OWASP Community Meetings


Quick List (Details below)

February 21, 2025

Event: OWASP BH: Hacking a Bank Without Leaving Your Bedroom

Group: Belo Horizonte

Time: 20:00-03:00 (America/Sao_Paulo)

Description: Temos o prazer de convidá-los para o nosso próximo evento que acontecerá no dia **21/02**, às **20 horas**. Será uma oportunidade incrível para nos aprofundarmos no mundo da segurança cibernética e hacking ético. ** Detalhes do Evento** Data: **21 de Fevereiro de 2025** Horário: **20:00** Plataforma: **[Zoom](https://us06web.zoom.us/j/82672501627?pwd=MmDbiRIXJR5bb87FbyUja1J91WIm96.1)** **Sobre a Palestra** Nesta palestra, Arthur compartilhará suas experiências e insights sobre como é possível explorar vulnerabilidades e os caminhos para fortalecer a segurança de sistemas financeiros sem sair do conforto de casa. **‍ Sobre o Palestrante** [Arthur Aires](https://www.linkedin.com/in/arthur-aires-93388211b/) Arthur Aires é Bug Hunter e pentester com mais de 3 anos de experiência, tendo destaque internacional na categoria. Ele atua em pentestes e testes de vulnerabilidades, gerenciamento de equipes, avaliações de Red Team, divulgação de vulnerabilidades, entre outros. Foi convidado cinco vezes pela HackerOne (H1-512, H1-702-2022, H1-3493, H1-702-2023 e H1-702-2024) para o Live Hacking Event, onde pôde colaborar pessoalmente com a segurança de empresas como PayPal, AWS, Amazon e Zoom. Contamos com a presença de todos para um momento enriquecedor de aprendizado e troca de experiências!


February 22, 2025

Event: OWASP In-Person Meetup | 22nd February 2025

Group: Mumbai

Time: 12:30+05:30 (Asia/Kolkata)

Description: #### Session Details: * Introduction to Owasp and Owasp Mumbai * Speaker Introduction #### Topic: * The art of incident response, a 360 degree View By **Manan Mitesh Shah** * Breaking the Container Boundary Using Side Channel Attack By **Adhokshaj Mishra**


February 24, 2025

Event: OWASP Meeting in Krakow - Supply chain in application security

Group: Poland

Time: 18:00+01:00 (Europe/Warsaw)

Description: **Important note first:** Unfortunately our previous venue - Techies' is temporarily closed, so this time we are meeting at Relativity office. Our main topic for this meeting will be supply chain attack and defence. First our guest - Pedro Fortuna will introduce one of supply chain attacks - so called - resurected domains. Then we will host a discussion about how we can defend dependencies in our software to not be a victim of constantly growing supply chain attacks. Agenda: 1. **Dawn of the Dead - The Tale of the Resurrected Domains** *Pedro Fortuna (CTO at Jscrambler)* Web applications’ strengths—composability, dynamic distribution, and error-tolerant runtimes—also make them highly vulnerable to supply chain attacks. The heavy reliance on third-party dependencies, especially dynamically loaded scripts, introduces risks as these scripts can be updated without site owners’ knowledge, bypassing integrity checks like SRI. A major concern arises when third-party script hosts go offline, leaving their domains up for grabs. Attackers have exploited this by acquiring such domains to inject malicious code into linked websites. In one case, over 1,000 websites were compromised before researchers detected and neutralized the threat. Following the incident, further research revealed the widespread nature of this attack vector, leading to the development of a tool capable of scanning millions of websites for similar vulnerabilities. The researchers also created a free tool to alert website owners if they are unknowingly using scripts from defunct, potentially hijacked domains. These findings and tools will be presented in the talk. 2. After the break, we will host a discussion about supply chain defence. **Unpacking the Web Supply Chain: Trust, Risk, and the Future of Secure Development** In today's fast-paced world of software development, how dependent have we become on third-party components? Has this reliance become more of a liability than an asset? Is a completely self-reliant software ecosystem even possible, or will external risks always be a fundamental part of modern development? With the rise of AI and LLMs, how are software creation processes changing? What new supply chain threats are emerging because of these advancements? Are traditional security measures like SBOMs, vulnerability management, and runtime security controls sufficient to address these evolving threats? With dynamically updating scripts, lack of version control, gaps in CSP, SRI, and integrity monitoring, are enterprises sufficiently protected? Can we truly trust the browser environment, or are we vulnerable to manipulated content? What innovative strategies, like a zero-trust model, can better secure third-party JavaScript dependencies? Looking ahead, what concrete actions are needed to enhance software supply chain security? Is regulation the answer, or could it create more challenges? Should the industry implement a standardized "seal of approval" for third-party components? Are security vendors, enterprises, and regulators doing enough to tackle this growing threat landscape? Join us as we challenge assumptions, explore emerging solutions, and outline a path forward in securing the software and web supply chain. Please RSVP and save the date! If you have a minute, **please share this invitation** with friends and in your social media.


