OWASP Community Meetings

Quick List (Details below)

December 04, 2023

Event: End of year celebration!

Group: Brisbane

Time: 6:00+10:00 (Australia/Brisbane)

Description: Join us in celebrating yet another end to an amazing year. This meetup will be different from the rest, no presentations this time around, rather a catch up with all you hackers, security experts and enthusiasts alike. Nothing but drinks, food, chats (about sweet hacks you’ve done or things you’ve heard about if you’re down) and hangz. Hope to see you there!

Event: Meetup OWASP - Paris - Decembre 2023

Group: France

Time: 9:00+01:00 (Europe/Paris)

Description: Le prochain meetup aura lieu en physique. Nous serons accueilli par notre sponsor **Alan** que nous remercions chaleureusement de leur soutien. OWASP Paris est le meetup dédié à la sécurité applicative. Pour rappel, le meetup se veut non commercial. Il réunit toutes personnes désireuses de concevoir et maintenir des logiciels plus sûrs. Si vous êtes intéressé par le sujet, que vous soyez débutant ou expert, n'hésitez pas à nous rejoindre pour partager vos expériences ou vos problématiques. Ce meetup propose des sessions organisées en mode "forum ouvert". Les sujets sont proposés par les participants lors de la séance. Partages de connaissances, retour d'expériences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme! **Lightning Talks:** La soirée commence par de courtes présentations. Chacun peut s'il le veut proposer une présentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une démo ou un retour d'expérience, alors vous pouvez préparer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le présenter au début de la soirée. Si vous n'avez jamais fait de présentation avant, c'est l'occasion de commencer dans une ambiance sympa. **Workshop:** La soirée se poursuit avec des activités menées en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au début de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets préférés donnent lieu à des activités en groupes pendant un peu plus d'une heure. Des écrans seront disponibles Le format se veut bienveillant. Pas besoin d'être expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'échange et le partage. L'agenda et le compte-rendu des précédents meetups est accessible ici: https://owasp.org/www-chapter-france/

December 05, 2023

Event: A night of Backdoors & Breaches with a virtual touch of John Strand

Group: Copenhagen

Time: 7:00+01:00 (Europe/Copenhagen)

Description: *Following our return from hibernation in September, OWASP Copenhagen invites you, to join us for a night of Backdoors & Breaches!* John Strand from Black Hills Information Security (BHIS) will join us online and tell us about their incident response game; Backdoors & Breaches, why you should use it and how it can help you raise awareness among your peers Afterwards Jon Bevers (also from BHIS) will show us how to play Backdoors & Breaches. Jon will also join us online. Jon is one of BHIS' European community ambassadors and travels Europe from his home in Krakow, Poland. Jon was in Copenhagen recently as part of BSides København where he also had the opportunity to talk to you about Backboors & Breaches and he might even have given you a deck already. If not, fear not as we will have plenty of decks to share with you (and keep). After the talk and demo from John and Jon it's time for pizza, drinks and the opportunity to get some hands on experience and try to game for yourself. We hope to see you there!

Event: OWASP London Chapter Meetup [IN-PERSON]

Group: London

Time: 8:00Z (Europe/London)

