OWASP Community Meetings


Quick List (Details below)


October 30, 2024


Event: Cultivating Cybersecurity: Building and Sustaining a Security Champions Program

Group: Cincinnati

Time: 16:00-04:00 (America/New_York)

Description: **This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center. For security, RSVP by 2 days prior to the meeting is required.** **Sponsored by [Traceable](https://www.traceable.ai/)** In an era where cyber threats are rapidly evolving and increasingly targeting application vulnerabilities, organizations face significant challenges in maintaining robust security practices. Traditional security models often lead to bottlenecks, stifling the agility needed in today's fast-paced development environments. This talk introduces the **Security Champions program**—a strategic initiative that empowers development teams to take ownership of security responsibilities, fostering a culture of proactive security throughout the software development lifecycle. We will explore the essential components of a successful Security Champions program, including its definition, the critical role of Security Champions within development teams, and the importance of cultivating a supportive culture grounded in principles of a "just culture." Attendees will learn practical strategies for building, maintaining, and scaling their own Security Champions programs, ensuring that security becomes an integral part of their organizational fabric. Join us to discover how implementing a Security Champions program not only enhances security posture but also drives collaboration and innovation, ultimately safeguarding your organization against emerging threats. **Approximate schedule:** 4:00 - Doors open. Come for networking and refreshments! 4:15 - Presentation begins. 5:15 - Networking and refreshments resume! 6:00 EOE (End of Event)


Event: Chapter Croatia Physical Meetup (Varaždin)

Group: Croatia

Time: 18:30+01:00 (Europe/Belgrade)

Description: Hello everyone, it’s time for our OWASP Croatia meetup. This time, we will meet in person in Varaždin Croatia for some coffee and short informal talks. On the last meetup we talked about making a larger meetup with a few conference-length talks, but this is planned for some future time in Zagreb. **Location:** Inside of Park Boutique Hotel in Varaždin. Wednesday, 30.10.2024 @ 18:30. (Our table is all the way in the back, near the bar) **We have a few topics for this meetup:** 1\. Vitomir Margetic will talk more about the OWASP SCVS \(Software Component Verification Standard\) \- https://scvs\.owasp\.org/ 2\. Neven will talk about the joy of solving access control puzzles\. 3\. What's new in OWASP projects space\. New updates and things to check out\. 4\. We will discuss future activities for Chapter Croatia \(Talks\, Workshops\, Projects\) **Please RSVP to the event because we will have space reserved in the inside terrace and we need to let the venue know the number of chairs needed in the morning. If you are not coming, please remove the RSVP so we can plan accordingly. We need to tell the venue how many chairs / tables to prepare in the morning, so please make sure to keep your RSVP status correct.**


Event: OWASP Melbourn October 2024 Meetup

Group: Melbourne

Time: 18:00+11:00 (Australia/Melbourne)

Description: G'day all, It was great to see new faces last month. Thank you to those that attended. In our last meetup, attendees voted for [YOI Indonesian Fusion](https://yoirestaurant.com.au/) as our location for next month. On 30th October 2024 6PM, there we shall meet. *There's NO BOOKING. If you're the first to arrive, please grab a table for the group and post a picture of the table's location in the comments of this meetup event. We'll use it to locate each other. (If you don't see a post, you're lucky first. Please grab us a table and post a pic. )* **Please remember to update your RSVP if you can no longer attend.** Even if it's just 30 minutes prior. It'll help whomever that arrives first know how big a table to get. We're looking forward to the discussions we had once again. See you there. More details on the format, and what to expect below: **The Practitioner's Roundtable** It's a monthly meetup, for AppSec/ProdSec practitioners to participate discussing AppSec/ProdSec topics and share knowledge. There's no speakers, or sponsors; just a facilitator, with the expectation that you'll join the conversations. Broadly, the idea is that you're swinging by after work, for a regular catch-up with our peers over dinner (with F&B at your own cost) with a known format. \-\-\- **So, what's happening?** The format: 1. At 6pm all attendees arrive, and order (and pay for) their own meals - we'll do the rest while waiting for the meals to arrive and as we eat. 2. All attendees write down on a card 1-2 AppSec/ProdSec related topics they'd like to discuss. 3. We'll all each cast 3 votes on the cards we'd like to discuss. 4. We'll sort the cards, and discuss the topics with the top 3-4 highest votes. Starting with the topic with the highest votes. 5. After 5(?) minutes, we all decide if we'd like to continue or move on to the next topic. 6. If we continue, after 15(?) minutes, we all move on to the next topic of discussion. 7. At 7pm, we wrap up and officially end. Before everyone leaves, we vote on the next restaurant that we'll meet at. This is[ inspired by Lean Coffee](https://agilecoffee.com/leancoffee/), and intended for participants to be collaborators in the conversation focused on AppSec & ProdSec topics. You are expected to participate in the AppSec/ProdSec conversations constructively if you attend. This isn't the right place for BizDev focused conversations. For the location selection, here are the considerations we work with: 1. It must be within 1 "city block" of the Melbourne Free Tram Zone. 2. The typical price for a whole meal (without alcohol) should be under $50 per person. 3. It must allow individual orders - you'd be ordering and paying for your own meal. 4. It will need to have seating space for the group to say, just walk-in to the restaurant ( this may change if it grows beyond 10 regular attendees ). 5. It must be quiet enough for us to have meaningful conversations. 6. It must not be a restaurant we've been to in the past 6 months. (Just to keep things fresh ) Also, although we use the word “restaurant” this is used broadly to mean food establishment - if we’re all keen on hitting up a decent kebab place, that works. As a courtesy to the venue, there's an expectation that you'd order something there.


