OWASP Community Meetings

Description: #### Proposed sessions for this event: * Hacking GCP For Fun by **Agnibha Dutta** * A Real-Life Journey into Exploiting Ticketing Systems by **Rakesh Seal** * Rods and Hooks - The Phishing Trip by **Soummya Mukhopadhyay** * Zero Trust in the age of AI by **Deblohit Bose**

Description: Join us for the OWASP Bhopal Chapter Meetup to explore the latest trends in Cybersecurity. Our event will focus on topics such as Computer Security, Application Security, Penetration Testing, and Web Application Security. Dive deep into discussions on Software Security and Web Technology, while staying updated on Information Security best practices. This meetup will also include interactive sessions on Capture the Flag challenges and Machine Learning applications in cybersecurity. Whether you are a seasoned professional or a newbie in the field, this event is a great opportunity to network with fellow enthusiasts and learn from industry experts. Don't miss out on this chance to enhance your knowledge and skills in the ever-evolving realm of cybersecurity.

Description: Hello everyone, it’s time for our OWASP Croatia meetup. This time, we will meet in person in Varaždin Croatia for some coffee and short informal talks. On the last meetup we talked about making a larger meetup with a few conference-length talks, but this is planned for some future time in Zagreb. **Location:** Inside of Park Boutique Hotel in Varaždin. Monday, 23.12.2024 @ 18:30. (Our table is all the way in the back, near the bar) **We have a few topics for this meetup:** 1\. Nikola will talk about adventures in self hosting\. 2\. Tony will talk about extracting 2FA seeds from walled gardens\. 3\. We will discuss future activities for Chapter Croatia \(Talks\, Workshops\, Projects\) **Please RSVP to the event because we will have space reserved in the inside terrace and we need to let the venue know the number of chairs needed in the morning. If you are not coming, please remove the RSVP so we can plan accordingly. We need to tell the venue how many chairs / tables to prepare in the morning, so please make sure to keep your RSVP status correct.**

Description: Bütün kibertəhlükəsizlik həvəskarlarını səsləyirik! 2024-cü ilin yekun OWASP Bakı Chapter-inin görüşü üçün bizə qoşulun! Tarix: 26 dekabr 2024-cü il Saat: 19:00 (Bakı vaxtı ilə GMT+4) Məkan: Onlayn İli aşağıdakılarla dolu maraqlı sessiya ilə yekunlaşdırırıq: Maraqlı texniki mövzular Sənaye ekspertləri ilə A.M.A və sual-cavab sessiyaları Öyrənmək, paylaşmaq və peşəkar yoldaşlarla əlaqə qurmaq imkanları Gəlin bunu yadda qalan görüş edək! Suallarınız var? Mütəxəssislərimiz sessiya zamanı onlara müraciət edə bilməsi üçün əvvəlcədən onlardan soruşmaqdan çəkinməyin. Gəlin 2024-cü ili birlikdə güclü şəkildə başa vuraq! #OWASP #CyberSecurity #BakuChapter #ApplicationSecurity #TechMeetup #CyberSecCommunity #InfoSec #AMA

Description: **OWASP Meeting 2024** OWASP Lima Chapter Meeting (VIA ZOOM) **PRESENTACIÓN:** **OWASP Projects: A Path to a Secure SDLC** Explora los principales proyectos de OWASP y cómo integrarlos en cada etapa del Ciclo de Vida de Desarrollo de Software (SDLC) para garantizar la seguridad desde el diseño hasta la implementación. Conoce herramientas y estándares como OWASP Top 10, ASVS y ZAP, y su impacto en la construcción de software seguro y eficiente. Una oportunidad para profundizar en las mejores prácticas respaldadas por la comunidad global de OWASP.

Description: Join us for an informative event hosted by OWASP Dhaka Chapter, focusing on the latest trends in web application security, penetration testing, and software security. In this session, we will delve into topics such as information security, white hat hacking, and open source tools to defend against cyber threats. Building on the success of our previous events like "OWASP Mobile Application Security Risk" and "Strengthening Software Quality Assurance for Robust Software Security," we aim to equip participants with practical skills and knowledge to secure their applications. Whether you are a cybersecurity enthusiast, software developer, or IT professional, this event offers a valuable opportunity to learn from experts in the field, collaborate with like-minded individuals, and stay updated on the ever-evolving landscape of cybersecurity. Don't miss out on this chance to expand your knowledge, network with industry peers, and enhance your expertise in software security with OWASP Dhaka Chapter.