Description: **This event is kindly sponsored and hosted by Thought Machine. There is limited seating available for in-person attendees. Registration required. Please note that all our events are live-streamed on YouTube for the online audience. Recordings will be available on the OWASP London YouTube channel.** **Venue Location**: Thought Machine, 7 Herbrand St, London WC1N 1EX **Nearest Tube:** Russell Square (Piccadilly Line) - 2 min walk **Doors Open at 6pm** for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time). **TALKS** **OWASP Introduction, Welcome and News** \- Sam Stepanyan **"E2E Detection Testing"** \- George Gilligan How do you make sure your detections work in a cloud native organisation? Software engineers have integration tests, reliability engineers have chaos engineering frameworks. Detection engineers lack an equivalent standardised approach to E2E testing. A natural approach is a binary that generates a suspicious event, validates that a suitable alert is generated in your SIEM, closes it, and reports the result. An open source Datadog tool named Threatest does just this. We are working on extending this to work with Elasticsearch, with the hope of automating a huge portion of the work of the red team, and providing constant validation for our detections. **"5 Open Source Security Tools All Developers Should Know About"** \- Raz Probstein The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls - and the great part? It’s easily achievable through open-source tooling. In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, which will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that come with time, as well as increased experience with your deployments, stacks, and security posture. Code examples & demos will be showcased as part of this session. **"I Will IDOR Myself In"** \- Vangelis Stykas How could attackers gain control of hundreds of million devices? In this talk Vangelis explains how attackers can exploit a series of simple, yet critical API flaws that are typical “rush to market” flaws which allow an attacker to control and even use them as an initial foothold in millions of networks. Devices vary from routers to alarms and car chargers. It seems that the era of “central platform” handling that solves a variety of problems (like port forwarding) backfired by re-introducing a number of vulnerabilities that were thought to be long gone. **SPEAKERS** **George Gilligan (@ggilligan12)** George Gilligan is a security engineer at Thought Machine, where his work includes securing Kubernetes clusters, container security, intrusion detection, security testing, and implementing security policies. George participates in various CTF competitions and his CTF achievements include the Deloitte CTF Qualifier, Scottish Universities Cybersecurity Challenge and Hack Harvard 2018. George holds an Offensive Security Certified Professional (OSCP) certification and a BSc (Honours) degree in Computer Science and Mathematics from the University of Edinburgh. **Raz Probstein (@RazProbstein)** Raz comes with years of experience in both leadership and technology, having served not only as Young Ambassador to the state of Israel, as well as headhunted and selected as Young Researcher at the prestigious Weizmann Institute for multi-disciplinary scientific research. Today she serves as a Solution Engineer at Jit, coming to the role with years of experience as a FullStack Engineer and years of experience in a diversity of programming languages from Python, to Javascript and C/C#, from the elite IDF unit 81. **Vangelis Stykas** (@evstykas) Vangelis is a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet. **TICKETS** This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the guest list. **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

December 06, 2023

Event: OWASP Gothenburg OAuth2 and Offensive Security

Group: Gothenburg

Time: 7:15+01:00 (Europe/Stockholm)

Description: **Join us at our partner Omegapoint's office for an awesome evening with food and drinks, and talks about OAuth2 pitfalls and Pentest war stories!** **Where:** Omegapoint, Rosenlundsgatan 3, 411 20 Göteborg **Agenda:** **17:00 - 17:30:** Welcome to Omegapoint **17:30 - 17:45:** Introduction from the event hosts and presentation of tonight's speakers. **17:45 - 18:30:** *How to f\*ck up at OAuth2 while following BCPs* Best current practices (BCPs) for implementing OAuth2 and OIDC have undergone many changes over the years. In this presentation we highlight the risks of staying with the ancient (roughly 2019-2021) “current” best practices. The current (circa 2022) BCPs bring many changes, such as deprecation of the implicit flow, required usage of PKCE and the BFF pattern which mitigates some of the previous attack vectors. It takes time for new concepts to fully mature and secure defaults emerge. While following the latest BCPs it’s still possible to make mistakes and end up with a broken implementation. This presentation will show some common OAuth2/OIDC security pitfalls and why it is bad practice to use reverse proxy catch-all routing in your BFF, an OAuth2 client with access to many scopes, together with APIs that do authorization based on just a valid token and scopes. Does your BFF enable authenticated SSRF as a Service? During the presentation we will demonstrate both attacks and defences for a OAuth2/OIDC application running locally. **Pontus Hanssen** in an experienced security researcher and penetration tester. He loves to hack everything that blinks or has an IP address. Pontus performs security reviews and penetration tests as part of Omegapoint Cybersecurity Gothenburg, a group of experts in application security. **Tobias Ahnoff** is an experienced developer and architect with focus on application security. He specializes in implementing authentication flows and authorization for web applications and APIs that manage sensitive data. Tobias performs security reviews and penetration tests as part of Omegapoint Cybersecurity Gothenburg, a group of experts in application security. He also gives courses in application security and is an appreciated speaker in OAuth2 and OpenID Connect areas. **18:30 - 19:15:** Food **19:15 - 20:00:** *Pentesting War Stories* Working in penetration testing generates quite a few interesting stories about spectacular vulnerabilities found in tested systems. Often these stories are not shared outside of a small circle of people. This presentation goes through a selection of vulnerabilities found during assignments in the recent years. The titles of the stories are: “The omnipotent client cert” (automotive app), “Next level XSS“ (web), No route to boat” (network), and ”Having a conversation with a door handle" (embedded). **Emilie Barse** is an experienced IT security consultant with a deep interest in security testing and log analysis. She has worked in IT security since 2005 and has worked in numerous different industries, and has tested applications, networks, cloud environments, IoT systems, and cars. Emilie has a PhD in computer security from Chalmers University of Technology. **20:00 - 21:30:** Over-time (optional) Hang out, grab something to drink, and discuss security, the weather or anything in between!

