OWASP Community Meetings

Description: **This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center. For security, RSVP by 2 days prior to the meeting is required.** **Sponsored by [Traceable](https://www.traceable.ai/)** Former "World’s Most Wanted" hacker and exploit developer known as Hackah Jak from the Hackweiser group, brings his unique expertise to the forefront of application security. With a career spanning software reverse engineering, zero-day development, hacking, cyberwarfare, and web application engineering. Jesse offers a rare and unique perspective. Jesse will challenge you to see the true value of application security beyond mere financial metrics. Drawing from his firsthand experiences combating scams and human trafficking, he will offer insights that inspire a deeper understanding of the real-world impact of vulnerabilities. Joining Jesse for this talk is his daughter, Reesë, a talented teenage girl. Accepted to collage at 13 years old, Reesë earned her Bachelor in Computer Science, with honors, at the age of 17, and then became the first student in Ohio to pursue a Master’s degree while in high school. Before graduating high school she completed 4 more Associate Degrees in various areas of technology. Her academic accomplishments are complemented by a remarkable professional journey, including internships at GE Core Tech and Kroger IT. Reese is the founder of a startup building a cutting-edge Cyber Threat Research and Training Platform, backed by an investment and bolstered by her innovative research, which has already led to her first patent filing. In addition she now services as the secretary for the IEEE SA P1947 Standards for Quantum Cybersecurity Framework group. Learn more about Jesse’s journey by listening to Modem Mischief Podcast, Hackweiser: [https://www.youtube.com/watch?v=iyKSkubzxKo](https://www.youtube.com/watch?v=iyKSkubzxKo) [https://podcasts.apple.com/us/podcast/hackweiser/id1585249019?i=1000651055244](https://podcasts.apple.com/us/podcast/hackweiser/id1585249019?i=1000651055244) [https://open.spotify.com/episode/04kQiWFkxhyWqOZwYYwsA0?si=1d52bb8b48e248ac](https://open.spotify.com/episode/04kQiWFkxhyWqOZwYYwsA0?si=1d52bb8b48e248ac) [https://music.amazon.com/podcasts/b458729d-02d0-42d3-b043-5fc1ba8a10db/episodes/84648a83-5e3b-47f5-a4f8-91a7cb596d30/modem-mischief-hackweiser](https://music.amazon.com/podcasts/b458729d-02d0-42d3-b043-5fc1ba8a10db/episodes/84648a83-5e3b-47f5-a4f8-91a7cb596d30/modem-mischief-hackweiser) **Approximate schedule:** 4:00 - Doors open. Come for networking and refreshments! 4:15 - Presentation begins. 5:15 - Networking and refreshments resume! 6:00 EOE (End of Event)

Description: In der Fuggerstadt wird IT-SECURITY groß geschrieben. Egal ob IT-Security-Interessent\*in, CISO, Hacker/Haeckse, Pentester\*in, Entwickler\*in, Netzi, Endanwender\*in oder whatever - alle sind willkommen. Eine OWASP-Mitgliedschaft ist (natürlich wünschenswert, aber) nicht notwendig! **Wir freuen uns auf neue Gesichter, Stammgäste und sporadische Teilnehmer\*innen :-)** **Agenda - tbd** \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~ Es werden noch Speaker\*innen gesucht!! \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~ **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst auch einen Talk halten? Super, wir sind immer auf der Suche nach interessanten Inhalten. Egal ob Vortrag, Diskussion, Idee, Lightning-Talk, etc. Wir dienen auch gerne als Probepublikum :-) Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben

Description: Join us on **Wed, Jan 22, 2025** at **5:30 PM** at **Blackhawk Network** for an evening of networking and learning. This in-person event is a great opportunity to connect with fellow professionals in the cybersecurity field. Don't miss out on the chance to engage with industry experts and expand your knowledge. See you there! This meetup is in collaboration with CSA-SF 5.30 PM :- Gates open 6 PM- 6.45 PM :- In a GenAI World, Only Identity Matters. 6.45PM-7.15 PM :- Significance of IAM in Application Security **Talk#1** In a GenAI World, Only Identity Matters. Speaker :- Caleb Sima **Talk#2 :** Significance of IAM in Application Security **Description:** The Significance of IAM in Application Security Explore how attack paths have evolved, highlighting common factors that contribute to identity-related risks.Understand the unique security challenges posed by evolving attacks, and discover new strategies to safeguard your workforce, IT administrators, developers, and machines.best practices to safeguard sensitive information. Speaker :- Rohan Singla CISO Chargepoint Mahantesh W , Staff Security Engineer, Chargepoint

Description: Reminder! Tonight, Monday, 1/20, at 7PM, we'll be hosting a virtual prep session for Wednesday's CTF. Talk to you all tonight here: [https://meet.google.com/ddn-zozh-ysv](https://meet.google.com/ddn-zozh-ysv) Boulder OWASP is back for 2025 and looking forward to welcoming everyone! We’ll be changing our format this month to a more hands-on approach to Application Security with a Capture the Flag event. Whether you’re an experienced Application Penetration Tester or brand new for the AppSec world, there will be something for everyone. OWASP Boulder’s own Mark Hoopes has found a truly insecure CRM application ready to be exploited. Entry level participants can explore a poorly designed authorization system and mid-level hackers will have plenty of opportunities to run SQL and JavaScript Injection attacks. For the experts, there is even a pathway to shell, but it will take some real dedication to get there. To ensure everyone has a good time, we'll be encouraging experienced participants to team up with those who are new to web exploitation. On top of that, a walkthrough document will be available and exploit demos will be given gradually throughout the evening. Bring your own laptop with an intercepting proxy (Burp, ZAP, etc.) installed to participate as an attacker, but if you’re not comfortable at that level, feel free to just bring yourself and plan to shadow, watch, and learn. Installation instructions can be found here: [https://www.meristeminfosec.com/resources/boulder-ctf](https://www.meristeminfosec.com/resources/boulder-ctf) To make sure everyone comes prepared, a Q&A session will be held on the Monday before the event at 7pm: [https://meet.google.com/ddn-zozh-ysv](https://meet.google.com/ddn-zozh-ysv) Special thanks to the Rule4 Team for hosting and sponsoring, we couldn't do these events without our sponsors. If you're interested in sponsoring the #1 AppSec organization and our Boulder Chapter meetings, please reach out to [email protected]. Please follow us on LinkedIn: https://www.linkedin.com/company/owasp-boulder And join our Slack: https://join.slack.com/t/boulder-owasp/shared_invite/zt-2qnxnmmts-IQDaobNC1rcUbpaH1ip8Lg **AGENDA** 6:00 - 6:30 Food, Drinks, Networking 6:30 - 7:30ish CTF Time 7:30 - 8:00 More Networking

Description: We'll have a coding game to play from Security Journey! Supported languages are: * Ruby * Python * Java * Javascript * C#

Description: Hi All, first Wasatch AppSec/ OWASP-SLC event of the year! We'll be meeting in person at the **HealthEquity** Office building in Draper for lunch. We'll discuss one of the great books on the topic of Application Security. Help us plan for food via RSVP. See you there! **Agenda**: 1. Introductions/Admin 2. Discussion Topic: Alice and Bob Learn Application Security, By: Tanya Janca -- Discussion Lead: [@Derek McGhie](https://wasatchappsec.slack.com/team/U05G9FYQ415) **Location:** HealthEquity [121 W Scenic Pointe Dr](https://www.google.com/maps/search/?api=1&query=40.479885%2C%20-111.89508) How to find us The building closest to the freeway. Come to the front desk and let them know you're attending the OWASP Meetup. They'll direct you to the conference room.

