Quick List (Details below)
-
Meetup OWASP - Paris - Octobre 2024 - France, Oct 07
-
OWASP Oct Meet - In person - Dallas, Oct 08
-
Special OWASP Stuttgart Chapter Stammtisch - Stuttgart, Oct 08
-
OWASP Boston Chapter Meeting - October 2024 - Boston, Oct 09
-
A segurança da Pipeline segundo a OWASP - Joao Pessoa, Oct 09
-
The 2024 California Technology Summit - Los Angeles, Oct 09
-
OWASP Seattle-Discussion: Alice and Bob Learn Application Security w/Tanya Janca - Seattle, Oct 09
-
Security Social Lunch Hours - Seattle, Oct 09
-
Securing Software Supply Chains and the role of AIBOMs - Toronto, Oct 09
-
October community call - OWASP SAMM - Samm, Oct 09
-
AppSec Summit BH 2024: Encontro Exclusivo de Application Security - Belo Horizonte, Oct 10
-
OWASP Frankfurt Chapter #68 - Special Edition with OWASP Founder - Frankfurt, Oct 10
-
Modelagem de Ameaça para além de sistemas: o fator humano - Joao Pessoa, Oct 10
-
OWASP Frankfurt Chapter #68 - Special Edition with OWASP Founder - Wrongsecrets, Oct 10
-
Extra OWASP SAMM community call Europe - Asia - Samm, Oct 11
-
Cybersecurity Approaches in Azerbaijan and Europe - Baku, Oct 12
-
OWASP DAY 01 2024 - Bolivia, Oct 12
-
Authenticate 2024 Conference (FIDO Alliance) - Los Angeles, Oct 14
-
Gamification of Threat modeling - Oslo, Oct 15
-
OWASPOttawa October 16th 2024: TunnelVision (CVE-2024-3661): A VPN bypass - Ottawa, Oct 16
-
OWASP Dorset Cyber Security Meetup, JP Morgan Collider event! - Dorset, Oct 17
-
October 2024 OWASP Chapter Netherlands Meetup - Netherlands, Oct 17
-
OWASP NYC: “Day 1 DevSecOps” | Building a Program and Your Credibility - New York City, Oct 17
-
The Problem with Shifting Left…and why context matters in modern development - Orange County, Oct 17
-
The 1st OWASP Riga Chapter Meetup [IN-PERSON] - Riga, Oct 17
-
Most Security Tools are expensive paperweights: How to get your money’s worth? - Vancouver, Oct 17
-
OWASP San Antonio Chapter Qtrly Meeting-Oct 18th 2024 (Friday) - San Antonio, Oct 18
-
Seattle Cyber Mixers | Fall Edition | Bellevue Marriot - Seattle, Oct 18
-
OWASP Monthly meeting - Jacksonville, Oct 21
-
Los Angeles Joint Cyber Mixer - Los Angeles, Oct 22
-
The Dark Side of Open Source Productivity with Endor Labs - Nashville, Oct 22
-
The State of Secure Code + Tournament - Atlanta, Oct 23
-
OWASP Bay Area October Meetup with Pacific Hackers - Bay Area, Oct 23
-
OWASP LA Monthly In-Person Meeting - OCT 23, 2024 - Los Angeles, Oct 23
-
OOOOOOWASP - Ghosts in the Machine: A Halloween Cybersecurity Spooktacular - Manchester, Oct 24
-
Authentication is easy - Suffolk, Oct 24
-
OWASP Aarhus Chapter Meeting - October - Aarhus, Oct 29
-
Cultivating Cybersecurity: Building and Sustaining a Security Champions Program - Cincinnati, Oct 30
-
OWASP Melbourn October 2024 Meetup - Melbourne, Oct 30
-
OWASP Toronto | Inference Servers: new technology, same old security flaws. - Toronto, Oct 30
-
OWASP Warwick Chapter - Warwick, Oct 30
-
Monthly Networking Social - Peterborough, Oct 31
October 07, 2024
Time: 19:00+02:00 (Europe/Paris)
Description: Ce meetup se deroulera chez **GitGuardian** que nous remercions chaleureusement de leur soutien.
OWASP Paris est le meetup dédié à la sécurité applicative. Pour rappel, le meetup se veut non commercial. Il réunit toutes personnes désireuses de concevoir et maintenir des logiciels plus sûrs. Si vous êtes intéressé par le sujet, que vous soyez débutant ou expert, n'hésitez pas à nous rejoindre pour partager vos expériences ou vos problématiques.
Ce meetup propose des sessions organisées en mode "forum ouvert". Les sujets sont proposés par les participants lors de la séance. Partages de connaissances, retour d'expériences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme!
**Lightning Talks:**
La soirée commence par de courtes présentations. Chacun peut s'il le veut proposer une présentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une démo ou un retour d'expérience, alors vous pouvez préparer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le présenter au début de la soirée. Si vous n'avez jamais fait de présentation avant, c'est l'occasion de commencer dans une ambiance sympa.
**Workshop:**
La soirée se poursuit avec des activités menées en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au début de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets préférés donnent lieu à des activités en groupes pendant un peu plus d'une heure. Des écrans seront disponibles
Le format se veut bienveillant. Pas besoin d'être expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'échange et le partage.
L'agenda et le compte-rendu des précédents meetups est accessible ici: https://owasp.org/www-chapter-france/
October 08, 2024
Time: 17:30-05:00 (America/Chicago)
Description: \*\*\*\*How to accelerate development while providing security guardrails for developers" \*\*\*\*\*
Cloud-native application development demands agility, speed, and robust security. As organizations multiply and scale their business initiatives, maintaining security across the entire software development lifecycle becomes critical. This session looks at the challenges in achieving comprehensive cloud-to-code visibility and identifying risks at the source - the code.
Time: 18:00+02:00 (Europe/Berlin)
Description: **OWASP and the Evolution of AppSec**
Jeff Williams is visiting Germany and has offered to visit the OWASP Stammtische. A great reason to hold a special Stammtisch outside of the regular schedule!
This is the most exciting time in the history of appsec. Not only are apps/APIs more complex, connected, and critical than ever before, we haven't made much progress against vulnerabilities, the attackers have ramped up their activity dramatically, and the governments of the world are scrambling to figure out what to do. It's a mess. In this talk, Jeff will share some stories and insights from over 25 years in appsec. We'll look at some of the bigger movements in appsec like "build security in", "devsecops", "shift left", "SBOMs", and "secure by design" and talk about why they have largely failed to change the trajectory of appsec. We'll also spend some time on the different technologies organizations use to automate appsec in development and operations. Jeff will share his thoughts about the market failures that make improvements in appsec so difficult and what we can do to fix them. This will be a highly interactive session, so bring your questions and ideas.