Event: OWASP Toronto | Inference Servers: new technology, same old security flaws.

Group: Toronto

Time: 18:30-04:00 (America/Toronto)

Description: \*\* The event is hosted at 111 Peter St Suite 804, Toronto, ON M5V 2H1 \*\* **TALK** **\-\-\-\-\-\-\-\-\-\-\-** **Inference Servers: new technology, same old security flaws.** **Summary:** AI and LLM based applications are taking the industry by storm. While a lot time is spent on evaluating prompt injection, there is an entire ecosystem of applications that allow models to be run and used. These applications have their own important security considerations that you may not be aware of. Inference Servers are used to host machine learning models and expose APIs that allow other components to perform inference on those models. These servers often expose additional APIs that allow users to load new models. Often, this can be abused to perform remote code execution. While this technology is new, the baseline security configurations for many of these products are a relic from the past. In this talk we’ll learn about what an inference server is, how they work, and how you can achieve remote code execution in them. This talk is mainly focused on the practical security risks involved in this ecosystem. Finally, I will share details about a couple of CVEs related to TorchServe **Presenters:** Pratik Amin has been an Application Security practitioner for over 15 years. He currently works as a Principal Security Consultant at Kroll (previously Security Compass Advisory). In this role, he spends most of his time performing AppSec pentests and digging into interesting technology.


Event: OWASP Warwick Chapter

Group: Warwick

Time: 18:30Z (Europe/London)

Description: OWASP Warwick is back for the 2nd event this year. Please come and join us for some good talks and free food !!! #### TALKS #1: **Breaking and Defending LLMs: security of state-of-the-art AI systems** \- Lukasz Bartoszcze \(University of Warwick\, Cyber Security Research Group\) #2: **Come to me** \- Neil Lines \(NCC\)


Event: OWASP Yerevan October meetup - Jey Hett, Tigran Abgaryan, Samvel Martirosyan

Group: Yerevan

Time: 19:00+04:00 (Asia/Yerevan)

Description: OWASP Yerevan October meetup agenda: 1. Linux boot process from start button to Graphics - Jey Hett, Cifora 2. Digital Ruble - Tigran Abgaryan, T-Bank (ex-Tinkoff) 3. Why even dumb phishing still perfectly works - Samvel Martirosyan Location: American University of Armenia Room number 314W in Paramaz Avedisian building (PAB, second/new building).