February 25, 2025

Event: OWASP Austin Chapter Monthly Meeting - February 2025 (Online)

Group: Austin

Time: 11:30-06:00 (America/Chicago)

Description: 30 minutes of meet-and-greet and Chapter information, then the Presentation! ***When the Tool is the Weapon -- Abusing (and defending) native M365 applications*** When you think about Business Email Compromise, you think about the mailbox, right? Malicious inbox rules, spoofed domains hijacking email threads, and phishing campaigns blasted to a user’s contact list are hallmarks of this type of attack. However, other applications within the M365 ecosystem are often leveraged by Threat Actors while they are in a compromised tenant. Teams, SharePoint, E-Discovery, and OneNote can and have been abused by threat actors during a business email compromise. Initial access, exfil, and leapfrogging to new victims can happen in a way that will not throw any alerts. What are the threat actors doing with these apps, how can we detect it, and how can we stop it? \-\-\-\-\-\-\-\-\-\-\-\- If you want to attend in-person, please see [Eventbrite](https://owasp-austin-2025-february.eventbrite.com). Please do not pull an in-person ticket unless you are going to attend as we purchase lunch for all in-person attendees.


Event: February meetup

Group: Minneapolis St Paul

Time: 17:30-06:00 (America/Chicago)

Description: **Tracy Walker, principal solutions architect, DefectDojo** **Enhancing Open Source Tools Using AI: A "No Code" Journey to Build an Automated DefectDojo Parser Generator** For February's talk, we welcome DefectDojo, the open-source OWASP flagship project for vulnerability management. See a live demonstration of using AI to accelerate the ability to adopt new, custom or unsupported security tools into DefectDojo, an open-source vulnerability management platform. Tracy Walker will demonstrate how he leverages AI LLM assistance to build security tool parsers from scratch, making tool integration accessible to security practitioners of all technical levels. Through live examples, attendees will learn how AI can help map and normalize security data, generate code and unit tests while maintaining code quality and existing parser best practices -- without actually "writing" code. Perfect for security engineers, DevSecOps practitioners, and anyone interested in enhancing their security toolchain through open source solutions and collaboration. Approximate agenda (U.S. Central Time): 5:30 - Doors open; socializing/connecting, food, OWASP announcements 6:00 - Presentation DefectDojo is graciously providing food and drink for the event. Please remember to register and keep your registration up to date so we know how many to expect.


February 26, 2025

Event: 9. OWASP Augsburg Stammtisch

Group: Augsburg

Time: 19:00+01:00 (Europe/Berlin)

Description: In der Fuggerstadt wird IT-SECURITY groß geschrieben. Egal ob IT-Security-Interessent\*in, CISO, Hacker/Haeckse, Pentester\*in, Entwickler\*in, Netzi, Endanwender\*in oder whatever - alle sind willkommen. Eine OWASP-Mitgliedschaft ist (natürlich wünschenswert, aber) nicht notwendig! **Wir freuen uns auf neue Gesichter, Stammgäste und sporadische Teilnehmer\*innen :-)** **Agenda** **Vortrag von Nina: Webapps aus der Perspektive einer Pentesterin** Pentesting wird oft als „legales“ oder „beauftragtes“ Hacken bezeichnet. Doch oft gibt es Rätselraten, was dabei eigentlich passiert. Spoiler: keine Magie. In diesem Vortrag gibt’s deshalb Einblicke hinter die Kulissen, um folgende Fragen zu beantworten: * Was ist eigentlich ein Pentest? * Wie ist das Vorgehen beim Pentesten (d)einer Webanwendung? * Welche typischen Schwachstellen gibt es in Webanwendungen? **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst auch einen Talk halten? Super, wir sind immer auf der Suche nach interessanten Inhalten. Egal ob Vortrag, Diskussion, Idee, Lightning-Talk, etc. Wir dienen auch gerne als Probepublikum :-) Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben


Event: Boulder OWASP February Meetup: AI Assisted Security Testing

Group: Boulder

Time: 18:00-07:00 (America/Denver)

Description: The OWASP Boulder Chapter is excited to announce our February 2025 Chapter Meeting! Scheduled for Wednesday, February 26th at the Rule4 office at 6 PM, with complimentary food, beer, and soft drinks. Join us for networking with your peers and a featured talk from Andrius Useckas presenting: **AI Assisted Security Testing & A Glimpse into Security Challenges with Agentic LLM Deployments** Penetration testing is an ever-evolving field. In addition to legacy vulnerabilities affecting web applications and APIs, we are witnessing next generation of vulnerabilities emerging with Web 3.0 and agentic Large Language Model (LLM) systems. AI Assisted Security Testing represents a crucial evolution in cybersecurity defense, combining traditional security testing methods with artificial intelligence to enhance both coverage and efficiency. New approaches can process and analyze vast amounts of security data in real-time, prioritize threats based on risk levels, reduce false positives, and adapt to emerging attack vectors – all while helping security teams manage the growing shortage of skilled cybersecurity professionals and keep pace with DevSecOps requirements. Special thanks to the Rule4 Team for hosting and sponsoring, we couldn't do these events without our sponsors. If you're interested in sponsoring the #1 AppSec Organization and our Boulder Chapter meetings, please reach out to [email protected]. Please follow us on LinkedIn: https://www.linkedin.com/company/owasp-boulder And join our Slack: https://join.slack.com/t/boulder-owasp/shared_invite/zt-2qnxnmmts-IQDaobNC1rcUbpaH1ip8Lg **AGENDA** 6:00 - 6:30 Food, Drinks, Networking 6:30 - 7:15ish Main Topic Presentation 7:15ish - 7:30 Q&A and Discussion 7:30 - 8:00 More Networking