**Novatec Consulting** will host this Stammtisch at their venue – thank you very much, we truly appreciate your support in making this event possible!
Meetup participants can park in the underground garage. You will be able to validate your parking tickets to cover the parking fees.
**Agenda:**
* **6:00 PM**: Arrival
* **6:30 PM - 7:30 PM**: Talk
* **7:30 PM - approximately 9:00 PM**: Pizza, drinks, discussion, and networking
October 09, 2024
Time: 19:00-04:00 (America/New_York)
Description: This month we will be welcoming Audrey Long, Senior Security Software Engineer at Microsoft, to our meetup. Doors open at 6:30pm and the presentation starts at 7pm. Pizza and soda will be provided.
This talk will walk through threat modeling fundamentals with a fun Star Wars twist! Even what may seem the most impenetrable will always have a secret way in that can be exploited. Be it an error in code, an unaccounted-for perspective, or a convenient airshaft leading to the center of a giant, black, round spacecraft, a developer must be aware of potential weaknesses. Using threat models is like getting the blueprint to the Death Star. They allow you to plan for potential scenarios or ambush attacks from stormtroopers with impossibly bad aim. Understanding the possible risks ensures your entire team will make it back to the Millennium Falcon. In this talk, Audrey Long will walk you through understanding threats in a cloud system and how to protect yourself from the dark side.
Audrey Long is a highly qualified Senior Security Software Engineer at Microsoft, holding a Master of Science degree in Cybersecurity from Johns Hopkins University. Audrey is passionate about building secure solutions with customers and ensuring that security practices and considerations are built into products from the very beginning. Her expertise includes creating secure coding solutions, performing security risk assessments with threat modeling activities, evaluating security in architecture, and implementing security practices at the development level.
Time: 19:00-03:00 (America/Fortaleza)
Description: **MEETUP PRESENCIAL**
O Pipeline é o coração pulsante de muitas organizações modernas. Hoje estas novas tecnologias, permitem uma entrega de software mais rápida, flexível e diversa. No entanto, elas também remodelaram a superfície de ataque com uma infinidade de novas avenidas e oportunidades para os invasores e o professor Cleyber Silva, abordará os 10 riscos de segurança a se observar, quando implementamos estes processos.
Time: 09:00-07:00 (America/Los_Angeles)
Description: **OWASP LA** has organized an exceptional offer for our meetup membership to participate in ***2024 California Technology Summit*** on October 9th in Anaheim, CA. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals.
[Register](https://technologysummit.net/register.html) now using code **CTS24OWASP** for your **complimentary** pass! Check the full schedule at [2024 California Technology Summit Agenda](https://technologysummit.net/california.html#agenda)
**Conference Highlights:**
* **Opening Keynote: Robin Gordon**, Global Chief Data & Analytics Officer - MetLife
* Investing in AI & Cybersecurity - Moderated By: **David Hsiao**, Senior VP & CIO – BioMed Realty
* AI Driven Deepfake Hacks - **Lyndon Brown**, VP of Global Technology - Zo Skin Health, Inc.
* CIO Forum: Leveraging Today's Tools to Do More with Less - **David Williamson**, CIO - Abzena
* Panel Discussion: Accomplishing Strategic Objectives with Limited Resources – Panelists: **Mike Baron**, CIO – Electro Rent, & **Fred Donatucci**, Executive Leadership & Technology Consultant
* Specialty Theaters for IT Professionals including specific Security, Technology, & Executive Sessions
* CPE Credits
* Delicious Lunch Included
* Cocktail Reception
* Sponsor Giveaways
* Win a Trip for 2 to a Destination of Your Choice (value up to $1,500)
* Exhibit Hall with 30+ Sponsors
And finally **don't forget** to visit us at the OWASP Los Angeles booth!
Time: 17:00-07:00 (America/Los_Angeles)
Description: Join [Cherry Quick](https://www.linkedin.com/in/cherry-quick-884a8079/) and [Jessica Wilson](https://www.linkedin.com/in/jw27/) in conversation with acclaimed author [Tanya Janca](https://www.linkedin.com/in/tanya-janca/), on 9-Oct at 5pm PDT, to debrief about Tanya's well-loved book “Alice & Bob Learn Application Security” as a wrap-up to our summer book club
Time: 12:00-07:00 (America/Los_Angeles)
Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation.
Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one.
Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack)
[email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)
Time: 17:30-04:00 (America/Toronto)
Description: OWASP Toronto Chapter and [Leading Cyber Ladies Toronto ](https://www.meetup.com/cyber-ladies-toronto)are meeting on Oct 9 at the SAP Toronto Headquarters to hear[ Helen Oakley](https://www.linkedin.com/in/helen-oakley/) and [Dmitry Raidman](https://www.linkedin.com/in/draidman/) talk about the importance of strengthening supply chains and how AIBOMs are transforming AI security.
Much thanks to our event sponsors [SAP ](https://www.sap.com/)and [Tiebreaker AI](https://www.tiebreaker-ai.com/) for hosting us and providing pizza and soft drinks!
**AGENDA**
* 5:30 pm: Doors open
* 6:00 pm: Welcome from LCL & OWASP
* 6:15 pm: [Dmitry Raidman](https://www.linkedin.com/in/draidman/) presents "The Software Supply Chain: An Essential Pillar of Today's Digital Infrastructure"
* 7:00 pm: [Helen Oakley](https://www.linkedin.com/in/helen-oakley/) presents "Securing AI: How AIBOM Enables a Software Supply Chain Security"
* 8:30pm: End.
Time: 15:30-04:00 (America/New_York)
Description: During our next community call we share highlights from our last user day, including our latest benchmark findings. As always, we'll have time for Q&A
October 10, 2024
Time: 16:00-03:00 (America/Sao_Paulo)
Description: Caros membros da OWASP Belo Horizonte,
É com grande entusiasmo que convidamos você para participar do **1º AppSec Summit BH**, um evento pioneiro totalmente dedicado à comunidade de **Application Security** em nossa cidade!
**O que:** AppSec Summit BH
**Quando:** 10 de outubro de 2024
**Horário:** 16h às 21h30
**Onde:** LocalizaLabs
Este evento, realizado pela **Shield Security** com o apoio da **LocalizaLabs**, promete ser um marco para todos os profissionais e interessados em segurança de aplicações.
Como líder da OWASP BH, tenho o prazer de anunciar um benefício exclusivo para nossa comunidade: **inscrição GRATUITA para membros da OWASP!**
Para garantir sua vaga gratuita, utilize o link especial de inscrição: **[https://www.sympla.com.br/appsec-summit-bh__2663637?d=OWASP](https://www.sympla.com.br/appsec-summit-bh__2663637?d=OWASP)**
Não perca esta oportunidade única de:
* Networking com profissionais da área
* Aprendizado com palestras de especialistas
* Discussões sobre as últimas tendências em AppSec
* Troca de experiências com a comunidade local
Parceiros do evento incluem Security Compass, Veracode e Akamai, garantindo conteúdo de alta qualidade e relevância para o mercado.