October 31, 2024


Event: OWASP London Chapter Halloween Meetup [IN-PERSON]

Group: London

Time: 18:00Z (Europe/London)

Description: **This event is kindly hosted by Civo Tech Junction and sponsored by Apiiro. There is limited seating available for in-person attendees. Registration required.** **This event will be live-streamed on YouTube.** **Recordings will be available on the OWASP London YouTube channel.** **Venue Location**: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW **Nearest Tube:** Old Street (Northern Line), Cowper Street exit - 1 min walk **Doors Open at 6pm** for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!). **TALKS:** **OWASP Introduction, Welcome and News** \- Sam Stepanyan\, Andra Lezza\, Sherif Mansour \- OWASP London Chapter Leaders **"AI and AppSec: Are We Finally on the Verge of the Big Breakthrough?"** - **Petra Vukmirović** In cybersecurity, AI has made significant advances, especially in threat detection, risk quantification, and remediation automation. However, in Application Security (AppSec), it hasn’t fully reached its potential—yet. This talk will explore why the next big breakthrough in AI is poised to revolutionize threat modeling and security reviews, areas traditionally plagued by manual processes, high complexity, and slow adoption in fast-moving development environments. We are at the tipping point where AI can understand code deeply enough to automate threat modeling, shifting it left and removing bottlenecks in the security review process. By using AI to derive data flows, identify threats and controls, and continuously update threat models, we can potentially integrate security into the development lifecycle more effectively. Join this session to discuss and discover how AI could potentially take threat modeling as code (and from code!) to the next level. "**Proactive Risk Detection at the Design Stage" - Ella Bor** Security risks can be costly when discovered late in development, and the “shift left” movement seeks to address this. This talk explores strategies for identifying potential risks during the design phase, even before coding begins. By analyzing ticketing systems with AI, development teams can identify potential risks such as insecure data handling or problematic third party integrations early on—without slowing development velocity. The discussion will highlight methods to uncover design-phase risks while using AI to propose security review questions and automatically generate threat stories on a large scale. This approach not only simplifies the design review process but also helps prevent the creation of insecure code. **Guest Talk: "Strengthening AppSec Efforts" - Jon McCoy** **RAFFLE - win a prize kindly donated by our sponsors!** **SPEAKERS:** **Petra Vukmirović (**[@PetraVuk1311](http://twitter.com/PetraVuk1311)) Technology enthusiast, leader, public speaker, believer in radical candor, ex-emergency medicine doctor, competitive athlete (volleyball) and ex-sports scholar. Petra started her cyber security career as a security engineer, climbed up the ladder to Director of Cyber Security. Love creating order out of chaos, learning and overcoming any challenges that come along my way. Always leveraging innovation and looking to implement improvements in processes and systems. **Ella Bor** Ella Bor is an experienced data scientist, honed her skills across diverse industry domains, including legal-tech, e-commerce, and application security. At Apiiro, she harnesses her extensive expertise to drive innovation in application security. Ella specializes in leveraging artificial intelligence to tackle real-world challenges, developing and implementing end-to-end algorithmic solutions that automate complex tasks. Throughout her career, Ella has been dedicated to bridging the gap between theoretical research and practical application, ensuring that AI-driven solutions are both technically sound and aligned with business goals. **TICKETS:** OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. **CODE OF CONDUCT:** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct) **DRESS CODE:** Halloween costumes are encouraged, but not required. Feel free to get into the spooky spirit if you'd like, or come as you are!


Event: Monthly Networking Social

Group: Peterborough

Time: 19:00Z (Europe/London)

Description: Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).



November 04, 2024


Event: Meetup OWASP - Paris - Novembre 2024

Group: France

Time: 19:00+01:00 (Europe/Paris)

Description: Ce meetup se deroulera chez **Escape** que nous remercions chaleureusement de leur soutien. OWASP Paris est le meetup dédié à la sécurité applicative. Pour rappel, le meetup se veut non commercial. Il réunit toutes personnes désireuses de concevoir et maintenir des logiciels plus sûrs. Si vous êtes intéressé par le sujet, que vous soyez débutant ou expert, n'hésitez pas à nous rejoindre pour partager vos expériences ou vos problématiques. Ce meetup propose des sessions organisées en mode "forum ouvert". Les sujets sont proposés par les participants lors de la séance. Partages de connaissances, retour d'expériences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme! **Lightning Talks:** La soirée commence par de courtes présentations. Chacun peut s'il le veut proposer une présentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une démo ou un retour d'expérience, alors vous pouvez préparer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le présenter au début de la soirée. Si vous n'avez jamais fait de présentation avant, c'est l'occasion de commencer dans une ambiance sympa. **Workshop:** La soirée se poursuit avec des activités menées en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au début de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets préférés donnent lieu à des activités en groupes pendant un peu plus d'une heure. Des écrans seront disponibles Le format se veut bienveillant. Pas besoin d'être expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'échange et le partage. L'agenda et le compte-rendu des précédents meetups est accessible ici: https://owasp.org/www-chapter-france/