Description: **Format**: Hybrid (in-person and online) **In-person location**: 123 Edward St, Suite 205 (2nd Floor), Toronto, ON, Toronto, ON M5G 1E2 **Talk**: **Modern AppSec Requires a Modern Approach** As organizations increasingly adopt microservices and serverless architectures, understanding and securing their environments becomes more complex. AppSec teams navigating distributed environments often are dealing with disjointed efforts—developers rushing to patch but not knowing where to start, detection teams crafting exploit rules that could be passed, and threat hunters investigating past compromises—potentially leaving current critical vulnerabilities unaddressed. Teams need a way to connect the dots from when an application is launched to when it’s being attacked. Enter tracing. Tracing requests, enables organizations to quickly identify the source of an attack, mitigate its impact, and enforce necessary measures to prevent additional impact, and provide the needed context to patch. Incorporating tracing can remove the challenges found in distributed applications. In this session, you'll learn: * What application traces are and how to use them * How tracing can be used to investigate and detect attacks * Why tracing enhances application security efforts

Description: Main event at 6pm will be a 1/2 an hour to an hour talk by Ishan Brown. He is a rising star at in the cyber security world and will be talking about his experiencee getting his 1st CVE late last year. After the talk we will have general networking and discussions until 9pm.

Description: Ce meetup se deroulera chez **Renault Digital** que nous remercions chaleureusement de leur soutien. Pour des raisons de sécurité, une ***pièce d'identité*** vous sera demandée pour accéder à l'évènement. OWASP Paris est le meetup dédié à la sécurité applicative. Pour rappel, le meetup se veut non commercial. Il réunit toutes personnes désireuses de concevoir et maintenir des logiciels plus sûrs. Si vous êtes intéressé par le sujet, que vous soyez débutant ou expert, n'hésitez pas à nous rejoindre pour partager vos expériences ou vos problématiques. Ce meetup propose des sessions organisées en mode "forum ouvert". Les sujets sont proposés par les participants lors de la séance. Partages de connaissances, retour d'expériences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme! **Lightning Talks:** La soirée commence par de courtes présentations. Chacun peut s'il le veut proposer une présentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une démo ou un retour d'expérience, alors vous pouvez préparer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le présenter au début de la soirée. Si vous n'avez jamais fait de présentation avant, c'est l'occasion de commencer dans une ambiance sympa. **Workshop:** La soirée se poursuit avec des activités menées en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au début de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets préférés donnent lieu à des activités en groupes pendant un peu plus d'une heure. Des écrans seront disponibles Le format se veut bienveillant. Pas besoin d'être expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'échange et le partage. L'agenda et le compte-rendu des précédents meetups est accessible ici: https://owasp.org/www-chapter-france/

Description: "API Security Meetup" Session type : Online/zoom Time : 2 Hour 1\. Topic: "Unlock the Secrets of API Security: APIs Hacking Session You Can't Miss\!" Time: Jan 24, 2025 15:00 - 16:00 PM Jakarta Abstract : APIs are the backbone of modern applications, but are they secure? In this session, we’ll explore how hackers exploit API vulnerabilities and learn key techniques to safeguard them. Whether you're a developer, tester, or security enthusiast, this session will give you practical insights into API hacking and protection strategies. notes : Deliver in English Connect with Speaker: Fadi Al-Aswadi With over 15 years of experience in penetration testing and ethical hacking, I specialize in securing web, mobile, and API applications. Since 2009, I have been providing advanced cybersecurity solutions to clients across various industries. I am also the co-founder of PT Dynamic Solutions Group Indonesia, where we deliver innovative IT governance and cybersecurity services, helping organizations strengthen their digital defenses and achieve operational excellence. 2\. Strengthening API Security: Exploring Vulnerabilities\, Risks\, and Best Practices Time: Jan 24, 2025 16:00 - 17:00 PM Jakarta Abstract: APIs are essential to modern software, but they also introduce security risks if not properly protected. This seminar will discuss the API Security Scanner, a research project designed to identify and fix vulnerabilities in APIs. It will also cover the OWASP Top 10 API Security Risks, highlighting common issues like broken authentication and excessive data exposure. Lastly, participants will learn Secure Coding Best Practices to create safer APIs, such as proper input validation and strong authentication. This session aims to help developers and security teams build secure APIs and protect their applications from threats. Connect with Speaker: Dr. Semi Yulianto, S.E, M. Kom, CISSP, CSSLP, CISA, CISM, SecurityX Short Bio: https://drive.google.com/file/d/135b2REZ3QpRen1bUzzoTIhrFeJlZNV7h/view?usp=sharing Linkedin : https://www.linkedin.com/in/semiyulianto Join Zoom Meeting https://us06web.zoom.us/j/81911856693?pwd=Zzs0enbXCep9gQLSKbve7yxb9Qynz3.1 Meeting ID: 819 1185 6693 Passcode: 686805