**Vagas limitadas!** Faça sua inscrição o quanto antes e junte-se a nós neste evento imperdível.
Contamos com a sua presença para fortalecer ainda mais nossa comunidade de segurança de aplicações em Belo Horizonte!
#AppSecSummitBH #OWASPBH #ApplicationSecurity
Time: 18:00+02:00 (Europe/Berlin)
Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #68! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member.
**Special Event Announcement:** This time, we are hosting a special event featuring two distinguished speakers.
First, we'll hear from **[Jeff Williams](https://www.linkedin.com/in/planetlevel/)**, CTO of Contrast Security and one of the OWASP core founding members, who will deliver a thought leadership talk on **OWASP and the Evolution of AppSec**. He’ll discuss key movements like DevSecOps and Secure by Design, why they haven’t changed the AppSec trajectory, and the market challenges impeding progress. Expect an engaging, interactive session with insights from over 25 years in the field.
Following Jeff, we are thrilled to have **[Kevin Wennemuth](https://www.linkedin.com/in/feffi/)**, Head of Security at codecentric AG, join us. Kevin, a security specialist, hacker, blogger, and thinker, will be sharing his war stories at his talk "**Stories from the Dark Side**" where he explores the real-life challenges of a Red Teamer and the harsh truths of IT security.
**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.
*What are we going to talk about?* For this meeting, we're excited to have Jeff Williams and Kevin discuss the latest in application security. Additionally, we will provide updates from our recent OWASP projects, particularly those related to AI. Stay tuned for the announcement of another speaker who will be joining us!
*Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward.
*When?* Our Meetup takes place on **10.10.2024** from **18.00 to 22.00** o'clock CEST.
*Where?* The event will be held at codecentric AG, located at Lise-Meitner-Straße 4, 60486 Frankfurt am Main, Germany.
*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)
*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.
*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!
Time: 20:00-03:00 (America/Fortaleza)
Description: **MEETUP ONLINE**
Jonadabe Costa irá falar sobre a importância de considerar o comportamento humano como uma variável crítica na segurança da informação.
Além de focar nas vulnerabilidades técnicas dos sistemas, a apresentação destacará como as ações, decisões e interações humanas podem amplificar ou mitigar riscos.
Discutiremos os aspectos como engenharia social, falhas de comunicação, erros humanos e como a modelagem de ameaça deve englobar esses fatores para garantir uma abordagem de segurança mais abrangente e eficaz.
Este tema se conecta diretamente alguns dos TOP 10 da OWASP, especificamente o **A04:2021 - Insecure Design**, que aborda o Design Inseguro, que leva em consideração tanto a interface de uso quanto as interações humanas, **A07:2021 - Identification and Authentication Failures,** já que muitos dos problemas de autenticação derivam de senhas fracas, reutilização de credenciais ou práticas inadequadas de segurança por parte dos usuários, tudo relacionado a comportamentos humanos falhos e o **A09:2021 - Security Logging and Monitoring Failures,** uma vez que a falta de monitoramento adequado ou a má interpretação de logs frequentemente decorre de erros humanos.
Time: 18:00+02:00 (Europe/Berlin)
Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #68! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member.
**Special Event Announcement:** This time, we are hosting a special event featuring two distinguished speakers.
First, we'll hear from **[Jeff Williams](https://www.linkedin.com/in/planetlevel/)**, CTO of Contrast Security and one of the OWASP core founding members, who will deliver a thought leadership talk on **OWASP and the Evolution of AppSec**. He’ll discuss key movements like DevSecOps and Secure by Design, why they haven’t changed the AppSec trajectory, and the market challenges impeding progress. Expect an engaging, interactive session with insights from over 25 years in the field.
Following Jeff, we are thrilled to have **[Kevin Wennemuth](https://www.linkedin.com/in/feffi/)**, Head of Security at codecentric AG, join us. Kevin, a security specialist, hacker, blogger, and thinker, will be sharing his war stories at his talk "**Stories from the Dark Side**" where he explores the real-life challenges of a Red Teamer and the harsh truths of IT security.
**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.
*What are we going to talk about?* For this meeting, we're excited to have Jeff Williams and Kevin discuss the latest in application security. Additionally, we will provide updates from our recent OWASP projects, particularly those related to AI. Stay tuned for the announcement of another speaker who will be joining us!
*Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward.
*When?* Our Meetup takes place on **10.10.2024** from **18.00 to 22.00** o'clock CEST.
*Where?* The event will be held at codecentric AG, located at Lise-Meitner-Straße 4, 60486 Frankfurt am Main, Germany.
*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)
*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.
*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!
October 11, 2024
Time: 08:00-04:00 (America/New_York)
Description: The SAMM Core team is happy to host a community call on 11th October @ 14.00 CET. This is not a replacement of the regular community call, but an extra one we’ve scheduled during a more friendly time for users in EU and Asia. Bring your SAMM questions and we’ll discuss them! We'll also share highlights from our latest SAMM User Day and findings from our benchmark initiative.
October 12, 2024
Time: 15:00+04:00 (Asia/Baku)
Description: Join us for the OWASP Baku meetup to learn about the cybersecurity landscape in Azerbaijan vs. Europe. I'll share insights from my personal experience and discuss how cultural, regulatory, and technological differences impact application security and software development.
Time: 15:00-04:00 (America/La_Paz)
Description: ¡Sé parte tú también de la experiencia OWASP en Bolivia!
Participa como expositor: [Formulario de Registro](http://bit.ly/4eqiO5p)
Todos cordialmente invitados a participar del OWASP DAY 01 2024, evento virtual que se realizara el 12 de Octubre a las 15:00.
Las conferencias OWASP son una herramienta de comunicación e intercambio entre profesionales y entusiastas del área de ciberseguridad.
La plataforma comparte constantemente información actualizada sobre temas de seguridad, codificaci;on segura, herramientas, diferentes enfoques en la industria, y muchos otros temas interesantes.
Con el objetivo de permitir que todos accedan al conocimiento de la seguridad, OWASP es una vibrante comunidad a nivel global.
October 14, 2024
Time: 09:00-07:00 (America/Los_Angeles)
Description: **OWASP LA** has organized an exceptional offer for our meetup membership to participate in ***FIDO Alliance Authenticate 2024 Conference***, October 14 - 16, 2024 in Carlsbad, CA and Virtual. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals.