November 05, 2024


Event: Biometric Authentication in Fintech: Enhancing Security in Digital Banking

Group: Rewa

Time: 16:00+05:30 (Asia/Kolkata)

Description: Biometric authentication uses unique biological traits like fingerprints, facial recognition, or iris scans to verify a user’s identity, offering a highly secure alternative to traditional passwords. In fintech, this technology is increasingly adopted by digital banking platforms to enhance security, reduce fraud, and streamline user experience. By leveraging biometrics, fintech companies can offer faster, more reliable authentication methods, reducing the risk of hacking or identity theft. However, concerns around data privacy, storage, and potential misuse of biometric data also need to be addressed to ensure trust and compliance.



November 06, 2024


Event: Indy OWASP November 2024 Meetup

Group: Indianapolis

Time: 18:00-05:00 (America/New_York)

Description: **Talk 1** **Title:** Prompt Injection with Damn Vulnerable LLM **Synopsis:** Join us for an insightful OWASP event dedicated to exploring the OWASP Top 10 for Large Language Model Applications! Dive into the latest vulnerabilities impacting GenAI-driven systems, focusing on prompt injection attacks. We'll also showcase the Damn Vulnerable LLM, a hands-on tool designed to illustrate prompt injection in real-time specifically. This meetup is perfect for developers, security professionals, and anyone interested in safeguarding GenAI applications. Don't miss this opportunity to enhance your understanding of LLM security and network with fellow enthusiasts! **Speaker:** Justin Baxtron **Bio:** Bio: Justin Baxtron has worked in the information security field for over 10 years as a consultant and engineer. He holds a GIAC Web Application Penetration Tester (GWAPT) certification and focuses on application security assessments, as well as software engineering. **Talk 2** **Title:** I Hope No One Finds Out I'm a Fraud: Dealing with Imposter Syndrome **Synopsis:** Imposter syndrome is a real issue in professional life. It can seriously impact mental health and professional growth—especially in the security industry, surrounded by ever-changing technologies and other super-smart people. I will discuss the aspects of this issue, its impacts, and some strategies to overcome it, both for yourself and others. **Speaker:** Damian (@integrisec) Profancik **Bio:** Damian Profancik has worked as a server/network infrastructure and security consultant for more than 24 years with over the last 14+ years solely focused on information security as an Application Security Manager at Match Group, Technical Director at Optiv Security, Inc. focused on Application Security, Global Security Associate Partner and North American Regional Lead at IBM X- Force Red, Director of Application Security at Lares Consulting, Director of Security Services at iLAB, and a Principal Security Consultant at both NCC Group (formerly iSEC Partners) and Trustwave SpiderLabs. His main focus has been on application security and vulnerability research. He has worked in this capacity both independently and for numerous companies ranging from small businesses to Fortune 100 enterprises. His work has included application penetration testing, network penetration testing, design review, and code review in 28 different computer languages. He is actively involved in the Information Security community through speaking engagements at events such as DerbyCon, ShmooCon, CircleCityCon, OWASP, and ISSA, and he is a co-leader for the local OWASP chapter, one of the organizers for CircleCityCon, and co-founder for BSides Bloomington. Venue, food, and refreshments provided by Guidepoint.



November 07, 2024


Event: OWASP Orlando - Application Security

Group: Orlando

Time: 18:00-05:00 (America/New_York)

Description: This is an In-Person OWASP Orlando Chapter Meeting Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **TBD** Topic: TBD Speaker 2: **TBD** Topic: TBD



November 10, 2024


Event: Let’s Talk ML Security

Group: Bhopal

Time: 12:00+05:30 (Asia/Kolkata)

Description: Dive into the essentials of securing machine learning systems! This event explores key challenges in ML security, including model vulnerabilities, adversarial attacks, and best practices for robust protection. Perfect for developers, data scientists, and security pros, this session equips you with practical insights to safeguard ML applications against evolving threats.



November 12, 2024


Event: OWASP November Meet - In person

Group: Dallas

Time: 17:30-06:00 (America/Chicago)

Description: Mobile App Pentesting for Fun and Profit Welcome to the thrilling world of mobile app pentesting! This session will equip you with the skills to uncover vulnerabilities in mobile applications. Whether you’re a seasoned pro or a curious newcomer, prepare for an adventure in cybersecurity.


