OWASP Community Meetings


Quick List (Details below)


June 23, 2024


Event: OWASP IL Meetup - June 2024

Group: Israel

Time: 18:00+03:00 (Asia/Jerusalem)

Description: OWASP IL is thrilled to announce our next Meetup event! Get ready for a vibrant gathering of the AppSec community, featuring delicious food, refreshing drinks, networking opportunities, and insightful security discussions. This special occasion will be graciously hosted by Axonius! ==================================================================== Agenda: 18:00 - 18:30 - gathering and food - We will gather at Axonius's office for drinks, great treats and mingling. 18:30 - 18:35 - Meetup kickoff + Microphone tuning 18:35 to 19:20 - From Challenge to Triumph: Transforming AppSec with AI and Automated Code Reviews - A Journey of Lessons Learned *Michael Goberman - Director of Product Security and Aviad Feig - Product Security Architect @ Axonius* Maintaining a robust application security program with a lean team of experts is challenging. We’re eager to share with the community a practical and innovative approach that worked for us: How we were able to move away from manually reviewing every feature developed while increasing the thoroughness of our security oversight. We’ll explain how we succeeded at integrating generative AI tools using GitHub actions to automate the code review process and broaden security oversight in a highly efficient way. Attendees will learn from our journey and discover how they, too, can automate routine security checks, engaging human experts only when their expertise is truly needed. 19:20 to 19:30 - Beer Break 19:30 to 20:15 - Pains and advantages of application anomaly detection in containerized applications *Ben Hirschberg - CTO @ ARMO* In this talk an open-source based application anomaly detection system to detect malicious activity. The solution focuses on applications running in Kubernetes orchestration system. In the talk I will cover these points: \* Main attack vectors to these kinds of applications: exploit remote vulnerabilities, supply-chain attacks \* Anomaly detection dimensions: process, file, network and system-call activity \* What detection dimension is working (or not working) with what kind of applications \* What anomalies are bound to what kind of attacks \* Live demo with the Kubescape project to show results 20:15 to 21:00 - The Dark Side of AI: The Hidden Risks in Open-Source AI Models *Jossef Harush Kadouri - Security Researcher @ Checkmarx* This talk is for anyone who is using open source in their daily routine. The purpose is to bring awareness to the risks of software supply chain attackers lurking in some of our open-source code and to show how ridiculously easy it is for them to launch attacks. Join me as we unravel the construction of AI models, focusing on their weak spots. Through multiple demos, witness how AI models can be manipulated to become malicious. ==================================================================== This event is hosted by Axonius in collaboration with OWASP Israel. Join us at the event physically as we will not include Zoom or remote participation this time.



June 24, 2024


Event: Desvendando o ransomware ShrinkLocker

Group: Natal

Time: 21:00-03:00 (America/Fortaleza)

Description: Você está preparado para mergulhar no mundo da cibersegurança e desvendar os segredos por trás de um incidente envolvendo o ransomware ShrinkLocker? Não perca o evento imperdível do chapter da OWASP Natal! Data: 24 de junho Horário: 21h Aprenda com um dos melhores! Junte-se a nós para uma sessão online envolvente e informativa, onde o especialista Cristian Souza irá compartilhar insights valiosos sobre a análise de um incidente envolvendo o ransomware ShrinkLocker. Esta é uma oportunidade única para expandir seu conhecimento e aprimorar suas habilidades no campo da cibersegurança. Marque esta data em sua agenda e convide seus colegas e amigos para se juntarem a nós nesta jornada fascinante! Não perca esta chance de aprimorar suas habilidades e ficar um passo à frente no mundo da segurança cibernética. Esperamos vê-lo lá!



June 25, 2024


Event: OWASP Aarhus Chapter Meeting - June

Group: Aarhus

Time: 19:00+02:00 (Europe/Copenhagen)

Description: **IMPORTANT:** * **You need to reverse into the parking spot!** * **Please please provide your email to Thomas to receive a private link to register in the guest system at Vesta before the event** * **Please register your car before the event. See the image for parking** Agenda: **19:00 – 19:10** Welcome by Vestas and OWASP Aarhus **19:10 – 20:00** ”Automated attack path discovery and alerting with Adalanche” by Rasmus Have. Rasmus Have is a Senior Cyber Security Architect at Vestas where he works with security architecture across the IT and OT domains. Rasmus has a background from the startup world and military security over the last 25 years. He aims to close the gap between the theoretical architecture work and the practical engineering work with a hands on approach to security. **20:00 – 20:30** Networking break **20:30 – 21:25** How to leverage AI in web protection - OWASP Juiceshop" by Rasmus Dalsgaard Andersen, CheckPoint OWASP Juice Shop is probably the most modern and sophisticated insecure web application! I will show you how AI can be leveraged in a WAF to protect against attacks.