\*\*[Register Now ](https://events.authenticatecon.com/event/Authenticate2024/regProcessStep1)\*\*using code **OWASP15** to receive a **15% discount off registration!** Prices vary based on membership in FIDO Alliance and in-person vs remote.
Hosted by FIDO Alliance, **Authenticate** is the **only** conference dedicated to all aspects of user authentication – with a focus on the FIDO standards-based approach.
**Now in its fifth year**, *Authenticate* has become a ‘must attend’ cybersecurity event. This year's edition features **over 100 sessions** and **125 speakers** from around the world providing the latest innovations, expertise, and critical conversations for the digital identity industry – with a focus on passwordless authentication with passkeys.
2024 keynotes will be delivered by speakers with extensive experience bringing passwordless experiences to workforces and consumers alike from organizations including Amazon, FIDO Alliance, Google, Microsoft, Sony and Yubico. The conference features content on four stages broken into 11 content tracks to suit attendees’ knowledge base, interests and phase of implementation, along with an interactive expo hall to discover solutions providers, and networking events to connect with peers and subject matter experts.
The agenda features content tracks that collectively build upon one another – covering topics such as FIDO fundamentals, business cases, and in-depth case studies. Attendees can expect to gain the latest insights and how-to information on FIDO authentication and passwordless deployments.
Whether you are new to FIDO, in the midst of deployment or somewhere in between, Authenticate 2024 will have the right content – and community – for you, so **don't wait** \*\*[Register Now ](https://events.authenticatecon.com/event/Authenticate2024/regProcessStep1)\*\*
/\*\* THIS IS A PAID CONFERENCE \*\*/
And finally **don't forget** to visit us at the OWASP Los Angeles booth!
October 15, 2024
Time: 17:00+02:00 (Europe/Oslo)
Description: * **17:00-1730 - Food serving**
* **17:30-18:15 - Gamification of Threat Modeling for Machine Learning, Elias Brattli Sørensen**
* **18:15-19:00 - Let’s play OWASP Cornucopia! Johan Sydseter**
**Gamification of Threat Modeling for Machine Learning**
Artificial Intelligence (AI) has established itself as an important part of our lives, with machine learning spearheading the most notable innovations in the last two decades. Publications about prompt injection and similar attacks get a lot of attention. However, these are far from the only security issues with machine learning systems. We also have to think about challenges like poisoned data, recursive data pollution and all the personally identifiable information the models have memorized, as well as other inherent weaknesses with stochastic systems. Too much focus is directed towards operational security in the OPS part of of MLOps, while the shift-left idea of building systems "secure by design" during planning and development does not get enough emphasis. Threat modeling and risk analysis will likely play an important role in the future of machine learning security. I introduce Elevation of MLsec, which is an extension of Shostack's threat modeling card game Elevation of Privilege, and based on the risk framework published by the Berryville Institute of Machine Learning (BIML). In this talk, we will demystify how machine learning systems actually work and explore how the threat modeling game can help us engineer more secure machine learning systems.
**Let’s play OWASP Cornucopia!**
OWASP Cornucopia is a card game to assist software development teams identify security requirements in agile software development processes. It is language, platform, and technology agnostic.
In this session we will learn to play the game in a different way from what we usually do. Johan Sydseter, OWASP Cornucopia co-lead and game master will take you through a provocative scenario. Confronted with the grumpy old senior developer that refuses to shift-left due to too many hours working overtime on his incredible sophisticated pet projects, what will you do? Will you be able to teach him a lesson about why security is important, or will he be laughing all the way to his developer cave? Only true passionate application security engineers will succeed. Expect confetti, swags, (yes, you read right, swag, valued just below the corruption limit) and illegal bribes as you venture into the unknown of OWASP Cornucopia.
**Speakers**
**Elias Brattli Sørensen** is a software engineer & security champion at Kantega SSO, engineering digital identity standards for secure authentication to the Atlassian ecosystem while facilitating and promoting secure software development practices. M. Sc. in Computer Science at NTNU, researching usage of static analysis tools like Spotbugs to find vulnerabilities in OpenID Connect client implementations.
**Johan Sydseter** is co-leader for OWASP® Cornucopia and Co-creator of the OWASP® Cornucopia Mobile App Edition. The man with the long hair, not the long beard. Fresh meat in App Sec and OWASP but has 15 years' experience building and designing backend and frontend solutions as a designer, developer and architect. He has held several presentations on appsec at various international conferences, loves confetti and funny glasses.
**About OWASP and OWASP Chapter meetings**
OWASP is an online community that produces freely available articles, methods, documentation, tools, and technologies in IoT, system software, and web application security.
OWASP Chapters exist to build a community of application security professionals worldwide. Our Oslo OWASP Chapter's meetings are free and open to everyone to attend, so both members and non-members are always welcome. Local meetings include:
* Training to improve your skills
* Lectures that are relevant to your work
* Networking capabilities
October 16, 2024
Time: 18:00-04:00 (America/Toronto)
Description: **Welcome to our in-Person Meetup at the University of Ottawa**
In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 117
We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!
**YouTube Live Stream Link**: TBA
**6:00 PM EST** Arrival, setup, mingle, PIZZA!!!
**6:30 PM EST** Technical Talks
1. Introduction to OWASP Ottawa, Public Announcements.
2. **TunnelVision (CVE-2024-3661): A VPN bypass or a feature?**
**Abstract:**
CVE-2024-3661 introduces a novel attack vector capable of bypassing VPN protections and redirecting traffic outside the secure tunnel. This presentation will explore the technical details of "Tunnel Vision," an attack that exploits vulnerabilities in network routing protocols to compromise the integrity of VPN connections.
**Speakers:**
**Harsh Makwana, M.Eng**, is an Application Security Consultant at Software Secured with over 3 years of experience in penetration testing. An alumnus of the University of Ottawa, Harsh is a general technologist with a strong interest in the advancements of both cybersecurity and industrial robotics. Outside of work, he enjoys exploring photography and illustration as creative pursuits.
October 17, 2024
Time: 17:00+01:00 (Europe/London)
Description: Join us for our next event!
We will be having more cyber security talks at the local collider event hosted by JP Morgan in Bournemouth!
If you would like to attend and plan to drive, please email co-leader Mike warner with your name and car reg to allow access to the cark park:
[email protected]
Talks for the night to be confirmed!
Attendees will meet in the reception and be signed in for admission.
Time: 18:00+02:00 (Europe/Amsterdam)
Description: See [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter.
18:00 - 18:15 - **Reception of attendees**
18:15 - 19:00 - **Pizza**
19:00 - 19:15 - **Welcome and OWASP updates**
19:15 - 20:00 - **AI Security: Safeguarding Software from Code to Architecture** by **Feiyang Tang**
20.00 - 20:15 - **Break with drinks**
20:15 - 21:00 - **Securing GenAI Applications - a Point of View** by **Burc Yildirim**
**AI Security: Safeguarding Software from Code to Architecture**
*Abstract:*
AI is rapidly transforming software development, offering unprecedented capabilities but also introducing new security challenges. As organizations rush to adopt AI technologies, they often overlook critical security implications, potentially exposing themselves to novel threats and vulnerabilities.