Event: German OWASP Day 2024

Group: Frankfurt

Time: 09:00+01:00 (Europe/Berlin)

Description: **\*\*This is a paid event\*\*** Dear all, We're proud to present a cool lineup of talks for the German OWASP Day in Leipzig on November 13th! The program committee got a solid amount of high quality submissions and thus the agony of choice. \* Frederik Braun will present "Modern solutions against Cross-Site Leaks (xs-leaks) and CSRF“ \* Thomas Barber will give us insights into the project Foxhound, a taint tracking project using a patched Firefox \* Malte Wessels will display results of his research on SSRF \* Shubham Agarwal will raise his voice against "Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike" \* Björn Kimminich is celebrating the "OWASP Juice Shop 10th anniversary" \* While Dr. Daniel Fett will be talking about "How (Not) to Use OAuth in 2024“, \* Kristina Yasuda will tell you "The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems" (EUDI Wallet) \* Tim Philipp Schäfers will demystify NIS2 and hopefully NIS2UmsuCG \* Diana Calderón will explore strategies for creating and implementing Security Champion programs in organisations \* Hanno Böck will tell not-so-good stories about private keys \* Stephan Pinto Spindler will share his experiences wrt "Network Fingerprinting for Securing User Accounts" \* Behnaz Karimi will give us an overview of the OWASP AI Exchange project \* Niklas Bunzel and Raphael Antonius Frick will explore the security challenges and opportunities posed by GenAI \* Clemens Hübner will amend that showing how GenAI can help identifying threats \* Florian Hantke and Sebastian Roth will show how to scan for Vulnerabilities Without Getting Into Trouble \* Nicolas Schickert, Ole Wagner and Matthias Göhring will tackle most companies problem child "SAP from an Attacker’s Perspective – Common Vulnerabilities and Pitfalls" The full program is on the web site [https://god.owasp.de/](https://god.owasp.de/) . **Registration is open. [Reserve your spot](https://god.owasp.de/2024/#tickets)! \*\*This is a paid event\*\*** On the 12th of November we also offer three trainings — those have to be booked separately: \* OWASP Juice Shop: Advanced Demos & For-fun CTF by Björn Kimminich + Jannik Hollenbach \* Getting started for establishing your Security Champions Program by Juliane Reimann + Michael Bernhardt \* Building Secure Software: A Hands-On OWASP SAMM Training by Daniel Kefer. As usual on the evening before the conference day (November 12th) there’s a get-together with food and drinks. **\*\*THIS IS A PAID EVENT\*\***


Event: German OWASP Day 2024

Group: Wrongsecrets

Time: 09:00+01:00 (Europe/Berlin)

Description: **\*\*This is a paid event\*\*** Dear all, We're proud to present a cool lineup of talks for the German OWASP Day in Leipzig on November 13th! The program committee got a solid amount of high quality submissions and thus the agony of choice. \* Frederik Braun will present "Modern solutions against Cross-Site Leaks (xs-leaks) and CSRF“ \* Thomas Barber will give us insights into the project Foxhound, a taint tracking project using a patched Firefox \* Malte Wessels will display results of his research on SSRF \* Shubham Agarwal will raise his voice against "Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike" \* Björn Kimminich is celebrating the "OWASP Juice Shop 10th anniversary" \* While Dr. Daniel Fett will be talking about "How (Not) to Use OAuth in 2024“, \* Kristina Yasuda will tell you "The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems" (EUDI Wallet) \* Tim Philipp Schäfers will demystify NIS2 and hopefully NIS2UmsuCG \* Diana Calderón will explore strategies for creating and implementing Security Champion programs in organisations \* Hanno Böck will tell not-so-good stories about private keys \* Stephan Pinto Spindler will share his experiences wrt "Network Fingerprinting for Securing User Accounts" \* Behnaz Karimi will give us an overview of the OWASP AI Exchange project \* Niklas Bunzel and Raphael Antonius Frick will explore the security challenges and opportunities posed by GenAI \* Clemens Hübner will amend that showing how GenAI can help identifying threats \* Florian Hantke and Sebastian Roth will show how to scan for Vulnerabilities Without Getting Into Trouble \* Nicolas Schickert, Ole Wagner and Matthias Göhring will tackle most companies problem child "SAP from an Attacker’s Perspective – Common Vulnerabilities and Pitfalls" The full program is on the web site [https://god.owasp.de/](https://god.owasp.de/) . **Registration is open. [Reserve your spot](https://god.owasp.de/2024/#tickets)! \*\*This is a paid event\*\*** On the 12th of November we also offer three trainings — those have to be booked separately: \* OWASP Juice Shop: Advanced Demos & For-fun CTF by Björn Kimminich + Jannik Hollenbach \* Getting started for establishing your Security Champions Program by Juliane Reimann + Michael Bernhardt \* Building Secure Software: A Hands-On OWASP SAMM Training by Daniel Kefer. As usual on the evening before the conference day (November 12th) there’s a get-together with food and drinks. **\*\*THIS IS A PAID EVENT\*\***