Event: ISSA / OWASP Tampa Chapters Q4 Year-end Minicon

Group: Tampa

Time: 8:30-05:00 (America/New_York)

Description: **Welcome to our joint ISSA & OWASP End of Year Minicon!** We invite you to join us and members of our local Tampa Bay community to hear from industry experts in cybersecurity. This half day minicon will bring topics that influence discussion among your peers and provide a venue to meet others that share your passions. **Agenda:** * 8:30am - Registration * 9:00am - First Talk: Tsvi Korren, Field CTO Aqua Security * 10:00am - Second Talk: Tony Cook, Sr. Dir, DFIR & Threat Intel * 11:00am - Third Talk: Jadee Hanson, CISO Code42 * 12:00pm - Lunch **Speakers:** * Tsvi Korren has been an IT security professional for over 25 years. In previous positions at DEC and CA Inc., he consulted with various industry verticals on the process and organizational aspects of security. As the Field CTO at Aqua, he is tasked with delivering commercial and open source solutions that make Cloud Native workloads the most secure, compliant and resilient application delivery platform. * Tony Cook is the Sr. Director of DFIR & Threat Intelligence on GuidePoint Security’s consulting team, where he manages digital forensics and incident response engagements on behalf of the firm’s clients. His career background includes high-level national security activities in cybersecurity operations for several clients over various verticals. * Jadee Hanson is the Chief Information Security Officer at Code42, where she is responsible for business technology strategy and purchasing, as well as leading global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. **Location:** 3030 N Rocky Point Drive W Ste 600 Tampa, FL **Sponsors:** [Aqua Security](https://www.aquasec.com/) [Code42](https://www.code42.com/) [GuidePoint Security](https://www.guidepointsecurity.com/)

Event: OWASP Toronto | Privacy by Design (PbD)

Group: Toronto

Time: 8:30-05:00 (America/Toronto)

Description: TALK Privacy by Design (PbD) Summary: This presentation will discuss Privacy by Design (PbD) and what it can look like when put into practice. PbD will be looked at as a best practice and as a requirement set out by privacy laws and regulations. In this talk, you will learn about the foundational principles of PbD, and concepts to consider that can help you in your role and collaboration with stakeholders. Presenter: Horia Tabatabaei Soltani, Horia is currently the Director (Fellow) of Privacy at Canon Canada. She oversees the development and maturity of Canon Americas (Canada, US, Latin America) privacy program. She is also completing her Masters of Law (LLM) at Osgoode Law School, York University in Privacy and Cybersecurity.

December 09, 2023


Group: Kolkata

Time: 0:00+05:30 (Asia/Kolkata)

Description: #### Proposed sessions for this event: * The Mysterious Paradigm of Fuzzing by **Rakesh Seal** * Digital Personal Data Protection Act by **S Ramakrishnan** * Beyond Boundaries: The Power of Zero Trust Networking by **Mohammed Danish Amber** * OWASP Top 10 by **Mukunda Tamly**

December 11, 2023

Event: Introduction to Application Security


Group: Cairo

Time: 3:00+02:00 (Africa/Cairo)

Description: Join us for an on-site event with the Future University in Cairo to learn about the fundamentals of application security. This event will cover the OWASP Top 10 project, which outlines the top 10 most critical security risks for web applications. You will have the opportunity to engage in a Q&A session with industry experts and gain valuable insights into securing your applications. Event Agenda: - Introduction to OWASP and the importance of application security - Overview of the OWASP Top 10 project and its relevance to the industry - Deep dive into the top 3 security risks and their impact on applications - Case studies and real-world examples of security vulnerabilities - Q&A session with industry experts - Networking and opportunities to connect with peers and professionals in the field We look forward to seeing you at this informative and interactive event!