Event: OWASP Frankfurt Chapter #70 - OWASP meets Legal & Regulations

Group: Frankfurt

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #70! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* * **Rechtssicher durch den Cybervorfall:** We are excited to welcome **Olga Stepanova** and **Dirk Koch** \- both partners at ByteLaw \- who will guide you through the rough waters on how you can protect your company from the legal consequences of a cyber incident\. Experts explain current threats such as ransomware and business email compromise and provide practical tips on how to deal with perpetrators\, authorities and insurance companies in a legally secure manner\. * **Regulatory Affairs for Hackers:** It's not just since the GDPR that we've known what a resounding impact legal changes can have, but what else can we possibly expect when regulation gets really strict? **Leon Holub**, product owner of the Regulatory Radar platform at Johner Institute GmbH tries to give an insight into the world of legal requirements for medical devices, from a perspective of a software developer who has immersed himself in the details of the world's regulatory systems not too long ago. **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **26.02.2025** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 , located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


Event: OWASP LA Monthly In-Person Meeting - FEB 26, 2025

Group: Los Angeles

Time: 17:30-08:00 (America/Los_Angeles)

Description: **TOPIC**: Navigating CCPA/CPRA: Implications for AI, Data Privacy, and Federated Learning. Join us for great networking, dinner and drinks, and see a presentation by **Mike Villegas**, CISO for TRISTAR Insurance Group, and President and Founder of iSecurePrivacy, LLC **ABSTRACT**: As artificial intelligence (AI) keeps advancing its impact across industries it becomes essential for IT professionals as well as web developers and cybersecurity experts to grasp how data privacy regulations relate to innovative AI methods. This lecture will analyze both the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) with particular attention to how these laws affect AI technologies and data management methods and the developing concept of federated learning. Participants will understand the fundamental concepts of the CCPA/CPRA including the rights of consumers and responsibilities of organizations handling data collection and processing activities. These regulations create substantial challenges for AI deployment because they require transparency in automated decision-making processes and proper use of consumer data. **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]* **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: [https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)


Event: OWASP Frankfurt Chapter #70 - OWASP meets Legal & Regulations

Group: Wrongsecrets

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #70! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* * **Rechtssicher durch den Cybervorfall:** We are excited to welcome **Olga Stepanova** and **Dirk Koch** \- both partners at ByteLaw \- who will guide you through the rough waters on how you can protect your company from the legal consequences of a cyber incident\. Experts explain current threats such as ransomware and business email compromise and provide practical tips on how to deal with perpetrators\, authorities and insurance companies in a legally secure manner\. * **Regulatory Affairs for Hackers:** It's not just since the GDPR that we've known what a resounding impact legal changes can have, but what else can we possibly expect when regulation gets really strict? **Leon Holub**, product owner of the Regulatory Radar platform at Johner Institute GmbH tries to give an insight into the world of legal requirements for medical devices, from a perspective of a software developer who has immersed himself in the details of the world's regulatory systems not too long ago. **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **26.02.2025** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 , located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


February 27, 2025

Event: Monthly Networking Social: Glo Golf Mini Golf

Group: Peterborough

Time: 19:00Z (Europe/London)

Description: **What & Where?** * Mini Golf @ Glo Golf Peterborough **When?** * \- Thursday 27th February Everybody welcome! For this event, please ensure you contact a host as pre-payment is required. Thank you, Ryan


March 03, 2025

Event: OWASP Houston Chapter In-person Meetup at Main Event Katy, TX

Group: Houston

Time: 18:30-06:00 (America/Chicago)

Description: This will be an informal meeting where people on the west side can get together for a little bit. No formal agenda but hopefully we can find volunteers who are willing to start leading events. If you would like to host something similar in your part of town, please add your recommendations in the comments. Main Event is family friendly, so you can combine the meeting with some family game time. 24401 Katy Freeway, Katy, TX 77494 https://www.mainevent.com/locations/texas/katy/


March 04, 2025

Event: AppSec Card Games

Group: Cleveland

Time: 16:00-05:00 (America/New_York)

Description: We're hosting another card game event! We'll be playing [Cornucopia](https://owasp.org/www-project-cornucopia/), a game about threat modeling. If you work with software and want to learn how cybersecurity pros make it safer, this game is for you. We'll set up two teams of six: **Team 1** will be threat modeling a mobile banking app, and **Team 2** a hot new social media app. We'll compare results between the two teams at the end. Space for Cornucopia is limited, but we're bringing more card games like: * [Cards Against AppSec](https://github.com/semgrep/cards-against-appsec) * [Spot the Secrets](https://labs.gitguardian.com/spot-the-secrets) * [Backdoors and Breaches](https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/)


March 06, 2025

Event: SCaLE 22x – the 22nd Annual Southern California Linux Expo

Group: Los Angeles

Time: 09:00-08:00 (America/Los_Angeles)