November 13, 2024


Event: Patients at Risk: Investigating The Healthcare Cybersecurity Crisis

Group: Nashville

Time: 17:00-06:00 (America/Chicago)

Description: Want to learn more about the most successfully attacked industry in the world? Here’s your chance! Healthcare organizations are facing a digital storm. Cyberattacks are increasingly successful, targeting sensitive patient data, disrupting critical services, and putting lives at risk. Facing a growing threat landscape due to increasing reliance on interconnected technologies (including IoT, IoMT, OT and IT systems), many hospitals are struggling to recover from decades of accumulated cybersecurity debt. This presentation will explore the root causes of healthcare cyberattacks, providing real-world examples and discussing the technical vulnerabilities that make organizations prime targets. Attendees will gain insights into the emerging guidance and strategies for improving healthcare cybersecurity, as well as the debate surrounding the need for regulation in this critical sector. We will also examine the significant financial and reputational costs associated with cyberattacks and delve into the motivations and tactics of the attackers themselves. Join OWASP Nashville and Chad Holmes as we dive deep into the world of healthcare cybersecurity. We'll explore the root causes of cyberattacks, examine real-world examples, and discuss the technical vulnerabilities that make hospitals prime targets.


Event: Security Social Lunch Hours

Group: Seattle

Time: 12:00-08:00 (America/Los_Angeles)

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)



November 14, 2024


Event: OWASP BE chapter meeting (14/11/2024, Mechelen)

Group: Belgium

Time: 19:00+01:00 (Europe/Brussels)

Description: On November 14th, we organize our next OWASP Belgium chapter meeting in Lamot (Mechelen). This event is co-located with the [CyberSecurity event "Strategic Research and Industry Impact"](https://cybersecurity-bites.be/cybersecurity-strategic-research-industry-impact-2nd-edition/). **Agenda**: * 17h30-19h: networking drink * 19h-19h10: **OWASP update** * 19u10-19h50: **TBD** * 19h50-20h30: **TBD** More info can be found on the Belgium OWASP chapter page at [https://owasp.org/www-chapter-belgium/#div-meetings](https://owasp.org/www-chapter-belgium/#div-meetings) . Our chapter meetings are open for everyone, and attendance is free of charge. We ask you to register on Meetup in order to provide you with last-minute updates, if needed.



November 18, 2024


Event: OWASP Monthly meeting

Group: Jacksonville

Time: 17:30-05:00 (America/New_York)

Description: OWASP topic TBA



November 19, 2024


Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+13:00 (Pacific/Auckland)

Description: We're picking up our regular Meetup schedule in 2024, starting in March. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We restarted our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting. Our Top 10 topic for November will be **A05:2021 - Security Misconfiguration**. **Technical Topic Speaker:** Jagan Boda (Jay) **Talk Title:** How scary is a Post-Quantum Computing Crypto World? In my presentation, I will explore the transformative potential and security challenges of quantum computing. I will try to explain key quantum concepts like superposition and entanglement, contrasting them with classical computing principles. I will address security concerns by discussing the vulnerability of current cryptographic algorithms and infrastructure to quantum attacks. A brief history of cryptography and solutions to the challenges from quantum computing. Then we will outline ongoing efforts to develop quantum-resistant cryptography and the standardization processes from organizations such as NIST. Opportunities for adoption of post-quantum computing safe algorithms exist today and can be planned for and budgeted. Education and awareness will be crucial, ensuring stakeholders understand the implications of quantum computing on cybersecurity. By the end of the presentation, attendees will gain a foundational understanding of quantum computing's impact on security and practical steps to protect sensitive data in a quantum-enabled future. We're always looking for presenters and topics for future meetings - contact John ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be John talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.