Event: Fundamentos e Melhores Práticas da Inteligência de Ameaças Cibernéticas

Group: Vitoria

Time: 9:30-03:00 (America/Sao_Paulo)

Description: Palestrante: Paulo Trindade Tema: Os Fundamentos e as Melhores Práticas da Inteligência de Ameaças Cibernéticas na Prevenção de Ataques Data: 11/12/2023 às 19:30

December 13, 2023

Event: OWASP Boston Chapter December 2023 Meetup

Group: Boston

Time: 8:00-05:00 (America/New_York)

Description: Please join us for OWASP Boston's December meetup! For those attending in-person, the doors open at 6pm, and those joining us virtually the presentation will start at 6:30pm. This month we will be welcoming Tommaso Innocenti to talk about his research on OAuth2.0 redirection URIs. ABOUT THE SPEAKER Tommaso is a fourth-year Ph.D. student advised by Engin Kirda, working as a Secure Systems Lab (SecLab) member at Northeastern University. His interests revolve around Privacy and Security, with particular attention to increasing final users' security. His works reflect his passion and tenacity in exploring complex security topics. His most recent work focuses on the security of the OAuth protocol. ABSTRACT OAuth 2.0 requires a complex redirection trail between websites and Identity Providers (IdPs). In particular, the "redirect URI" parameter included in the popular Authorization Grant Code flow governs the callback endpoint to which users are routed, together with their security tokens. In this talk, I will present recent attack trends in conjunction with the research trends to identify the source of the problem that allowed us to generate our hypothesis. Based on this observation, I will present novel attack techniques and the experiment that allowed us to verify that the OAuth 2.0 security guidance is under-specified empirically. Finally, I will explain end-to-end attack scenarios that combine our attack techniques with common web application vulnerabilities, ultimately resulting in a complete compromise of the secure delegated access that OAuth 2.0 promises.

Event: Owasp Curitiba - Segurança desde a concepção do Projeto

Group: Curitiba

Time: 9:00-03:00 (America/Sao_Paulo)

Description: Owasp Curitiba - Segurança desde a concepção do Projeto

Event: December virtual meet: OWASP tool lunch & learn - Dependency Check

Group: Minneapolis St Paul

Time: 2:00-06:00 (America/Chicago)

Description: Join OWASP-MSP chapter leads Zoa Buske and Nathan Larson for a demo of longstanding OWASP flagship project Dependency Check and a discussion of Software Composition Analysis (SCA). Passcode will be sent out shortly before the event opens. [https://owasp.org/www-project-dependency-check/](https://owasp.org/www-project-dependency-check/) [http://jeremylong.github.io/DependencyCheck/](http://jeremylong.github.io/DependencyCheck/)

Event: Security Social Lunch Hours

Group: Seattle

Time: 2:00-08:00 (America/Los_Angeles)


Event: OWASP South Florida Chapter Meeting December 2023

Group: South Florida

Time: 8:00-05:00 (America/New_York)

Description: We will be hosting this meeting online. The meeting’s URL will become visible on the meetup page after you RSVP. Please join us virtually for our December 2023 Meeting. **Make sure** you **don’t miss this final session of 2023!** BYOB - Bring Your Own Beverage **Agenda** === * Chapter update/news * Talk by Rohini Sulatycki * Virtual Networking **Talk Title:** Zero Trust Demystified - NIST 800-207 and the CISA ZT Maturity Model **Talk Summary:** This is a fast paced session that will cover the following. * What is Zero Trust? * What are the challenges in ZT adoption? * How does NIST 800-207 define a Zero Trust Architecture? * Review the CISA ZT Maturity Model v2

Event: Pub evening - Lucia OWASP meet up and after-work near Odenplan

Group: Stockholm

Time: 7:00+01:00 (Europe/Stockholm)

Description: Time for a Lucia/near xmas get together. This is the perfect opportunity for all of us app-sec interested folks to get together and meet up in real life for a relaxed chat and maybe a beer or some other refreshments. When: 13th December, 2023 Where: The Old Brewer - Public House & Dining Room at Luntmakargatan 98, 113 51 Stockholm Expect: Quick AppSec Tips Networking Drinks & Laughter The meeting will start at 17:00, but it's a casual event so turn up when it suits.