In this talk, we’ll explore how to build secure AI-powered software, covering both coding practices and system design. We’ll dive into specific scenarios where AI can introduce security risks and discuss practical strategies to mitigate these issues in software development. We’ll also touch on privacy concerns when implementing AI solutions. Through real-world examples, you’ll gain actionable insights to enhance the security of your AI projects, from individual algorithms to complete systems.
*Bio:*
Feiyang Tang is a Technical Software Consultant at Software Improvement Group, specializing in code quality and security. He holds a Ph.D. in Software Privacy from Norway and a Master’s degree in Artificial Intelligence. With a background spanning academia and industry, Feiyang focuses on enhancing software development practices through the responsible integration of AI technologies. His work aims to bridge the gap between advanced AI capabilities and robust, secure software engineering principles.
**Securing GenAI Applications - a Point of View**
*Abstract:*
The POV discusses the importance of securing generative AI (GenAI) and the challenges associated with it. GenAI empowers organizations to unlock new opportunities, drive innovation, and deliver value in an increasingly digital and dynamic world. However, securing GenAI introduces new challenges that must be addressed, including adversarial risks across the AI pipeline, data privacy and security concerns, and the need for a unified approach to security. The POV highlights the importance of understanding the risks associated with input, training, and output data, as well as the need for data provenance, transparency, and accountability. Further to this, it looks into the risks posed by use of GenAI, the importance of security in a GenAI strategy, and how we need to go about mitigating risks in practice; factoring in the different GenAI consumption models and the impact these will have on Security Management.
The POV concludes by highlighting the importance of understanding GenAI’s risks and challenges and taking a proactive approach to securing it.
*Bio:*
Burç Yıldırım is a seasoned Cyber Risk Services professional with over 20 years of experience in the security industry, specializing in offensive security. He provides cyber strategy, resiliency, and privacy consultancy to governmental institutions, finance, telecommunication, and energy companies, aligning cybersecurity solutions with business needs.
Combining deep technical expertise with management experience, Burç has a unique ability to fully understand both the technical and business challenges organizations face. This skill set enables him to manage complex teams and projects effectively. Throughout his career, he has built and led high-performing teams at Deloitte Turkey, Deloitte Netherlands, and IBM.
With a strong background in both offensive and defensive security, Burç is dedicated to helping organizations enhance their cybersecurity posture in an ever-evolving digital landscape.
Time: 17:30-04:00 (America/New_York)
Description: An OWASP NYC Chapter Meetup - On-Site
Thursday, October 17th, 2024.
WestCap
Location: 40 10th Avenue, New York,
NY 10014 (Entrance on 13°" Street)
Speaker Alex Olea, DevSecOps Engineer at Starburst
Day 1 DevSecOps \| Building a Program and Your Credibility
Starting a DevSecOps function is an exciting opportunity to not just run a program, but build one. But whether you’re at a large enterprise or a startup, Day 1 is never total greenfield. Even if the organization doesn’t have serious technical and security debt, you’re still going to run into stuff that was spun up and abandoned or tools that aren’t what you might have chosen. So how do you get started?
In this session, Alex will share his experiences with building DevSecOps programs at startups, including:
* What is DevSecOps?
* Building trust with developers
* Improving developer productivity and measuring success
* Redefining an AppSec program case study: replacing an SCA tool
Time: 18:00-07:00 (America/Los_Angeles)
Description: **NOTE: The following will be in effect and mandatory for this meeting venue.**
* **RSVPs will close at 11:59 PM PT on Monday, October 14th, so kindly submit your RSVP by then. Walk-ins will not be permitted.**
* **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.**
* If your first and last name do not appear in our admin view, we will contact you.
* Alternatively, feel free to reach out directly or email us at
[email protected] to provide that information.
**Parking**
Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage.
**Live Stream**
Stream us live on Twitch: http://twitch.tv/owaspoc
*Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.*
**Abstract**
In the 1980s, a famous study by IBM formed the basis for modern ideas around shifting security further to the left. Join Oligo for this talk where we'll dig into why it made sense then and explore whether this still rings true today in the modern world of DevOps, Agile methodologies, and cloud-native applications.
Time: 17:00+03:00 (Europe/Riga)
Description: **This event is kindly hosted by [KPMG Latvia](https://kpmg.com/lv/en/home.html). There is limited seating available for in-person attendees. Registration required.**
**This event will be [live-streamed](https://www.youtube.com/@OWASPRiga) on YouTube.**
**Recordings will be available on the OWASP Riga YouTube channel.**
**Venue Location**: KPMG Latvia Office, Roberta Hirša iela 1, Vidzemes priekšpilsēta, Rīga, LV-1045
**Doors Open at 17.00** for registration, drinks and networking. The talks start at 17.30 (we start on time!).
**TALKS**
**OWASP Introduction, Welcome and News** - [Andrey Gubarev](https://www.linkedin.com/in/andreygubarev/), [Jurijs Rapoports](https://www.linkedin.com/in/jurijs-rapoports-1261bb54/) \- OWASP Riga Chapter Leaders
**Supply Chains: Attacks and Security** - [Andrey Adamovich](https://www.linkedin.com/in/andreyadamovich/)
In this talk, we explore some well-known and lesser-known attack vectors for software delivery pipelines and supply chains (log4shell, SolarWinds, browseraluod, leftPad, and others).
Our digital world relies heavily on software, and there are various ways this software can be compromised, affecting everything from individual apps on our phones to the global networks that keep our societies running.
**OWASP Top 10 for Large Language Models -** [Stefano Amorelli](https://www.linkedin.com/in/stefanoamorelli/)
Everyone talks about AI; let’s focus on how to break it.
In this session we'll uncovers the new OWASP Top 10 vulnerabilities specific to large language models, detailing critical security issues like prompt injection and data poisoning.
We'll delve into practical insights and examples for professionals to better understand the modern security landscape of LLMs.
**SPEAKERS**
**Andrey Adamovich**
Andrey is a software craftsman and CTO with a focus on IT strategy, platform engineering, and security. He helps organizations build scalable and secure technology platforms that improve software delivery. With expertise in DevOps, automation, and cloud technologies, Andrey creates systems that support agile teams and drive efficiency.
As an educator, Andrey has delivered over 300 courses across Europe, helping teams master software development, automation, and security practices. He is also a regular speaker at international conferences, sharing his insights on modern software development.