Description: **Welcome to our OWASP Tampa 2025-Jan Lunch and Learn!** We invite you to join us and members of our local Tampa Bay community to hear from industry experts in cybersecurity. This lunch and learn will bring topics that influence discussion among your peers and provide a venue to meet others that share your passions. **Agenda**: \- 11:00am \- Registration and Lunch \- 12:00pm \- Speaker \- Eaton Zveare \- API Security Blunders: Tales from the Cyber Trenches \- 1:00pm \- Depart **Speaker**: Eaton is a security researcher at Traceable. As a member of Traceable's ASPEN Labs team, he has contributed to the security of some of the world's largest organizations by finding and responsibly disclosing many critical vulnerabilities. He is best known for his high-profile security disclosures in the automotive space. **Abstract**: **API Security Blunders: Tales from the Cyber Trenches** Dive into API Security by dissecting real-world API vulnerabilities that have caused security breaches. We'll guide you through the process of hunting for such vulnerabilities, and provide insights to effectively defend against such attacks. **Location**: GuidePoint Security 3030 N Rocky Point Dr W, STE 600 Tampa, FL 33607 **Sponsors**: Traceable - [https://www.traceable.ai/](https://www.traceable.ai/)

Description: | Name | Speaker | Start Time | End Time | Resources | | ---- | ------- | ---------- | -------- | --------- | | **Welcome Note / Registrations** | 09:30 AM | 09:40 AM | | | Threat Modeling 101 | **Vaibhav vishal singh** | 09:40 AM | 10:10 AM | | | **Intro** | 10:10 AM | 10:20 AM | | | Hunting Dumb Cybercriminals | koushik pal | 10:20 AM | 10:50 AM | | | **Networking Session + Break** | 10:50 AM | 11:20 AM | | | ATP Methodologies | Sanskar Kashyap | 11:20 AM | 11:50 AM | | | 51% attack on blockchain | Darshana M Chigari | 11:50 AM | 12:20 PM | | | **Feedback + Next Month's Planning** | 12:20 PM | 12:35 PM | |

Description: No dia 25 de janeiro, a **OWASP Belém** que é um dos capítulos brasileiros entre os mais de 200 capítulos ativos em todo o mundo. Realizara o primeiro meetup em conjunto com Açai com Dados , onde o tema será Dados e Inteligência Artificial, onde exploraremos insights, desafios e inovações no mundo da tecnologia. Será uma oportunidade incrível para conhecer os desafios e oportunidades no uso de dados no universo da IA, com muita troca de conhecimento, conexões e networking. Nosso objetivo é disseminar a missão da OWASP, tornando a segurança das aplicações visível, para que as pessoas e organizações possam tomar decisões conscientes sobre os verdadeiros riscos de segurança das aplicações. **Data:** 25/01/2025 * **Horário:** 8h30m. * **Local:** Estácio FAP * **Endereço**: R. Municipalidade, 839, Belém, PA. Confira a programação: **08h30m:** Abertura **09h00:** Apresentação OWASP **09h15 - 09h45:** Em breve. **10h - 10h45:** Em breve\*\*.\*\* **10h45 - 11h00:** Intervalo / Networking **11h15 - 11h45:** Em breve.

