'll explore the newly published Business Logic Abuse Top 10 list, including the methodology behind it.
October 21, 2025
Time: 18:30-04:00 (America/New_York)
Description: In this talk, we’ll walk through how SOC 2 maps to modern application security programs. Attendees will learn how to implement key controls in ways that support both audit readiness and meaningful security outcomes. Whether you’re building a program from scratch or improving an existing one, this session offers practical guidance.
October 22, 2025
Time: 16:00-04:00 (America/New_York)
Description: **This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center. For security, RSVP by 2 days prior to the meeting is required.**
**Sponsored by [Security Journey](https://www.securityjourney.com/)**
Dive into a **hands-on**, competitive secure coding workshop tournament, working on real-world coding challenges across multiple languages and technologies. **Open to all skill levels**, the event offers **prizes**, swag, and a chance to connect with Cincinnati’s cybersecurity community including **developers, hackers, and security enthusiasts**. It’s free to attend and perfect for learning, competing, or just hanging out with like-minded peers.
Please RSVP on Meetup and *also* register [here](https://forms.office.com/r/pzrGmZvwn0).
**Approximate schedule:**
4:00 - Intro talk
4:15 - Tournament begins!
6:00 EOE (End of Event)
Time: 17:30-07:00 (America/Los_Angeles)
Description: **TOPIC:** Evolving Your AppSec Program in the Era of AI
Join us for great networking, dinner and drinks, and see a presentation by **Andrew Stiefel**, Product Marketing Manager at **Endor Labs**
**ABSTRACT:**
AI is already transforming how software is built—but for security teams, it’s mostly just making life harder. Developers are shipping AI-generated code at breakneck speed, while security teams struggle to keep up. The challenge isn’t just securing AI-generated code and systems—it’s evolving your AppSec program to keep pace with software development.We'll explore how security teams can evolve their programs across two key dimensions: securing AI-driven software development and using AI to enhance security workflows. You’ll learn:
* Strategies for managing risks from AI-generated code and autonomous agents
* How security teams can use AI to reduce work and improve security outcomes
* Where AI can enhance security—and where human expertise remains irreplaceable.
AI isn’t just a security challenge; it’s a chance to build a smarter, more efficient security program. Join us to learn how to make AI work for security, not against it.
**Thanks to our SPONSOR**: *[Endor Labs](https://www.endorlabs.com/)*
Built for Devs by Devs
Real-time scanning & AI semantic analysis lets you find more vulnerabilities, faster.
**CODE OF CONDUCT**
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)
Time: 17:00-05:00 (America/Chicago)
Description: AI coding assistants like Cursor, Copilot, and Windsurf significantly increase productivity and assist with mundane coding tasks. But while powerful, these tools carry risks: trained on vast public datasets, they inherit bad patterns without necessarily ensuring secure application development. In this talk, we'll share three actions you can take to improve code security:
* Start with secure prompts
* Implement security standards
* Get real-time security signal