**Stefano Amorelli**
Founding OWASP Lead of the Tallinn chapter, the first in Estonia, and contributor of OWASP Top 10 for LLMs. Stefano currently works as Staff Software Engineer for a leading FinTech unicorn.
**TICKETS**
OWASP meetups are **free** and open to **anyone** interested in application security. *Please note that you MUST book your place to be admitted to the event by the building security.*
**CODE OF CONDUCT**
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously.
OWASP Code Of Conduct: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)
Time: 18:00-07:00 (America/Vancouver)
Description: **Most Security Tools are expensive paperweights: How to get your money’s worth?** with Jeevan Singh
Many organizations invest heavily in security tools that end up being costly and not useful. In this talk, we’ll explore why most security tools fail to deliver on their promises, focusing on issues like misalignment with real needs, poor integration, and ineffective utilization.We’ll dissect common pitfalls that lead to wasted resources and reduced security effectiveness, using real-world examples to illustrate these failures. You’ll learn why your current tools might not be working as expected and how to address these challenges.Finally, we’ll provide practical strategies to optimize your security tools, ensuring they integrate well into your existing systems and deliver tangible value. Discover how to turn these investments into powerful components of your security strategy.
October 18, 2024
Time: 11:00-05:00 (America/Chicago)
Description: **Container Security-A discussion**
**Details**
Topics- See abstracts below
* Containers 101- Optiv
* Security challenges and opportunities in containerization- Palo Alto
* From Reactive to Effective: Building Application Security that Works-Mend IO
* ***Protecting AI: The ultimate Game of Cat and Mouse Panel***-Brandon Pinson-Moderator: **Eddie Contreras**, Jonathan Brown, , Joseph Gregorio.
**Lunch Provided**
Scuzzi’s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257
ZOOM link provided for remote attendees
**https://optiv.zoom.us/j/93311548515?pwd=8LlhRjVy4bmPCXRheXtLMe4EQ9KAJ2.1&from=addon**
We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!
Please feel free to pass this information on to your peers and team members.+
Please reply **“ONSITE”** if you plan on attending in person so we can finalize headcount for food and room attendance
Social Hour after
**Presentations will include:**
***I. Containers 101-Optiv***
Container Security Best Practices and Tooling-Optiv
***II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto***
This presentation explores the security challenges and opportunities in containerization, emphasizing a defense-in-depth approach. We begin by discussing the widespread adoption of containers and the emerging trends driving innovation, such as serverless computing and hybrid/multi-cloud environments. We then examine key security concerns, including container sprawl, misconfigurations, and supply chain vulnerabilities. A defense-in-depth strategy, starting with shifting security left during development, followed by securing images at rest and implementing runtime protection, ensures comprehensive container security. By integrating cloud workload protection platforms (CWPP) with broader CNAPP strategies, organizations can safeguard containers throughout their entire lifecycle, from code to production
***III. From Reactive to Effective: Building Application Security that Works-Mend IO***
In 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -– while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how?
The key is to move from a compliance-based approach to managing application risk.
Time: 18:00-07:00 (America/Los_Angeles)
Description: **The Seattle Cyber Mixers fall event is here!** Bigger, better and even more fun, brought to you by the leading local security non-profit organizations and sponsored by Seattle HDI, TEKSystems, Nortal, Amatas and Cyberjutsu. The Seattle Cyber Mixers are designed to offer more informal connection opportunities for the cybersecurity community of the Greater Seattle area.
This is a casual, low-key gathering where local security professionals can connect and unwind in an informal low-pressure setting. As the first of many, we plan to host these mixers at various locations, rotating based on your feedback. Our aim is to cultivate a regular cadence, potentially monthly or bimonthly, evolving with the community's interest.
Any questions or suggestions, message the [OWASP Seattle Chapter](https://www.linkedin.com/company/owasp-seattle-chapter/) or contact [Eva Benn](https://www.linkedin.com/in/evabenn/).
October 21, 2024
Time: 18:45-04:00 (America/New_York)
Description: OWASP topic TBA
October 22, 2024
Time: 18:00-07:00 (America/Los_Angeles)
Description: Join us for our 4th mixer with participating cybersecurity communities in Southern California, enjoy beautiful weather, amazing sunset, great conversations, network with your peers, make new friends!
You **don't** have to be a member of any group to participate. Mark your calendars; see you there!!
**VENDOR Opportunities Available**
*Vendors interested in attending please send an email to
[email protected]*
**CODE OF CONDUCT**
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)
#CSA #ISSALA #OWASPLA #CyberJutsu #ISC2LA #Cybersecurity #SafeNetworking #BuildingCommunity #Murphie #BallastPoint
Time: 17:00-05:00 (America/Chicago)
Description: Join us to meet [Jamie Scott from Endor Labs ](https://www.linkedin.com/in/james-m-scott-iii/)as we talk about The Dark Side of Open Source Productivity. We'll learn how to think through all the potential risk you inherit when using open source software and how to handle upgrade anxiety, whether that comes from breaking changes or from the unknown of the software supply chain.
October 23, 2024
Time: 18:00-04:00 (America/New_York)
Description: This presentation delves into the current state of secure coding practices, focusing on technical aspects and the challenges faced by developers and security professionals. We will highlight prevalent issues such as the increasing complexity of software systems, the evolving nature of cyber threats, and the persistent gap between development and security teams. Emphasizing the importance of integrating security into the software development lifecycle, the discussion covers best practices, common vulnerabilities, and the need for continuous education and collaboration to build a robust approach to secure coding across the industry.
The presentation will be followed by a Secure Coding Tournament for any interested members.
Time: 17:30-07:00 (America/Los_Angeles)
Description: We're excited to announce our upcoming October meetup in conjunction with **Pacific Hackers**, which will be hosted by the awesome **Backslash** team at **Hacker Dojo in Sunnyvale**. Get ready for insightful discussions and the chance to network with some of the brightest minds in the industry.
**Agenda:**
5:30 - 6:00: Doors open, networking and food
6:00 - 6:45: Panel discussion: **AppSec vs AppSec: Compliance-Driven Security vs. Real World Risk-Focused Innovation**
6:45 - 7:30: **From Flat 2D to Full-Dimensional 3D: The Journey of AppSec**
7:30-8:00: **Payment Page Security & Compliance 101**
**Panel Discussion:** In today’s rapidly evolving digital landscape, application security (AppSec) professionals are often torn between meeting compliance requirements and implementing security practices that genuinely reduce risk and foster innovation. This panel will explore the tension between two competing approaches: compliance-oriented AppSec, which focuses on ticking regulatory boxes, and real-world AppSec, which prioritizes proactive risk management and innovation to address dynamic threats.