Description: Encuentro inicial para arrancar el 2025 Networking, beber, comer, planear lo que viene para el grupo este 2025 y hablar de Hacking. Incluye Carne + Papas + 2 Cervezas Charla de **Juan Wilches** (Pwn de un dummy para dummies) Para confirmar su asistencia es necesario consignar el valor de 40.000: Nequi 3057067139 Conserve el pantallazo de su transferencia

Description: This OWASP Aarhus meetup is co-hosted with Norlys. Agenda: **19:00 – 19:10** Welcome by Norlys and OWASP Aarhus **19:10 – 20:00** ”Hybridwar, critical infrastructure and resilience…” by Ken Bonefeld Nielsen Get an insight into how vulnerable modern societies are when it comes to hybrid warfare. What can we do to make critical infrastructure more resilient… Ken Bonefeld Nielsen – Senior Cyber Security and Resilience Advisor at Norlys shares his many years of experience from the military and international work for organizations like Sony, Tele2, Lundbeck and Norlys **20:00 – 20:30** Networking break **20:30 – 21:25** "The Journey of Cyber Entrepreneurship, Community Building, and Open Source Opportunities" by Bjarke Petersen Discover how true innovation emerges in entrepreneurial environments, the challenges it faces, and what it takes to succeed. Explore the vision behind Cybersikker.dk, a community designed to become Denmark's leading self-help hub for IT security. The session concludes with a collaborative exploration of impactful and affordable technological solutions, emphasizing the transformative potential of open-source tools. Bjarke Petersen – Serial Cyber Entrepreneur and Community Enthusiast with experience in creating businesses. Now dedicated to building a free, self-help Cyber Community to support Danish SMEs in navigating and resolving their IT security challenges.

Description: 30 minutes of meet-and-greet and Chapter information, then the Presentation! Join us for the OWASP Austin Cryptoparty and discover practical ways to protect your privacy and enhance your digital security in a fun, interactive setting! Whether you're a tech enthusiast, a professional, or just starting your journey in cybersecurity, this event offers something for everyone. Gain hands-on experience with tools and techniques, hear from engaging speakers, and connect with a community passionate about building a safer online world. Don’t miss this opportunity to level up your security know-how—mark your calendar and **bring a friend**! Featuring: * James Wickett * Mark Spears * Rafal Los * Josh Sokol If you would like to attend in person, please pull a ticket for a free lunch at Emerson/NI location in Austin -- [https://owasp-austin-2025-january.eventbrite.com](https://owasp-austin-2025-january.eventbrite.com)

Description: Dear Friends - New year, new OWASP Philly? Well yes, but don’t worry - a lot of things will stay the same (and be better!). 2024 was foundational for us, and affirmed how great of a community we have, which we love to be a part of. So please join us in this first meeting of 2025, as we chart our course for new horizons and evaluate our place and role in the community. This meeting will be our first social, along with a \~30min discussion of OWASP projects and structure, with lots of opportunity for input and feedback. We’ll also have an intro for some of our new leadership members, discuss the great benefits of OWASP and membership, and look at the volunteer roles and opportunities we have coming up. And if nothing else, come warm your bones and talk security-shop with some old friends and new! Lite refreshments with heavy good times will be provided at the place we meet - upstairs at the Black Sheep - 730PM. See you there! Higgs

Description: Marcos Tulio e Anderson Peixoto irão apresentar uma análise detalhada do OWASP Top 10 Mobile, explorando os principais riscos associados a aplicações móveis. Durante a exposição, farão uma abordagem mais aprofundada em tópicos específicos, destacando os cenários mais críticos. Ao final, realizarão uma demonstração prática de análise de segurança em aplicações móveis, ilustrando como atacantes exploram vulnerabilidades para obter privilégios na aplicação e até mesmo no sistema operacional. Por fim, compartilharão as melhores práticas e recomendações para mitigar as vulnerabilidades identificadas, promovendo a segurança no desenvolvimento de aplicativos móveis.