Description: ***SCaLE22x – the 22nd Annual Southern California Linux Expo***, will take place March 6-9, 2025 at the Pasadena Convention Center in Pasadena, CA. \*\*[Register Now](https://register.socallinuxexpo.org/reg6/)\*\* using code **OWASP** to receive a **50% discount off registration!** **SCaLE** is the largest community-run open-source and free software conference in North America. It is held annually in the greater Los Angeles area. Several **co-located Events**, including Cloud Native Days LA, DevOpsDay LA, PlanetNix, Beginner Linux Training, UbuCon will kickoff the conference on **Thursday**. **Expo** is open Friday - Sunday. **Talks and workshops** are Thursday - Sunday. [Solomon Hykes](https://www.socallinuxexpo.org/scale/22x/speakers/solomon-hykes), creator of Docker and co-founder of Dagger.io will deliver the opening keynote, "Robots building Robots", while [Leslie Lamport](https://www.socallinuxexpo.org/scale/22x/speakers/leslie-lamport), Turing Award winner and pioneer in the field of distributed computing will close the conference Sunday evening. In between, there are dozens of talks and workshops available spanning nine tracks: Security, Developer, FOSS @ HOME, Open Source AI, Cloud Native, Kernel & Low Level Systems, Systems & Infrastructure, Observability, and General. Don't miss this amazing opportunity to attend this conference and expand your knowledge or brush up on what you already know. \*\*[Register Now](https://register.socallinuxexpo.org/reg6/)\*\* using code **OWASP** to receive a **50% discount off registration!** /\*\* THIS IS A PAID CONFERENCE \*\*/ And finally **don't forget** to visit us at the OWASP Los Angeles booth!


Event: 2nd Annual 2025 OWASP Maine Secure Coding Tournament

Group: Maine

Time: 18:00-05:00 (America/New_York)

Description: Are you an appsec guru and pride yourself in secure coding? Are you a developer and know you write **THE MOST** secure code out of your peers? Well here is your chance to come out and prove it and win **$CASH!$** OWASP Maine partnered with Secure Code Warrior will be hosting the 2nd annual OWASP Maine Secure Coding Tournament! This will be an in-person meetup where we welcome all software developers and appsec professionals from entry-level to principal. Bring your laptop and your secure coding wits and compete against your peers to be crowned the most secure coder in the state of Maine for 2025! **Prizes will be as follows:** **1st Place** * Crowned most secure coder in the state of Maine * Pretty cool trophy (pics to come) * TBD VISA giftcard! **2nd Place** * Second place trophy * Some cool Secure Code Warrior Swag * TBD VISA giftcard! **3rd Place** * Third place trophy * Some slightly less cool swag * TBD VISA giftcard! For everyone else? You will gain new skills in secure coding, network with your peers, and also get free pizza and drinks! Participating in the tournament is not required, feel free to join us either way for networking and learning something new! **When:** Thursday March 6th 2025 6:00pm - 8:00pm est **Where:** IDEXX Laboratories 1 Idexx Dr. Westbrook, ME 04092 **Who:** Security and Development leadership and practitioners from Maine and all of northern New England **REQUIREMENTS:** **\*You must also register for the Secure Code Warrior tournament here: https://discover.securecodewarrior.com/2nd-Annual-OWASP-Maine-Secure-Coding-Tournament-Registration.html** **\*You must bring your own laptop/machine to participate** **\*You must be onsite and in person to participate** **OWASP Maine Linkedin Page:** [https://www.linkedin.com/company/owasp-maine/](https://www.linkedin.com/company/owasp-maine/)


Event: 2nd Annual 2025 OWASP Maine Secure Coding Tournament

Group: Portland Me

Time: 18:00-05:00 (America/New_York)

Description: Are you an appsec guru and pride yourself in secure coding? Are you a developer and know you write **THE MOST** secure code out of your peers? Well here is your chance to come out and prove it and win **$CASH!$** OWASP Maine partnered with Secure Code Warrior will be hosting the 2nd annual OWASP Maine Secure Coding Tournament! This will be an in-person meetup where we welcome all software developers and appsec professionals from entry-level to principal. Bring your laptop and your secure coding wits and compete against your peers to be crowned the most secure coder in the state of Maine for 2025! **Prizes will be as follows:** **1st Place** * Crowned most secure coder in the state of Maine * Pretty cool trophy (pics to come) * TBD VISA giftcard! **2nd Place** * Second place trophy * Some cool Secure Code Warrior Swag * TBD VISA giftcard! **3rd Place** * Third place trophy * Some slightly less cool swag * TBD VISA giftcard! For everyone else? You will gain new skills in secure coding, network with your peers, and also get free pizza and drinks! Participating in the tournament is not required, feel free to join us either way for networking and learning something new! **When:** Thursday March 6th 2025 6:00pm - 8:00pm est **Where:** IDEXX Laboratories 1 Idexx Dr. Westbrook, ME 04092 **Who:** Security and Development leadership and practitioners from Maine and all of northern New England **REQUIREMENTS:** **\*You must also register for the Secure Code Warrior tournament here: https://discover.securecodewarrior.com/2nd-Annual-OWASP-Maine-Secure-Coding-Tournament-Registration.html** **\*You must bring your own laptop/machine to participate** **\*You must be onsite and in person to participate** **OWASP Maine Linkedin Page:** [https://www.linkedin.com/company/owasp-maine/](https://www.linkedin.com/company/owasp-maine/)


March 11, 2025

Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+13:00 (Pacific/Auckland)

Description: We're picking up our regular Meetup schedule in 2025, starting in March. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We present an introductory talk about the OWASP Top 10 (2021 edition) with a new item each meeting. Our Top 10 topic for March 2025 will be **A06:2021 - Vulnerable and Outdated Components**. **Technical Topic Speaker:** Jagan Boda (Jay) **Talk Title:** TBC We're always looking for presenters and topics for future meetings - contact Austin ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be Austin talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.


Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+13:00 (Pacific/Auckland)

Description: This is the regular OWASP Auckland Meetup schedule. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We restarted our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting. Our Top 10 topic for November will be **A06:2021 - Vulnerable and Outdated Components**. **Technical Topic Speaker:** Jagan Boda (Jay) **Talk Title:** TBC We're always looking for presenters and topics for future meetings - contact Austin ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be Austin talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.


March 12, 2025

Event: AI is here for business users. What does that mean for AppSec?

Group: Nashville

Time: 17:00-05:00 (America/Chicago)

Description: Gone are the days where you needed to have a coding background in order to create apps, automate processes, or reduce the need for manual tasks. Now, emails and communications are sent quicker, code is written faster, and applications are built en masse. Business users are enabled and empowered in ways we never dreamed of even 12 months ago. Thanks to the injection of AI into essentially every business productivity tool, from email to business intelligence to application development, business users are able to get more done without needing IT or dev teams to get involved. However, as is often the case, productivity and ease can come at the expense of security if not controlled properly. As people are brought closer to technology through the use of Gen AI tools and Copilots, security teams are facing difficult decisions on whether to clamp down on the use of these tools, or staring down increased likelihoods of data leakage and exfiltration. For a long time, security has been seen as a business blocker, but the introduction of Gen AI is forcing a reset on organizations that presents an opportunity for security to act as a business enabler.


Event: Security Social Lunch Hours

Group: Seattle

Time: 12:00-07:00 (America/Los_Angeles)

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)


Event: March community call - OWASP SAMM

Group: Samm

Time: 15:30-04:00 (America/New_York)

Description: During our next community call we'll share project updates and, as always, we'll have time for Q&A. See you there!


March 13, 2025

Event: OWASP Italy @ Security Summit 2025

Group: Italy

Time: 09:00+01:00 (Europe/Rome)

Description: - - - ://. Anche quest'anno OWASP Italy è ospite del Security Summit Milano, con una sessione interamente dedicata all'Application Security. La sessione è rivolta a professionisti della sicurezza delle applicazioni, sviluppatori di software professionali, ingegneri della qualità del software, ricercatori e studenti di informatica. L'obiettivo della sessione è stimolare l'interesse per le pratiche di ingegneria del software applicativo e sicuro e per le nuove iniziative all'interno delle organizzazioni. All'interno della sessione, saranno ospitate 2 talk da 20 minuti ciascuna, per i quali è aperta la Call for Talks qui di seguito descritta. Gli argomenti speciali di interesse sono i seguenti: \- AppSec \- Intelligenza artificiale \(AI\) \- Sicurezza per applicazioni mobile\, cloud e serverless \- Blockchain e Internet of Things per usi legati alla sicurezza \- Penetration testing e attacchi a livello applicativo \- Threat modeling\, architettura delle applicazioni e dei sistemi \- DevSecOps \- Pianificazione e implementazione di un programma di sicurezza applicativa \- Creazione di un team e di una cultura dedicata alla sicurezza applicativa \(AppSec\) Incoraggiamo i professionisti della sicurezza delle applicazioni, gli sviluppatori di software professionali, gli ingegneri della qualità del software, i ricercatori e gli studenti di informatica a presentare proposte come opportunità per condividere le conoscenze e le lezioni apprese su argomenti rilevanti per la sicurezza delle applicazioni e del software con una precedente esperienza di presentazione alle conferenze sulla sicurezza. I candidati speaker possono inviare un abstract del loro intervento proposto tramite Easychair entro il 14 Febbraio 2025. Il link Easychair per l'invio è riportato di seguito. L'abstract deve essere in formato PDF e deve contenere le seguenti informazioni: \- Nome e cognome del relatore \- Istituzioni e ruoli ricoperti dal relatore \- Breve biografia del relatore \- Titolo del contributo \- Abstract della presentazione La presentazione non deve superare le 2 pagine complessive. Non sono previsti ulteriori requisiti di formattazione. La durata prevista degli interventi proposti è di 20 minuti. Le presentazioni saranno esaminate dal comitato di programma e le proposte di intervento più interessanti saranno selezionate per la conferenza. : 14 Febbraio 2025 : 21 Febbraio 2025 : 13 Marzo. : [https://lnkd.in/dzGHvz7Q](https://lnkd.in/dzGHvz7Q)


Event: OWASP Orlando - Application Security

Group: Orlando

Time: 18:00-04:00 (America/New_York)

Description: This is an In-Person OWASP Orlando Chapter Meeting Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **TBD** Topic: TBD Speaker 2: **TBD** Topic: TBD