Description: **Cyber Peterborough are hosting a CTF!** We're working out the details, in the meantime - please sign up to watch out for updates! **What?** * A hosted capture the flag event **Where?** * TBD **When?** * TBD **Who for?** * All ages and abilities will be catered for!

Description: **Overview and Usage Feedback for New Patent:** **"Method to encode and decode otherwise unrecorded private credentials, terms, phrases, or sentences." (45 - 60 min)** * The two inventors of patent #US20200387595A1 will share the basic concepts using "Glyphs" to encode recallable, robust passphrases. * The goal is to get constructive, candid feedback on the practicality of personal and enterprise usage * To test the concepts behind GlyphPass, please bring several photos on your phone that have good, non-obvious stories associated with the pictures. * Patent can be read here: [https://patents.google.com/patent/US20200387595A1/en?oq=%23US20200387595A1](https://patents.google.com/patent/US20200387595A1/en?oq=%23US20200387595A1) . **NOTE: We are starting at 7:30 pm since December.**

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)

Description: **When:** Thursday, January 9th, 5:30 pm - 7:30 pm **Where:** Lavaca Street Bar at the Domain Northside (Rock Rose District), 11420 Rock Rose Ave #100, Austin, TX 78758. We will have tables reserved inside the bar, to the right as you enter. Parking: nearest parking in the Red Garage located off of Rock Rose Ave ([map of Domain](https://domainnorthside.com/map/)). **What:** The Austin Security Professionals Happy Hour is a monthly event coordinated by the OWASP Austin Chapter and sponsored by various companies. We try to meet every second Thursday of the month from January to September (but occasionally we make schedule adjustments when needed). The event is an informal social gathering of local information security professionals. If you're involved with InfoSec or even if you have an interest, come on out for drinks, good food and conversation. **Sponsor:** [Cequence](https://www.cequence.ai) *Cequence, a pioneer in API Security, is the only vendor with a comprehensive Unified API Protection solution offering discovery, compliance, and protection across all internal and external APIs to defend against attacks, targeted abuse, and fraud. Onboard APIs in less than 15 minutes, without needing any instrumentation, SDK, or JavaScript deployments. Cequence solutions scale to handle the most demanding government, Fortune and Global 2000 organizations, securing more than 8 billion daily API calls and protecting more than 3 billion user accounts across these customers. Its flexible deployment model supports passive/inline, on-premises, SaaS, and hybrid deployments.*