Description: **/\*\* Updated Meeting Date \*\*/** **TOPIC**: TBA Join us for great networking, dinner and drinks, and see a presentation by **ABSTRACT**: TBA **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]* **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: [https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy) **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]*

Description: **NOTE: The following will be in effect and mandatory for this meeting venue.** * **RSVPs will close at 11:59 PM PT on Monday, January 27th, so kindly submit your RSVP by then. Walk-ins will not be permitted.** * **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.** * If your first and last name do not appear in our admin view, we will contact you. * Alternatively, feel free to reach out directly or email us at [email protected] to provide that information or any questions you may have regarding the event. **Parking** Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage. **Live Stream** Stream us live on Twitch: http://twitch.tv/owaspoc *Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.* **The State of Secure Coding: Talk + Hands-On Tournament** In this talk, we will explore the current state of secure coding, focusing on common vulnerabilities and pitfalls developers face today. Drawing from the OWASP Top 10, the session highlights real-world examples of flawed code and their potential risks. Attendees will gain practical insights into better coding standards and participate in a hands-on workshop to learn how to identify and fix these issues effectively. By the end, participants will be equipped with actionable techniques to create more secure and resilient applications. **Thanks to our Sponsor Cycode!** Cycode enables companies to deliver software fast without compromising on security. Cycode delivers a complete Application Security Posture Management (ASPM) platform that can replace existing testing tools or integrate with them while providing visibility, prioritization, and remediation of vulnerabilities at scale. Check them out at: https://cycode.com

Description: Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).

Description: Join us for the OWASP Bhopal Chapter Meetup to explore the latest trends in Cybersecurity. Our event will focus on topics such as Computer Security, Application Security, Penetration Testing, and Web Application Security. Dive deep into discussions on Software Security and Web Technology, while staying updated on Information Security best practices. This meetup will also include interactive sessions on Capture the Flag challenges and Machine Learning applications in cybersecurity. Whether you are a seasoned professional or a newbie in the field, this event is a great opportunity to network with fellow enthusiasts and learn from industry experts. Don't miss out on this chance to enhance your knowledge and skills in the ever-evolving realm of cybersecurity.

Description: This is an In-Person OWASP Orlando Chapter Meeting Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **TBD** Topic: TBD Speaker 2: **TBD** Topic: TBD

Description: Well, the Master himself is in town, so what do we do? Organize a hacker day! :) We are delighted to announce a workshop on Web Security Code Review, led by none other than **Louis Nyffenegger, Founder and CEO of Pentester Lab—yes, our favorite hacker playground!.** Traveling all the way from Australia, this is a fantastic opportunity to learn from the master himself. Thank you very much Semgrep for hosting the event. This meetup is in collaboration with [pacific hackers group](https://www.pacifichackers.org/) 5 PM : Doors open 5 PM -6 PM Networking 6-8 PM : Workshop Details Below: **\# Title:** Web Security Code Review Workshop **\# Abstract:** Learn how to identify vulnerabilities through effective manual security code reviews. In this workshop, we’ll analyze real-world code examples, uncover common flaws like injections and authentication issues, and explore how to leverage built-in security features. You’ll gain practical skills to complement automated tools and confidently tackle security challenges in real codebases. Ideal for developers, AppSec engineers, and code reviewers, this session focuses on practical techniques and real-world impact. \# Speaker short bio Louis Nyffenegger is a seasoned security engineer and the founder of PentesterLab, a platform dedicated to teaching web penetration testing and security code review. With over a decade of experience in cybersecurity, Louis has focused on penetration testing, architecture analysis, and code reviews.