Through lively discussion and real-world case studies, experts from diverse backgrounds will examine the impact of compliance-heavy frameworks on security outcomes. Does compliance help or hinder organizations in effectively mitigating risk? How can security teams balance the need to meet regulatory demands while adopting cutting-edge practices that drive meaningful security improvements? Join us to gain insight into how organizations can navigate these two competing forces, ensuring that both security and innovation thrive in the evolving threat landscape.
Moderator: Trupti Shiralkar
Panelists: Kunal Bhattacharya , Sara A, Prashant KV
**Talk1: From Flat 2D to Full-Dimensional 3D: The Journey of AppSec**
Remember when AppSec was all about flagging everything? Back in the 90s, it was like looking at security in 2D—find a vulnerability, flag it, and move on. But as applications grew more complex and moved to the cloud, this “flag everything” mindset became more of a hassle than a help. Modern apps are built differently, and with AI now writing code, there’s more of it than ever before—bringing new vulnerabilities along for the ride.
Today, we need a 3D approach to AppSec. It’s no longer just about spotting issues but understanding their context, reachability, and real impact. Modern architecture, cloud environments, open-source software (OSS), and the rise of AI-generated code have changed the game. We need smarter tools to handle this complexity. In this talk, we’ll explore how AppSec has evolved from its humble beginnings to a dynamic, AI-aware discipline and the implications for security teams.
**About the speaker:**
With a deep background in cybersecurity and cloud security, Eric Gold serves as Head AppSec Evangelist at Backslash Security. He played a pivotal role in building the evangelism efforts at Orca Security and Aqua Security. Eric has also advised startups like Panoply.io and ScyllaDB, and held executive sales roles at Couchbase, Aerospike, and DeviceScape.He began his career at Oracle and Sun Microsystems and holds a B.S. in Information and Decision Systems from Carnegie Mellon University.
Talk2: **Payment Page Security & Compliance 101**
**Abstract:** PCI DSS 4.0.1 has introduced new requirements—6.4.3 and 11.6.1—to address concerns about card skimming activities on payment pages. This has become a hot topic, with experts debating the best approach to tackle these issues. In this talk, I'll guide you through all the technical approaches you can use to address these requirements. We'll explore the pros and cons of each method.
**Speaker:** Sukesh is the Co-founder of Domdog.io. He specializes in data security and privacy for web pages. Prior to Domdog, most of his work focused on web application security research and building tools in this space.
Time: 17:30-07:00 (America/Los_Angeles)
Description: We're looking for a location to host our meeting - if your company is willing to host, or you know someone who does, please let us know!!
**TOPIC**: TBA
Join us for great networking, dinner and drinks, and see a presentation by TBA
**ABSTRACT**: TBA
**SPONSORSHIP Opportunities Available**
*Vendors interested in sponsoring please send an email to
[email protected]*
**CODE OF CONDUCT**
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)
**SPONSORSHIP Opportunities Available**
*Vendors interested in sponsoring please send an email to
[email protected]*
October 24, 2024
Time: 18:00+01:00 (Europe/London)
Description: Hello & Welcome
In this spooky session we'll be discussing AI & it's impact on the different aspects of cyber security.
As it's so close to Halloween, costumes are encouraged, but not required
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
Due to a corporate policy from the venue sponsor, to get into the venue & up to the event, you will need to register with your full name when signing up to the event AND show photo ID when checking in to the event on the night.
Please note this event will be recorded so we can put these talks on our YouTube channel afterwards. We will also be trying out our live streaming capabilities.
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
**6:00 - Open doors & networking & drinks**
**6:30 - Alsa Tibbit - Digital Fossils: Bones of APTs**
This talk takes the audience on a captivating journey through the speaker’s explorations in cybersecurity research. It highlights how a blend of critical thinking and Explainable Artificial Intelligence (XAI) has paved the way for an innovative approach to addressing complex cyber threats. Focusing on Advanced Persistent Threats (APTs) as a prime example, the speaker illustrates how a solution-driven mindset, enhanced by XAI, has led to groundbreaking cybersecurity advancements. This novel methodology garnered substantial support from Sheffield Hallam University and La Trobe University in Australia, creating new avenues to detect and counter cyber threats.
**7:15 - Refreshments (Food & Drinks & Networking)**
**8:00 - Leum Dunn -** **AI AIEEEE (the revenge - re-deux)**
A fusion of mischievous ideas, distilled from presentations at B-Sides Leeds and Lancs, exploring the playful and slightly chaotic potential of AI tools. Buckle up, it’s going to be a wild ride!
**9:00 - Vacate venue -> to the pub for more socialising**
**LOCATION**
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
Booking.com
6 Goods Yard Street Manchester
M3 3BG
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
**SPEAKERS**
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
**Alsa Tibbit**
As a seasoned cybersecurity professional with extensive experience in academia and industry, Alsa has excelled in teaching, research, and leadership. Her notable accomplishments include authoring a £100k technical proposal and leading an Innovate project focused on machine learning, malware analysis, and data mining. In 2023, she was involved in a research project for DSIT addressing the cybersecurity skills gap in the UK, further underscoring her dedication to advancing the field.
Alsa is currently involved in two key projects: one focusing on Advanced Persistent Threats (APTs) and Explainable Artificial Intelligence (XAI), and another tackling ARM architecture and Java vulnerability research. These endeavours highlight her commitment to personal and professional development as she continues contributing to the ever-evolving cybersecurity world.
**Leum Dunn** *has been lurking in the shadows of the tech world for over 20 years, with the last decade spent fortifying defenses in the cybersecurity realm. His expertise shines brightest in the betting and gaming industry, though he’s also dabbled in critical national infrastructure and print manufacturing, just for fun. When he’s not safeguarding digital kingdoms, Leum can be found playing bass guitar (badly, by his own admission) or immersing himself in gothic rock and jazz noir. His talk today is a fusion of mischievous ideas, distilled from presentations at B-Sides Leeds and Lancs, exploring the playful and slightly chaotic potential of AI tools. Buckle up, it’s going to be a wild ride!*
*Yes, I asked ChatGPT to write that. No, I'm not ashamed. I'm not even going to correct the spelling!*
**SPONSORS** (Thank you for supporting our community!!)
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
**Booking.com** \- Venue Sponsor AND Food & Drink Sponsor
\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-
Are you passionate about a security topic?
Do you want to speak at a future event?
Submit your interest here - https://forms.gle/zcm9bVNhgDixe8Gq5
Does your company want to sponsor a venue and/or refreshments?
Email Paul -
[email protected]
Time: 19:00+01:00 (Europe/London)
Description: **The talk:** Authentication might seem simple, but implementing it securely comes with several challenges that developers need to address. In this talk I'll highlight the key pitfalls to watch out for and discuss good practices for building a secure authentication system. We'll focus on best practices, you’ll gain insights into how to avoid common mistakes and build a more robust and secure authentication process.