November 20, 2024


Event: OWASP LA Monthly In-Person Meeting - NOV 20, 2024

Group: Los Angeles

Time: 17:30-08:00 (America/Los_Angeles)

Description: **TOPIC**: State of Pentesting 2024 Join us for great networking, dinner and drinks, and see a presentation by **Carolyn Wang**, Chief Strategy Officer at Cobalt. **ABSTRACT**: In the sixth annual installment of State of Pentesting 2024, Cobalt shares data and insights from more than 4000 manual pentest engagements performed in 2023, resulting in more than 39,000 security vulnerability findings. Caroline will present the data as well as commentary on artificial intelligence and offensive security. **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]* **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: [https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy) **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]*



November 21, 2024


Event: Security Journey CTF

Group: Columbus

Time: 18:00-05:00 (America/New_York)

Description: *This will be at the new location, as shown below! Don't go to the wrong place!* Hands-on hacking time! Security Journey has graciously allowed us to borrow their CTF for the evening to see and fix coding flaws that lead to security vulnerabilities. It's all web based, so bring your laptop! There really isn't anything to install, so bring your work laptop! But be there! We'll start off with a few highlights related to what is new in the world of appsec, and have a good-of-the-order style chat about the near, they we will dig into finding and fixing some stuff.


Event: The 2024 Los Angeles Cybersecurity Summit

Group: Los Angeles

Time: 07:30-08:00 (America/Los_Angeles)

Description: **OWASP LA** has organized \***ANOTHER**\* exceptional offer for our meetup membership to participate in ***Ninth Annual Los Angeles Cybersecurity Summit*** on November 21st, in Los Angeles, CA. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals. [Register ](https://cybersecuritysummit.com/register/losangeles24/)now using code **CSS24-OWASPLA** for your **complimentary** pass! Space is limited so act now to secure your place. Check the full schedule at [2024 California Technology Summit Agenda](https://cybersecuritysummit.com/summit/losangeles24/) The **Ninth Annual Los Angeles Cybersecurity Summit** connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. Admission gives you access to all Interactive Panels, Discussions, Catered Breakfast, Lunch & Cocktail Reception. **Conference Highlights:** ### Interactive Panel Discussions **Defining Cybersecurity-Readiness: How do you evaluate yours?** When looking at how to best protect your business, cybersecurity readiness should be top priority, but what is it? Let’s discuss GRC & the best steps to take when quantifying cyber risk, developing your incident response plan, creating a data security policy & more. **2024 & The Biggest Threats to Your Business** On this panel our lineup of industry experts will discuss the most dangerous and emerging threats to your organization as well as the solutions that go beyond anti-malware/anti-virus to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption. **Conceptualizing Cloud Security & Why it Matters Today** Cloud computing solves many problems like flexibility, cost-efficiency & scalability, so it’s no surprise that use of the cloud is consistently growing. Our experts will look at hybrid and multi-cloud environments, adopting the concept of cybersecurity mesh & Zero Trust, the Secure Access Service Edge (SASE) framework, cloud-native tools & platforms, as well as why the future of network security is in the Cloud. ### Top 8 Reasons to Attend the Cybersecurity Summit 1\. Learn 2\. Evaluate Demonstrations 3\. Time\, Travel and Money Savings 4\. Engage\, Network\, Socialize & Share 5\. CEUs / CPE Credits 6\. Investment 7\. Atmosphere 8\. Reality Check ### [Questions](mailto:[email protected]) For any questions, please contact **[[email protected]](mailto:[email protected])** or call **212.655.4505 ext. 225** And finally **don't forget** to visit us at the OWASP Los Angeles booth!