Event: OWASP UY Meetup - Marzo

Group: Uruguay

Time: 18:00-03:00 (America/Montevideo)

Description: **¡OWASP UY te invita a su próximo Meetup!** **Diego Franggi:** Hands-On Dive into the OWASP Top 10 for LLMs *En esta sesión práctica exploraremos el OWASP Top 10 for LLMs, analizando las principales vulnerabilidades en modelos de lenguaje y cómo atacantes pueden explotarlas.* **Sebastián Passaro:** OWASP Top 10 para aplicaciones de LLM 2025 *Se recorrerá la versión 2025 del OWASP Top 10 para aplicaciones de LLM, recientemente traducida al español. Se analizará brevemente cada categoría con ejemplo de riesgo o vulnerabilidad, escenario de ataque y recomendaciones de remediación o mitigación.* **¿Cuándo?** Jueves 13/03, 18:00. **¿Dónde?** Qubika, José Agustín Iturriaga 3597. **¿Cómo participar?** Simplemente te registras al evento. Los cupos son limitados por capacidad del lugar. Si estás en lista de espera serás notificado cuando se liberen lugares. **¡Te esperamos!**


Event: OWASP Victoria | From Basics to Burp - Part 3: Navigating PortSwigger Academy

Group: Victoria

Time: 17:30-07:00 (America/Vancouver)

Description: The OWASP Victoria Chapter is pleased to partner with UVIC VikeSec to host the third iteration of a hands-on introduction to Burp Suite and the PortSwigger Web Security Academy. Wyatt Harvey and Sebastian Bethell will be presenting a workshop titled "From Basics to Burp - Part 3: Navigating PortSwigger Academy". The event will be held on March 13, 2025 from 5:30 PM to 8:20 PM at The University of Victoria in Room 116 of the Engineering and Computer Science building. The event will feature the workshop, an introduction to PortSwigger's Web Security Academy, and working through some of the introductory labs using Burp Suite, a comprehensive tool for performing security testing on web applications. PortSwigger's Web Security Academy is an online platform offering interactive learning materials and labs focused on web application security and instructions on how to identify and exploit a wide range of web application vulnerabilities. Don't miss out on this valuable opportunity to enhance your knowledge and develop hands-on skills in web application hacking. If you would like to attend, please click the RSVP button to reserve your spot as we have limited seats available. Bring your laptop with Burp Suite installed, your PortSwigger account ready, and join us for a hands-on evening of web application hacking and networking fun! Burp Suite Community can be installed from the following link: * https://portswigger.net/burp/communitydownload ‎ You can register your PortSwigger account at the following link: * https://portswigger.net/users/register ‎ Once you have Burp Suite installed and a PortSwigger account created, browse through Web Security Academy to get an idea of the content offered on the platform in preparation for the event: * https://portswigger.net/web-security We would also like to give a special thanks to UVIC VikeSec for helping facilitate this event.


March 14, 2025

Event: SnowFROC 2025

Group: Denver

Time: 08:00-06:00 (America/Denver)

Description: **SnowFROC 2025** March 14, 2025 (Pi Day) *Location:* The Cable Center at the University of Denver Doors open: 8:00 am *Registration and additional details*: www.snowfroc.com *Conference tickets:* $100 *Workshops:* $31.41 each (conference ticket required) *Key Note:* HD Moore (The Metasploit Project) *Notable speakers:* Tanya Janca (@SheHacksPurple), Jim Manico (@Manicode) Talks and workshop schedule on www.snowfroc.com A CTF from Security Journey will start March 10th and run until 3:00 pm MT on March 14th. You ***MUST*** register via EventBrite (link at www.snowfroc.com) to attend


Event: OWASP SAMM Monthly Community Call (Europe-Asia)

Group: Samm

Time: 09:00-04:00 (America/New_York)

Description: The SAMM Core team is happy to host a community call during a more friendly time for users in EU and Asia. This is not a replacement of the regular community call. We will share any project news and updates during the call. We also encourage bringing your SAMM questions and we are happy to discuss them.


March 17, 2025

Event: OWASP Monthly Meeting

Group: Jacksonville

Time: 18:30-04:00 (America/New_York)

Description: Monthly local meetup to discuss security related topics.


March 19, 2025

Event: Cyber Booked 2025

Group: Netherlands

Time: 17:00+01:00 (Europe/Amsterdam)

Description: n o! Cyber Books + Boekenweek = a match made in literary cyber heaven We are thrilled to announce the in collaboration with the esteemed Dutch Chapters of [ISACA NL Chapter](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) [ISC2](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) and the [Secure Software Alliance](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) (SSA). This event is unique in itself wherein it brings together the brightest minds in to explore cutting-edge books and ideas. After a huge success from last year , this year, we are more excited to bring to you several renowned authors who will share their , , in the cybersecurity field. : • [Ali Abdollahi](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – A Beginner’s Guide to Web Application Penetration Testing • [Brenno de Winter](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – De Validatiecrisis • [Geert Baudewijns](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – Onderhandelen in het duister • [Mark Butterhoff](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – Digital Security Leadership • [Ramses Sloeserwij MBA](https://www.linkedin.com/company/89220972/admin/page-posts/published/?share=true#) – Code Rood Dont miss out this unique opportunity to learn from industry experts and connect with like-minded peers in IT, GRC and CyberSecurity. Plus, you'll have the chance to engage directly with the authors after the presentations! : 19 March 2025 : 17:00 - 20:45 (3 CPE points) : Van der Valk Hotel Utrecht **Registration Link**: https://lnkd.in/eXGaQ6pv Looking forward to seeing you all there! Please note : It is important that you register for the event via the registration link above with your full name to attend and to get the relevant CPE points. Registering just via the Meetup page will not guarantee your admission.