Description: **AI Security & Insights into OWASP Top 10 LLM** As artificial intelligence systems become increasingly integrated into our daily lives, the importance of securing these systems grows exponentially. This keynote introduces the core principles of AI security, highlighting the unique challenges and risks posed by large language models (LLMs). Explore the recently introduced OWASP Top 10 for LLMs—a comprehensive framework that identifies the most critical vulnerabilities and provides actionable guidance for securing AI applications. We'll finish with an oversight of all the initiatives at the OWASP Top 10 LLM community. **Agenda (Subject to Change):** * **6:00 PM**: Arrival * **6:30 PM - 7:30 PM**: Presentation * **7:30 PM - approximately 9:00 PM**: Barbecue, drinks, discussion, and networking

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)

Description: See [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter. 18:00 - 18:15 - **Reception of attendees** 18:15 - 19:00 - **Pizza** 19:00 - 19:15 - **Welcome and OWASP updates** 19:15 - 20:00 - **The AI Who Shagged Me!** by **Ali Abdollahi** 20.00 - 20:15 - **Break with drinks** 20:15 - 21:00 - **Behind the Breach: Understanding and Preventing Web Vulnerabilities** by **Mitchel Koster** **The AI Who Shagged Me!** *Abstract:* In today’s ever-changing world of cybersecurity, bringing AI into red teaming exercises is an exciting way to boost how we assess our organizational defenses. This approach fits well with frameworks like TIBER, which focus on creating realistic simulations of cyber threats. It’s all about making our defenses stronger and more effective! AI algorithms effectively analyze large datasets to identify emerging threats and tactics, aiding in realistic attack simulations. AI-driven tools help replicate complex attacks, providing red teams with thorough assessments of security measures. Using AI-generated anomalies enhances detection capabilities and strengthens incident response plans. However, the integration of AI into red teaming is not without challenges. This discussion aims to provide a nuanced overview of the application of AI in red teaming exercises, examining its potential benefits and limitations within established frameworks like TIBER. By critically evaluating this integration, we can better understand how to harness AI’s capabilities to strengthen cybersecurity offense and defense. *Bio:* Ali is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events. **Behind the Breach: Understanding and Preventing Web Vulnerabilities** *Abstract:* “Behind the Breach: Understanding and Preventing Web Vulnerabilities delves into the transformation of modern web applications and architecture, showcasing how advancements in frameworks and browser technologies have revolutionized security. Yet, even with these innovations, attackers persist in uncovering and exploiting vulnerabilities. Drawing from real-world case studies across industries—from agile startups to global enterprises—this presentation not only demonstrates how a deeper understanding of security can thwart these threats, but also highlights how effectively conveying the potential impact of vulnerabilities is key to prioritizing security efforts.” *Bio:* Mitchel Koster is the Chief Security Researcher at Breachlock, where he leads the development of new security products and conducts research and engagements for high-profile clients. His work includes Red and Purple Team exercises and addressing custom security requirements across diverse sectors, including Aviation and Healthcare. With a background in computer science, embedded systems, and programming, Mitchel bridges the gap between modern software development practices and robust security measures. For parking, there’s a (paid) parking space less than 5 minutes away at the Q-Park Hermitage. ([ https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88](https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88) ) Also a 5 minute walk is the Zaandam station. ([ https://maps.app.goo.gl/3emKrp4ygx41SoN67](https://maps.app.goo.gl/3emKrp4ygx41SoN67) )

Description: The SAMM Core team is happy to host a community call on 10th January @ 14.00 CET. This is not a replacement of the regular community call, but an extra one we’ve scheduled during a more friendly time for users in EU and Asia. Bring your SAMM questions and we’ll discuss them! We'll also share project updates.

Description: Introduction to OWASP projects. New Members drive.

Description: Introduction to OWASP projects. New Members drive.

Description: Join us on Tuesday, February 18th at Market Avenue Wine Bar for a hands-on lab demonstration with Contrast Security. The presentation will go over features and limitations of Contrasts RAST tool. This session is designed for everyone, whether you decide to participate or not. Contrast is an Application Security solution used by companies like AARP, InfoSys, Citizens Bank, Snap Finance, and more.