Event: Monthly SAMM community call

Group: Samm

Time: 5:30-05:00 (America/New_York)

Description: Welcome to our final 2023 monthly SAMM community call Wednesday 13th December, (each 2nd Wednesday of the month). At 21:30 CET, which is 3:30 pm EST. Join Zoom Meeting: [Zoom link.](https://zoom.us/j/96866048960?pwd=TmZkTSs3ZmlWU09DbHJoSnVZWmdiUT09)

December 14, 2023

Event: Cybersecurity Careers: Insights from a Panel of Security Leaders

Group: Syracuse

Time: 2:00-05:00 (America/New_York)

Description: Join a panel of leaders in the Cybersecurity field, talk about their career journey, and offer advice.

Event: OWASP Timisoara #24: Bug Bounty and Cloud Security [ONLINE]

Group: Timisoara

Time: 8:00+02:00 (Europe/Bucharest)

Description: The next OWASP Timisoara Chapter Meetup will be Online See https://owasp.org/www-chapter-timisoara/ for more information about the OWASP Timisoara chapter. Theme sessions - Theme: Bug Bounty and Cloud Security **`18:00`**` Welcome participants` **`18:15`**` Introduction, OWASP News & Updates - Catalin Curelaru` **`18:30`**` Bug Bounty(Again) - Tomi Koski (Visma)` **`19:00`**` The bigger picture - Ovidiu Cical (Cyscale)` **`19:30`**` Networking` **Tomi Koski** \- Red Team Engineer @ VISMA \| Tomi Koski has been working with IT\-systems for many moons\, actually since \(the wonderful\) 1990’s\. He is passionate about anything related to security\, combining both physical and virtual worlds\. He is a constant learner and very curious person about life and bug bounties\. Currently\, he is working for Visma as a Red \(read: Purple\) Teamer *Bug Bounty(Again)* Abstract: My journey in the world of Bug Bounties, the good and bad. Story about how bug bounties have changed my life and why I think these are super fun and educational. **Ovidiu Cical** \- Cloud Security Architect @ Cyscale \| Ovidiu is a cybersecurity enthusiast with 20 years of experience in IT\. Ovidiu speaks at international conferences covering different topics of Cybersecurity and is not a stranger to the pro\-bono work of running the OWASP chapter in Cluj\-Napoca for many years in the past\. Currently\, he leads Cyscale\, a cloud security startup developing a product from the heart of Cluj\-Napoca\. *The bigger picture* Abstract: The bigger picture: a context is critical in understanding your security posture. Why a certain problem in one part of your cloud infrastructure may affect other areas of your cloud apps, how cloud data is secured, and how safe is the rest of your cloud estate.

Event: December Cybersecurity Social

Group: Vancouver

Time: 8:00-08:00 (America/Vancouver)

Description: **Biggest Cybersecurity Social of the year!** This Vancouver area Cybersecurity Social is jointly organized by VanCitySec, OWASP Vancouver, and DC604 DEFCON Group. It's a perfect chance to mingle, make new connections, talk shop, geek out, and otherwise have a blast with like-minded folks. Please register so we have an idea of how many people are coming (tickets not required for entry). See you there! December 14, 6-9PM at **Relish the Pub** **Follow us at:** OWASP Vancouver: [https://www.meetup.com/OWASP-Vancouver-Chapter/](https://www.meetup.com/OWASP-Vancouver-Chapter/) VanCitySec: [https://twitter.com/VanCitySec](https://twitter.com/VanCitySec) DC604 (DEFCON group): [https://www.meetup.com/defcon604/](https://www.meetup.com/defcon604/) Channels on MARS Slack: **#owasp-vancouver** and **#dc604** Join MARS Slack: [https://fourthplanet.ca/slack/](https://fourthplanet.ca/slack/)

December 15, 2023

Event: New Year’s OWASP Chapter Limassol meetup.