Event: How to Utilize AI in Offensive Security—An Intro to Offensive AI Tooling

Group: Toronto

Time: 18:30-04:00 (America/Toronto)

Description: Want to learn how to effectively apply AI to offensive security at scale while getting real, practical results? Set sail with Dreadnode Staff Security Researcher and Founding Member of the OWASP Top 10 for LLM Applications, Ads Dawson, as he explores the various offensive AI tools that could change the game for today’s security teams. Join us for an interactive demo of AI red team tools, Burp Suite extensions, as well as tools that assist you in building and deploying your own offensive AI agents (see: `dyana`, `robopages`, `rigging`). Plus, get a live walkthrough of a challenge in `Crucible`, Dreadnode’s CTF environment where you can practice and learn to exploit vulnerabilities in AI systems—then try it yourself! Whether you're a seasoned AI red teamer or just getting started in offensive AI, Ads will share relevant resources and knowledge to help you navigate the inevitable shift to an AI native future. https://crucible.dreadnode.io/ https://github.com/dreadnode/dyana https://github.com/dreadnode/burpference https://github.com/dreadnode/robopages


March 20, 2025

Event: Reducing AppSec Risk with ASPM (Application Security Posture Managament)

Group: Atlanta

Time: 18:00-04:00 (America/New_York)

Description: In an era of increasingly sophisticated threat actors, application security has become a critical concern for most organizations. This talk, "Reducing Application Security Risk with ASPM (Application Security Posture Management)," will explore the emerging role of ASPM in fortifying application security and accelerating DevSecOps and cloud native adoption. Attendees will gain insights into the current state of application security and DevSecOps adoption trends: challenges and opportunities across people, process, and technology. This also includes the impact of AI. The talk will have a focus on ASPM and how it will help overcome some of the challenges and capitalize on the opportunities. We will delve into key ASPM features and how each of these use cases could be leveraged to solve common application security & DevSecOps adoption challenges and further mature your program. Through practical examples and case studies, the session will highlight best practices for implementing ASPM in large scale application development ecosystems to reduce application security risks. Whether you're a developer, security professional, manager or executive, this talk will equip you with actionable strategies to improve your application security posture and accelerate DevSecOps adoption.


Event: Peace, Love and Hacking: How to Bring Security & Development Teams Together

Group: Columbus

Time: 18:00-04:00 (America/New_York)

Description: FEEL A LITTLE! It is an unlikely duo to pair with cold-hard-tech, but empathy and creativity are cornerstones to a successful vulnerability remediation effort. Although I have sat in on countless talks about empathy in the tech sector, the one thing ALL these talks miss is the language barrier when it comes to dealing with tech-savvy teams. If you are in a foreign country and cannot speak the language, it's going to be difficult to communicate regardless of the compassion in your heart. My unique art-&-technology background allows me to not only empathize with the strife of development teams, but helps facilitate a thriving pipeline of communication between security, developers and other hackers. In this talk I will illuminate the perspective of a researcher participating in a bug bounty program, what to expect from researchers, and how to effectively escalate risks to development teams for remediation.


Event: OWASP Frankfurt Chapter & Women in CyberSecurity Meetup #71

Group: Frankfurt

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to joint **OWASP Frankfurt Chapter & Women in CyberSecurity** Meetup #71! Our OWASP Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. WiCyS aims to break down barriers and promote diversity in cybersecurity by empowering women and other underrepresented groups with resources for professional growth. Additionally, the organization is committed to creating a safer digital environment by supporting vulnerable individuals and advocating for inclusivity in the cybersecurity community. *What are we going to talk about?* * **AI and Machine Learning im Cybersecurity: Weapon, shield, or both?:** We are excited to welcome **Sara Rahimi**, Concierge Security Engineer at Arctic Wolf - who will explore the dual role that Artificial Intelligence and Machine Learning play in the Cybersecurity area as a powerful tool for attackers and offensive purposes, also for enhancing the defense mechanisms and detection aspects. * **Web 3.0 security: same fundamentals, higher stakes** - **Dr. Gulnara Hein**, CISO at Chintai, will dive into how Web3, while introducing decentralization and new security challenges like smart contract vulnerabilities and irreversible financial losses, essentially reflects the same fundamental risks as in traditional systems. By focusing on core security controls, we can effectively address these challenges without adding unnecessary complexity. **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. *When?* Our Meetup takes place on **20.03.2025** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at Arctic Wolf, located at 19th floor of Messeturm, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


Event: Cyber Peterborough Presents: Get into Cyber Security!