Description: We're back with our first event of 2025! We’ll be doing our usual two talks and pizza format. Location: Opencast Software, Unit 2, The Kiln, Hoults Yard, Newcastle‑upon‑Tyne NE6 1AB. There is free onsite registered parking. To register, attendees must enter their details into an iPad upon entering the Opencast office otherwise a parking fine may be issued. Neither OWASP Newcastle or Opencast can assist with or be responsible for parking issues, you do so at your own risk. Rough schedule: 1800 - 1815 Arrival and networking 1815 - 1830 OWASP Newcastle Welcome 1830 - 1915 Talk one 1915 - 2000 Pizza and networking 2000 - 2045 Talk two 2045 - onwards Pub? Talk overviews: Talk one **Title:** Harassed by Hamas: Israel’s Cyberwar **Speaker:** Andy Pannell **Speaker Bio:** Andy Pannell is an accomplished application security lead with a keen focus on safeguarding product and cloud security for a prominent mobile ride-hailing company. His expertise lies in identifying vulnerabilities, implementing robust security measures, and ensuring the integrity of critical systems. Outside the digital realm, Andy indulges in a passion that balances the binary code: endurance racing. Andy spends hours at racetracks, appreciating the symphony of precision engineering and adrenaline-fueled competition. **Talk Synopsis:** This presentation examines (in my opinion) one of the most recently overused phrases in the media “cyber war”, and what it actually means in reality for us cyber security practitioners. We will start by examining warfare, and review previous nation states attacks that have crossed the boundary into offensive cyber operations. We will then focus on October 2023 and the tactics deployed by both Hamas and the IDF during the war, from a cyber perspective. To do this we will discuss reverse engineering malware samples, API security and DDoS attacks in detail. Lastly we will conclude by looking at what the future of cyber warfare looks like, and what we can do to best protect ourselves / our organisations in such events. Talk two **Title:** Scaling Security Through Collaboration: The Role of Security Champions in Modern Organisations. **Speaker:** Kimberley Graham **Speaker Bio:** Kimberley is the Manager of People-Centered Security at Sage, headquartered in Newcastle. She is responsible for promoting and championing security within Sage. **Talk Synopsis:** TBC There is a capacity limit on the venue so ticket numbers for the event have been restricted so please cancel your ticket if you are unable to attend. **Live Stream Info:** We're hoping to be able to live stream the event on our [playeur channel](https://playeur.com/c/OWASPNewcastle/)

Description: Join us at the OWASP Switzerland Community Meetup to kick off the year 2025! This meetup will feature two exciting talks on application security. It’s a fantastic opportunity to network with like-minded professionals, exchange ideas, and expand your knowledge in a friendly and collaborative environment. **Program:** **17:10** - **Doors open**: Grab a drink, meet old and new friends from the OWASP Switzerland community **17:35** - **Uninstallable by Design**: The Role of Pre-installed Apps in Android’s Security Landscape - (Thomas Sutter, PhD Student @ University of Bern) **18:30** - **Coffee Break** **18:45** - **Continuous Security with DevSecOps**: How Platform Engineering Transforms Modern Application Security​ - (Romano Roth, Chief of DevOps / Partner @ Zühlke) **19:40 - 20:10 - Drinks, Fingerfood and Networking:** Grab a bite and chat with old and new friends **Talk details:** * **Uninstallable by Design - by Thomas Sutter**: The competitive smartphone market is keen to prevent its intellectual property from being analysed by competitors and the public. As a result, most smartphones are locked when distributed, and anti-reversing techniques are widely used. Consequently, millions of users use smartphones daily without a clear understanding of the software’s functionality and purpose. To lower the bar for security researcher to analyze Android firmware, we developed a novel framework, called FirmwareDroid. In this talk, we discuss the challenges to automate the process of analyzing Android firmware and showcase how we use FirmwareDroid to analyse pre-installed Android apps in academia. * **Continuous Security with DevSecOps - by Romano Roth:** Security must be seamlessly integrated into every stage of the software development lifecycle. This talk explores how combining DevSecOps principles with Platform Engineering empowers teams through automation, standardized environments, and reduced complexity. Learn how these approaches transform application security into a proactive, scalable, and collaborative enabler for delivering secure, high-quality software at speed.