Group: Limassol

Time: 8:30+02:00 (Asia/Nicosia)

Description: [Location](https://www.google.com/maps/place/BrainRocket/@34.6979542,33.0460735,20z/data=!4m6!3m5!1s0x14e733f291b01fad:0x5ff57bb6ed3f9838!8m2!3d34.6979152!4d33.0461381!16s%2Fg%2F11q_08mvzb?entry=ttu) is the restaurant at the Brain Rocket office. **Calling all tech and security enthusiasts!** We are thrilled to announce the second meetup of the [OWASP Chapter in Limassol](https://owasp.org/www-chapter-limassol/)! We cordially invite you to join us for an evening of engaging discussions, networking, and knowledge sharing among cybersecurity enthusiasts, professionals, and enthusiasts from various backgrounds. **Schedule:** 18:30 — 19:00 — Gathering & Intro 19:00 — TBA 19:55 — 20:05 A short break 20:05 — 20:30 TBA 22:00 — 23:00 — Eat, drink, networking! We'll have catering, a cocktail bar, a DJ, and a shisha zone all set up to make the evening unforgettable. [Don't forget to join us on Telegram (we will send updates there quickly).](https://t.me/+W1hEPzn4BOcwMTNi)

Event: OWASP Tallinn - Cybersecurity & AI - Vol. 1

Group: Tallinn

Time: 8:30+02:00 (Europe/Tallinn)

Description: ** Welcome to the Inaugural Event of OWASP Estonia: Cybersecurity & AI - Vol. 1 ** Get ready to dive into the world of AI technology and cybersecurity at our first-ever event! We are thrilled to present a lineup of distinguished speakers and groundbreaking topics. **Featuring a Core Member from OWASP Top 10 LLM:** Delve into the depths of cybersecurity with insights from a key figure behind the renowned OWASP Top 10 for large language models. Learn about the latest trends, challenges, and strategies in securing large language models and AI systems. **TalTech’s Cybersecurity RA for AI-Driven Autonomous Ships:** Join our guest from TalTech, a leading assistant researcher in cybersecurity, specializing in AI-driven autonomous ships. Discover how AI is revolutionizing maritime technology and the critical role of cybersecurity in this innovative domain. **And That's Not All - More Surprises Await!** Whether you're a cybersecurity professional, a tech enthusiast, or just curious about the future of AI, there's something for everyone. **Connect, Collaborate, and Create:** This event is more than just talks - it's a platform to connect with like-minded individuals, collaborate on ideas, and contribute to the ever-evolving field of cybersecurity and AI. **Mark Your Calendars:** Friday 15th December at 18:30 - 20:30 WIP Maakri 19, Tallinn **Join us at OWASP Estonia's inaugural event, Cybersecurity & AI - Vol. 1!**

December 21, 2023

Event: Evaluasi Malware 2023 dan trend Malware 2024

Group: Jakarta

Time: 9:00+07:00 (Asia/Jakarta)

Description: Software yang tidak aman telah mengancam infrastruktur keuangan, kesehatan, pertahanan, energi, dan infrastruktur penting lainnya. Dengan semakin kompleks dan terhubungnya infrastruktur digital kita, kesulitan mencapai keamanan aplikasi meningkat secara eksponensial. Open Web Application Security Project (OWASP) yang merupakan komunitas terbuka yang didedikasikan untuk memungkinkan organisasi mengembangkan, membeli, dan memelihara aplikasi yang dapat dipercaya. Di OWASP sendiri, anda akan menemukan free and open… • Tool dan standar keamanan aplikasi • Buku tentang uji keamanan aplikasi, pengembangan kode aman, dan review kode keamanan • Kendali keamanan dan pustaka standar • Cabang lokal di seluruh dunia • Riset terkini • Konferensi lengkap di seluruh dunia • Mailing list • Dan banyak lagi … di www.owasp.org Kali ini di OWASP ID akan membahas : 1\. Evaluasi Malware 2023 dan trend Malware 2024 Speaker : Alfon Tanujaya (Security Enthusiast / Pengamat Sekuriti Vaksincom) Linkedin : https://www.linkedin.com/in/alfonstanujaya Topic: OWASP Jakarta - Evaluasi Malware 2023 dan trend Malware 2024. Time: Dec 21, 2023 07:00 PM Jakarta Bergabung Zoom Rapat https://zoom.us/j/95692246978?pwd=VzdvL1QzWE9IZzAweFNYZ2tobW5aQT09 ID Rapat: 956 9224 6978 Kode Sandi: 652201 supported by appsec.co.id

December 23, 2023

Event: DevSecOps Toolchain Transformation to create secure by design software.