Group: Peterborough

Time: 17:30Z (Europe/London)

Description: Cyber Peterborough presents *Get Into Cyber Security*! An evening of focused discussion, interactive sessions and presentations on how to get into the field of cyber security. Technical or non-technical, this event will help you break down how to get into the cyber security field. Join us and meet other people interested in Cyber. **Where?** * TBC - specific details will be published closer to the date. **When?** * Thursday 20th March Please respond to this event to confirm numbers for the event ensuring each attendee is catered for. Thank you, Ryan


Event: Blocking with Confidence and TRACE: a tool for supply chain security

Group: Vancouver

Time: 18:00-07:00 (America/Vancouver)

Description: *We are doing a double header this month!* **Blocking with Confidence** with **Raphael Theberge** We know that security can be cumbersome for parts of an organization. How can we lower the existing friction white maintaining our high standards? Learn how Relativity approached this question and reduced developer burden without sacrificing our security posture. **Raphael** is Director of Security Enablement at Relativity, where he owns all of Application Security, Vulnerability Management, AI Security and secure M&As. Previously spent time at Salesforce, Demonware, Booking.com and otherwise travelling the world. **TRACE: Securing Supply Chain One Repository at a time** with **Vrushal Nedungadi** The talk will cover the motivation behind and the working of TRACE, a tool that helps detect anomalies in open source repositories that could result in vulnerabilities. This is an attempt to identify and minimize supply chain attacks and threats. **Vrushal** is a passionate software developer with a keen interest in security. **This event is sponsored by [Endor Labs](https://www.endorlabs.com/) and [Forward Security](https://forwardsecurity.com/).**


Event: OWASP Frankfurt Chapter & Women in CyberSecurity Meetup #71

Group: Wrongsecrets

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to joint **OWASP Frankfurt Chapter & Women in CyberSecurity** Meetup #71! Our OWASP Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. WiCyS aims to break down barriers and promote diversity in cybersecurity by empowering women and other underrepresented groups with resources for professional growth. Additionally, the organization is committed to creating a safer digital environment by supporting vulnerable individuals and advocating for inclusivity in the cybersecurity community. *What are we going to talk about?* * **AI and Machine Learning im Cybersecurity: Weapon, shield, or both?:** We are excited to welcome **Sara Rahimi**, Concierge Security Engineer at Arctic Wolf - who will explore the dual role that Artificial Intelligence and Machine Learning play in the Cybersecurity area as a powerful tool for attackers and offensive purposes, also for enhancing the defense mechanisms and detection aspects. * **Web 3.0 security: same fundamentals, higher stakes** - **Dr. Gulnara Hein**, CISO at Chintai, will dive into how Web3, while introducing decentralization and new security challenges like smart contract vulnerabilities and irreversible financial losses, essentially reflects the same fundamental risks as in traditional systems. By focusing on core security controls, we can effectively address these challenges without adding unnecessary complexity. **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. *When?* Our Meetup takes place on **20.03.2025** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at Arctic Wolf, located at 19th floor of Messeturm, Friedrich-Ebert-Anlage 49, 60308 Frankfurt am Main *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


March 21, 2025

Event: Who’s Engineering Your Socials? Let’s Talk About Social Engineering!

Group: Manchester

Time: 18:00Z (Europe/London)

Description: Hello & Welcome! In this session we'll be discussing social engineering with Holly Grace Williams! Due to a corporate policy from the venue sponsor, to get into the venue & up to the event, **you will need to register with your full name** when signing up to the event. Please note this event will be recorded so we can put these talks on our YouTube channel afterwards. **6:00 - Open doors & networking & drinks** **6:30 - First Speaker (to be announced)** **7:15 - Refreshments (Food & Drinks & Networking)** **8:00 - Holly Grace Williams - Breaking into Computers and Buildings For a Living.** Information Security these days has a strong focus on cyber security but you there's more to security than shouting at computers. In this talk Holly will cover how technical, social, and physical attacks can be combined to cause significant impact with low effort. This story covers how to break into buildings and hang out in other peoples offices in the name of c̷y̷b̷e̷r̷c̷r̷i̷m̷e̷ security testing. **9:00 - Vacate venue -> to the pub for more socialising** **LOCATION** \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- GM Digital Security Hub (DiSH) 47 Lloyd Street · Manchester M2 5LE **SPEAKERS** \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- **Holly Grace Williams** Holly Grace Williams is the Managing Director at Akimbo Core, a cybersecurity firm based in the UK. She has been working in cybersecurity since 2007, with a focus on penetration testing, training, and cybersecurity consultancy. Holly Grace is a CREST Fellow and has been a CREST Certified Application Tester since 2015. She has performed a significant number of penetration testing engagements for a wide range of companies from innovative start-ups to multinational corporations – in fields ranging from e-commerce to banking. Her expertise spans various areas of cybersecurity, such as web application security, infrastructure security, and cloud security. Holly is also an influential public speaker and media commentator, having appeared on platforms like Sky News and BBC, and she frequently speaks at cybersecurity conferences. **SPONSORS** (Thank you for supporting our community!!) \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- **DiSH** \- Venue Sponsor **Pen Test Partners** \- Food & Drink Sponsor \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- Are you passionate about a security topic? Do you want to speak at a future event? Submit your interest here - https://forms.gle/zcm9bVNhgDixe8Gq5 Does your company want to sponsor a venue and/or refreshments? Email Paul - [email protected]


Watch Star