Description: **This event is kindly sponsored and hosted by JustEat. There is limited seating available for in-person attendees. Registration required.** **This event will be live-streamed on YouTube. Recordings will be available on the OWASP London YouTube channel.** **Venue Location**: JustEat, Fleet Place House, 2 Fleet Pl, London, EC4M 7RF (note: the entrance is directly opposite Starbucks front doors) **Nearest Tube Station:** St. Pauls (Central Line) - 6 mins walk **Doors Open at 6pm** for registration, food, drinks and networking. The talks start at **6:30pm** (we start on time). **TALKS** **OWASP Introduction, Welcome and News** \- Sam Stepanyan\, Sherif Mansour and Andra Lezza Welcome and a brief update on OWASP Projects & upcoming OWASP Conferences from the OWASP London Chapter Leaders **"Go Hack Yourself: API Hacking for Beginners"** \- Dr Katie Paxton Over the past few years, we've really seen API hacking take off as a field of its own, diverging from typical web app security, but yet parallel to it. Often we point to the amorphous blob that is web security and go: "here you go, now you can be a hacker too", with top 10 lists, write-ups, conference talks and whitepapers smiling as we do. This creates a major challenge for developers who want to test their APIs for security or just people who want to get into API hacking, how on earth do you wade through all the general web security to get to the meat of API hacking, what do you even need to know? This talk is going to break down API hacking from a developer point of view, teaching you everything you need to know about API hacking, from the bugs you can find and to the impact you can cause, to how you can easily test your own work or review your peers. **"Maturing Your Application Security Program"** \- Tanya Janca After working with over 300 companies on their application security programs the most common question I receive is “what’s next?”. They want to know how to mature their programs, and when they look at the maturity models available, they find them intimidating and so far beyond their current maturity level that they feel impossible. In this talk I will take you through 3 common AppSec program maturity levels I have encountered over the years, with practical and actionable next steps you could take immediately to improve your security posture. **SPEAKERS** **Dr Katie Paxton-Fear ([@insiderPhD](https://x.com/@insiderPhD))** Dr Katie Paxton-Fear is an API hacker and content creator at Traceable. She has a PhD in cyber security and artificial intelligence, but if you know her it’s not for her academic work. She’s a hacker and YouTuber who's found bugs in over 30 companies. She wants to show that anyone can be a hacker, and share her passion and knowledge with others. She has hacked everything from the military to social media, reporting her findings promptly and making sure the attackers don't get their first! In her free time she makes videos, teaching her audience of 80k+ how to get into ethical hacking. You can find her all over the internet as InsiderPhD. **Tanya Janca ([@shehackspurple](https://twitter.com/shehackspurple))** Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of "We Hack Purple", an online learning community that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. Tanya values diversity, inclusion, and kindness, which shines through in her countless initiatives. Advisor: Nord VPN, Aiya Corp Faculty: IANs ResearchFounder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC **TICKETS** This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the guest list. **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

Description: **Shift Left - A discussion of AppSec Best Practices** 11am-2pm for session 2pm-3pm for happy hour **Details** Topics- See abstracts below * **Strategies for Aligning Programs with Modern Expectations-Frost Bank** * **Cultivating Developer Adoption in the era of Artificial Intelligence-Synk** * **The radical future of app and API security is in production-Contrast Security** * **Shift Left: Design for Security and Quality**-**CheckMarx** **Lunch Provided** Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257 **HAPPY HOUR** networking after session!! **ZOOM** link provided below for remote attendees **https://optiv.zoom.us/j/91529424588?pwd=bgMmGiqvaLkEn9GeX8tISW9lcmPoFc.1&from=addon** We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity! Please feel free to pass this information on to your peers and team members. Please reply **“ONSITE”** if you plan on attending in person so we can finalize headcount for food and room attendance **Presentations will include:** ***I. Strategies for Aligning Programs with Modern Expectations*** ***Vipul Gupta-SVP Frost Bank*** In this talk, Vipul plans to share his experience with building and scaling an Application Security program. He will share why engaging with development and business teams is essential for the Shift Left journey. ***II. Cultivating Developer Adoption in the era of Artificial Intelligence-Snyk*** In today’s fast-paced, AI-driven development landscape, securing developer adoption is key to integrating security seamlessly into workflows. This presentation explores practical strategies to overcome challenges like trust, tooling complexity, and unclear ownership. By focusing on people, processes, and tools, we demonstrate how to empower developers, reduce friction, and scale security effectively. Attendees will gain actionable insights to foster a collaborative culture where security becomes a natural part of development. One of the biggest challenges that organizations face when shifting left is getting developers to actually adopt the “shift left" tools. This presentation speaks to how to overcome that. ***III.*** **Development Team Transformation -Contrast Security** The lines between proactive and reactive cyber defenses are somewhat arbitrary. If you blur those lines, you can some serious advantages. A SAST or SCA tool finding is a theoretical vulnerability that may or may not be exploitable, but if you can see that a vulnerability is within the blast radius of active probes or attacks, it suddenly becomes real. What might have been labeled as "critical" in pre-prod suddenly becomes "super-critical". On the other hand, things that are not exploitable in a production context due to compensating control, can be deprioritized preserving the limited attention of development for things that really matter. Join DevSecOps pioneer, Larry Maccherone, for this thought-provoking discussion on going right to shift left ***IV.*** **Shift Left: Design for Security and Quality**-**CheckMarx** This presentation will discuss the elements of design phase security, highlighting the critical role of design decisions in achieving a secure and high-quality software product.