Event: The Defender’s Advantage: A guide to activating cyber defense / Developing an Ap

Group: Orange County

Time: 18:00-08:00 (America/Los_Angeles)

Description: **NOTE: The following will be in effect and mandatory for this meeting venue.** * **RSVPs will close at 11:59 PM PT on Monday, November 18th, so kindly submit your RSVP by then. Walk-ins will not be permitted.** * **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.** * If your first and last name do not appear in our admin view, we will contact you. * Alternatively, feel free to reach out directly or email us at [email protected] to provide that information or any questions you may have regarding the event. **Parking** Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage. **Live Stream** Stream us live on Twitch: http://twitch.tv/owaspoc *Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.* **Talk 1** **The Defender's Advantage: A guide to activating cyber defense** Organizations today face relentless cyberattacks that can compromise their critical assets. The Defender’s Advantage is the concept that organizations have the upper hand in defending against attacks on their own environments. The overview will guide you through understanding the threat landscape, detecting and investigating malicious activity, testing and validating the effectiveness of controls and operations, hunting for active threats. The book goes into detail about each of these concepts to help organizations take control and galvanize their defender’s advantage. **Speaker 1 Bio** Gursev Singh, Sr. Information Security Consultant at Google. A seasoned cybersecurity professional with over 16 years of experience in the field. He has a strong track record of success, leading and managing cybersecurity projects for major customers.Gursev's expertise in cloud security (Google, AWS & Azure), SIEM, and data protection. His deep understanding of infrastructure security and cyber threat and vulnerability management further enhances his ability to analyze threats, identify vulnerabilities, and respond to security incidents.Currently, he's a Sr. Information Security Consultant at Google. **Talk 2** **Developing an Application Security Champions Program** Application security focuses on a specific set of issues which incur risk. Software security in general may cover everything from IT to cloud to access, to authentication, etc. What we are addressing in this discussion is a security program designed to surface and mitigate risk found within applications. Agenda * Remote Code Execution – an infamous example * The recurring cycle of scan, assess, mitigate * Update, Update, Update! * Ownership is essential **Speaker 2 Bio** Rich Newman, Technical Account Manager at Black Duck Software, Inc. Rich was a developer for 13 years in the embedded space, primarily embedded C and assembly code. He then transitioned to field engineering for Wind River, Intel, Coverity and Synopsys for the past 26 years. The technologies he supported covered a wide range of embedded operating systems and tools, live patching, static analysis and security tools and services. He has an active CISSP certification.


Event: OWASP Vancouver Monthly Meetup

Group: Vancouver

Time: 18:00-08:00 (America/Vancouver)

Description: TBD



November 27, 2024


Event: 6. OWASP Augsburg Stammtisch

Group: Augsburg

Time: 19:00+01:00 (Europe/Berlin)

Description: **!WANTED! --> Women in IT Security <-- !WANTED!** **Agenda tbd** Du hast einen Vortrag? Melde dich! Wir sind immer auf der Suche nach interessanten Inhalten!! **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst einen Talk halten? Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben


Event: OWASP Frankfurt Chapter #69 - Software Maturity Model and Security Champions

Group: Frankfurt

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* **DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event—details to be announced soon! **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 AG, located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


Event: OWASP Frankfurt Chapter #69 - Software Maturity Model and Security Champions

Group: Wrongsecrets

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* **DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event—details to be announced soon! **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 AG, located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!



November 28, 2024


Event: OWASP BeNeLux Days 2024

Group: Belgium

Time: 09:00+01:00 (Europe/Brussels)

Description: Exciting News! Join us at the "OWASP BeNeLux Days 2024" edition on November 28th and 29th in Utrecht, the Netherlands. Explore the latest in security, devops, and cloud with technical talks by industry experts. Get hands-on with top security training sessions. Gain insights from keynotes by industry leaders. Discover cutting-edge security tech at vendor booths. Check the link below for more information and registering for the event: [https://www.owaspbenelux.eu/](https://www.owaspbenelux.eu/)


Event: OWASP BeNeLux Days 2024

Group: Netherlands

Time: 09:00+01:00 (Europe/Amsterdam)

Description: Exciting News! Join us at the "OWASP BeNeLux Days 2024" edition on November 28th and 29th in Utrecht, the Netherlands. Explore the latest in security, devops, and cloud with technical talks by industry experts. Get hands-on with top security training sessions. Gain insights from keynotes by industry leaders. Discover cutting-edge security tech at vendor booths. Check the link below for more information and registering for the event: [https://www.owaspbenelux.eu/](https://www.owaspbenelux.eu/)


Event: Monthly Networking Social

Group: Peterborough

Time: 19:00Z (Europe/London)

Description: It's music night! Come join us for live music and great chat. Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).