Group: Morocco

Time: 9:00+01:00 (Africa/Casablanca)

Description: ## DevSecOps Toolchain Transformation Hands-on The DevSecOps Mindset and Salient Features * Shared Objectives * Prioritizing Security * Auomation * Operational Insights and Threat Intelligence * Holistic Security * Proactive Threat Monitoring * Security-as-a-Code * Infrastructure-as-a-Code * Improved Collaboration * Developers as Security Proponents * Continuous Monitoring and Auditing * Defined Incident Response Here are some actions you can take to upgrade your DevOps toolchain into a DevSecOps toolchain: 1. Learn From Others in the DevOps and DevSecOps Communities Look to the DevOps community to help close your critical knowledge gaps. 2. 2\. Start With Your Container Security The first step to building out the security of your DevOps toolchain starts with your container security. 3. Institute Continuous Compliance DevSecOps is a platform for continuous compliance to protect your software supply chains against vulnerable packages and vulnerable configurations. 4. Double Down on Automation While you may have already been experimenting with automation during your DevOps phase, it only becomes more integral once you throw the switch in by going DevSecOps. Go into your DevOps to DevSecOps transformation with an automation strategy that focuses on automating common developer and sysadmin tasks. 5. Improve Your Monitoring and Analytics Building out a DevSecOps toolchain takes your monitoring and analytics options to a new level. Consider the fact that you should already collect and publish data from your toolchain and deliver reports to your project managers, developers, QA testers, and stakeholders outside your team. Commonly, DevOps reporting is still a work in progress for organizations. Use the introduction of new security tools into your toolchain as a chance to offer more granular and real-time security reporting into all parts of your DevSecOps toolchain. 6. Implement Accessibility Assurance Depending on your organization’s definition of compliance, the option is there to add accessibility compliance or Section 508 to your DevSecOps toolchain. This hands-on training is reserver for 70% professional and 30% students. Mandatory: General Conditions in order to validate your participation to this event: 1\. Student must send University/Student ID\, otherwise registration will be rejected\. 2.Professional must register company emails, otherwise registration will be rejected. Registration only via EventBrite. We don't accept answer via meetup. Please indicate your firstname, lastname, company name, a valid business email or school email (email like gmai, free, hotmail, outlook, etc are not accepted and registration will be cancelled). Please register here: https://www.eventbrite.com/e/billets-devsecops-toolchain-transformation-374188276207

December 31, 2023

Event: Call for Speakers and Venues: Sydney OWASP Chapter Meetup in 2023!

Group: Sydney

Time: 2:00+11:00 (Australia/Sydney)

Description: The Sydney OWASP Chapter is dedicated to fostering a thriving community focused on application security and collaboration among industry professionals. With our goals of promoting equality, education, and community, we're excited to announce that we're actively looking for speakers and venue hosts for our upcoming events throughout the year. **Call for Speakers** Do you have a passion for cybersecurity and would like to share your expertise with our growing community? We invite you to submit a talk proposal for our upcoming meetups! This year's theme revolves around diverse applied topics in cybersecurity. We welcome presentations from experienced speakers, as well as those giving their first talk. To submit your proposal, please email the following details to [[email protected]](mailto:[email protected]): * Proposed topic * Abstract (100-200 words) * Brief speaker bio (100-200 words) **Call for Venues** We're also searching for venue hosts who can accommodate 30-50 attendees and provide a screen for presentations. Hosting an OWASP meetup is a fantastic opportunity to demonstrate your commitment to security excellence while supporting the cybersecurity community. Please note that hosts are expected to cater pizza and beverages for attendees. If you're interested in becoming a venue host, please reach out to us at [[email protected]](mailto:[email protected]). By contributing as a speaker or venue host, you're helping to advance our mission of fostering collaboration, education, and diversity within the cybersecurity field. We look forward to hearing from you and hope to see you at our next event. Deb, Blair, and Nick OWASP Sydney Chapter Committee