**Speaker:** Wojciech is a software engineer with over 10 years of experience, specialising in defending applications against security threats. His focus on application security (AppSec) has led him to develop and implement secure coding practices that safeguard systems from vulnerabilities. He is passionate about building resilient software, ensuring that security is integrated into every stage of development.
Agenda:
* OWASP Suffolk updates
* Authentication is easy talk
* Q&A
October 29, 2024
Time: 19:00+01:00 (Europe/Copenhagen)
Description: More info coming but reach out if you would like to be a host or do a presentation
October 30, 2024
Time: 16:00-04:00 (America/New_York)
Description: **This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center. For security, RSVP by 2 days prior to the meeting is required.**
**Sponsored by [Traceable](https://www.traceable.ai/)**
In an era where cyber threats are rapidly evolving and increasingly targeting application vulnerabilities, organizations face significant challenges in maintaining robust security practices. Traditional security models often lead to bottlenecks, stifling the agility needed in today's fast-paced development environments. This talk introduces the **Security Champions program**—a strategic initiative that empowers development teams to take ownership of security responsibilities, fostering a culture of proactive security throughout the software development lifecycle.
We will explore the essential components of a successful Security Champions program, including its definition, the critical role of Security Champions within development teams, and the importance of cultivating a supportive culture grounded in principles of a "just culture." Attendees will learn practical strategies for building, maintaining, and scaling their own Security Champions programs, ensuring that security becomes an integral part of their organizational fabric.
Join us to discover how implementing a Security Champions program not only enhances security posture but also drives collaboration and innovation, ultimately safeguarding your organization against emerging threats.
**Approximate schedule:**
4:00 - Doors open. Come for networking and refreshments!
4:15 - Presentation begins.
5:15 - Networking and refreshments resume!
6:00 EOE (End of Event)
Time: 18:00+11:00 (Australia/Melbourne)
Description: G'day all,
It was great to see new faces last month. Thank you to those that attended.
In our last meetup, attendees voted for [YOI Indonesian Fusion](https://yoirestaurant.com.au/) as our location for next month. On 30th October 2024 6PM, there we shall meet.
*There's NO BOOKING. If you're the first to arrive, please grab a table for the group and post a picture of the table's location in the comments of this meetup event. We'll use it to locate each other. (If you don't see a post, you're lucky first. Please grab us a table and post a pic. )*
**Please remember to update your RSVP if you can no longer attend.** Even if it's just 30 minutes prior. It'll help whomever that arrives first know how big a table to get.
We're looking forward to the discussions we had once again.
See you there.
More details on the format, and what to expect below:
**The Practitioner's Roundtable**
It's a monthly meetup, for AppSec/ProdSec practitioners to participate discussing AppSec/ProdSec topics and share knowledge. There's no speakers, or sponsors; just a facilitator, with the expectation that you'll join the conversations. Broadly, the idea is that you're swinging by after work, for a regular catch-up with our peers over dinner (with F&B at your own cost) with a known format.
\-\-\-
**So, what's happening?**
The format:
1. At 6pm all attendees arrive, and order (and pay for) their own meals - we'll do the rest while waiting for the meals to arrive and as we eat.
2. All attendees write down on a card 1-2 AppSec/ProdSec related topics they'd like to discuss.
3. We'll all each cast 3 votes on the cards we'd like to discuss.
4. We'll sort the cards, and discuss the topics with the top 3-4 highest votes. Starting with the topic with the highest votes.
5. After 5(?) minutes, we all decide if we'd like to continue or move on to the next topic.
6. If we continue, after 15(?) minutes, we all move on to the next topic of discussion.
7. At 7pm, we wrap up and officially end. Before everyone leaves, we vote on the next restaurant that we'll meet at.
This is[ inspired by Lean Coffee](https://agilecoffee.com/leancoffee/), and intended for participants to be collaborators in the conversation focused on AppSec & ProdSec topics. You are expected to participate in the AppSec/ProdSec conversations constructively if you attend. This isn't the right place for BizDev focused conversations.
For the location selection, here are the considerations we work with:
1. It must be within 1 "city block" of the Melbourne Free Tram Zone.
2. The typical price for a whole meal (without alcohol) should be under $50 per person.
3. It must allow individual orders - you'd be ordering and paying for your own meal.
4. It will need to have seating space for the group to say, just walk-in to the restaurant ( this may change if it grows beyond 10 regular attendees ).
5. It must be quiet enough for us to have meaningful conversations.
6. It must not be a restaurant we've been to in the past 6 months. (Just to keep things fresh )
Also, although we use the word “restaurant” this is used broadly to mean food establishment - if we’re all keen on hitting up a decent kebab place, that works. As a courtesy to the venue, there's an expectation that you'd order something there.
Time: 18:30-04:00 (America/Toronto)
Description: \*\* The event is hosted at 111 Peter St Suite 804, Toronto, ON M5V 2H1 \*\*
**TALK**
**\-\-\-\-\-\-\-\-\-\-\-**
**Inference Servers: new technology, same old security flaws.**
**Summary:**
AI and LLM based applications are taking the industry by storm. While a lot time is spent on evaluating prompt injection, there is an entire ecosystem of applications that allow models to be run and used. These applications have their own important security considerations that you may not be aware of.
Inference Servers are used to host machine learning models and expose APIs that allow other components to perform inference on those models. These servers often expose additional APIs that allow users to load new models. Often, this can be abused to perform remote code execution. While this technology is new, the baseline security configurations for many of these products are a relic from the past.
In this talk we’ll learn about what an inference server is, how they work, and how you can achieve remote code execution in them. This talk is mainly focused on the practical security risks involved in this ecosystem. Finally, I will share details about a couple of CVEs related to TorchServe
**Presenters:**
Pratik Amin has been an Application Security practitioner for over 15 years. He currently works as a Principal Security Consultant at Kroll (previously Security Compass Advisory). In this role, he spends most of his time performing AppSec pentests and digging into interesting technology.
Time: 18:30Z (Europe/London)
Description: OWASP Warwick is back for the 2nd event this year. Please come and join us for some good talks and free food !!!
#### TALKS
#1: **Breaking and Defending LLMs: security of state-of-the-art AI systems** \- Lukasz Bartoszcze \(University of Warwick\, Cyber Security Research Group\)
#2: **Come to me** \- Neil Lines \(NCC\)
October 31, 2024
Time: 19:00Z (Europe/London)
Description: Thirsty Thursdays.
Same time. Same day each month. Differing places. Good chat.
**What?**
* Casual conversation over food & drinks
**Where?**
* It may differ each month, bars, restaurant and eateries around Peterborough
**When?**
* \~ The last Thursday of each month
Everybody welcome, the next event details will be chosen from the last (and so on!).