Event: OWASP Austin Chapter Monthly Meeting - June 2024 (Online)

Group: Austin

Time: 11:30-05:00 (America/Chicago)

Description: 30 minutes of meet-and-greet and Chapter information, then the Presentation! Presentation begins at 12CDT! If you would like to attend in person and have a free lunch, please register at [https://owasp-austin-2024-june.eventbrite.com](https://owasp-austin-2024-june.eventbrite.com) Presentation: **Full of SaaS and TOTALLY SECURE** Managing shadow IT in the age of SaaS application sprawl is an important component of managing risk, especially since so many of us depend on SaaS/PaaS as part of our critical infrastructure. However, traditional approaches (blocklisting, brute force, etc.) have proven ineffective and are, oftentimes, too late to prevent any real security issues. In this session, we’ll discuss some of the psychology behind why we’re referred to as the “department of NO” as well as how to start shifting that perception. You will also learn of some tactics to identify and mitigate shadow IT as well as proactive measures that may help avoid future sprawl.


Event: Secure Application Design: The Good, The Bad, and The Horrendous

Group: Philadelphia

Time: 18:00-04:00 (America/New_York)

Description: For every application design "best practice", there is a matching "worst practice", or what some call security patterns and anti-patterns. Join us to review common anti-patterns, identify their accompanying secure design patterns, and commiserate about the worst offenders we've seen in the wild.



June 26, 2024


Event: 3. OWASP Augsburg Stammtisch

Group: Augsburg

Time: 19:00+02:00 (Europe/Berlin)

Description: !WANTED! --> Women in IT Security <-- !WANTED! Agenda Vortrag: SSL/TLS-Test, braucht man das noch? (Achim Hoffmann) Die Verschlüsselung der Übertragung von Daten (Data in Transit) mithilfe von TLS hat sich inzwischen als 'Best Practice' etabliert. Sobald ein Zertifikat erworben oder automatisch eingerichtet wurde, kann die Verschlüsselung inzwischen auch auf Servern meist relativ einfach 'eingeschaltet' werden. Reicht das? Lohnt es sich nachzuprüfen, was da aktiviert wurde? Wie geht das? Achim zeigt uns am Beispiel des, von ihm als OWASP-Projekt entwickelten SSL/TLS-Test-Tools 'O-Saft (https://owasp.org/www-project-o-saft/)', wie wir diese Tests einfach für verschiedene Protokolle durchführen können. Die Interpretation der Ergebnisse und worauf es dabei ankommt, wird anhand von Beispielen aus der Praxis gezeigt und mit den Teilnehmern des Stammtischs diskutiert. Achim Hoffmann ist als 'OWASP-Urgestein' ein langjähriger (>25 Jahre), auf Web Application Security spezialisierter Berater, (Pen-)Tester, Trainer und Sprecher; Er ist Board Member von OWASP-Germany und OWASP-Project-Leader u.a. für O-Saft Freie Diskussion Netzwerken Bitte gebt Bescheid, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst einen Talk halten? Melde dich einfach!Wichtiges für Talks in aller Kürze: Verwende einen neutralen Foliensatz - ohne Logo, ohne WerbungAuf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit LogoGib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntestVertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben


Event: Bay Area OWASP June Meetup

Group: Bay Area

Time: 17:00-07:00 (America/Los_Angeles)

Description: We're excited to announce our upcoming June meetup, which will be hosted by the wonderful **Traceable** team at **Harness** HQ in San Francisco. Refreshments will be sponsored by **Defy Security**. Get ready for insightful discussions and the chance to network with some of the brightest minds in the industry. **Agenda:** 5:00 - 5:45: Doors open, networking and food 5:45 - 6:30: Talk 1: API Security Blunders: Tales from the Cyber Trenches - Anjum Ahuja 6:30 - 7:15: Talk 2: Had a Cyber Incident? Better Call Saul! - Daniel Davis 7:15 - 8:00: Talk 3: Details to follow **Talk 1:** Speaker: Anjum Ahuja Title: API Security Blunders: Tales from the Cyber Trenches Abstract: In this session, we dive into API Security by dissecting real-world blunders that have caused security breaches. We'll guide you through the process of identifying these anti-patterns and provide insights to effectively defend against such attacks. Speaker Bio: Anjum is the Director of Security Research at Traceable.ai. He has worked on different aspects of security engineering specifically Detection engineering & Incident response, AppSec and Threat Intelligence. He has presented at conferences like BSidesSF, BSidesCharm, and has multiple patents issued for IOT Security. **Talk 2:** Speaker: Daniel Davis Title: Had a Cyber Incident? Better Call Saul! Abstract: If you’re a CISO, you’re already calling your lawyer. The rest of you are going - huh??? From the SEC’s legal action against Solarwinds to the looming specters of CMMC 2.0 and CIRCIA, when will cybersecurity’s transformation into a legal domain be complete? Speaker Bio: No, Daniel isn’t a lawyer, but he did stay at a Holiday Inn Express last night (does that one still hold up???). Cybersecurity isn’t the first technical discipline to be “legal-lite” as he learned running safety programs for military aerospace programs. When things go wrong, people will always want to know who “signed off on it”. This experience led Daniel to Lyft’s autonomous vehicle division to create a public-private partnership to develop a framework for safety and cybersecurity for AVs. Today, he’s the founder of Mindpipe, which will be open sourcing a next generation, end-to-end RAG pipeline leveraging open knowledge graph frameworks.


Event: OWASP LA Monthly In-Person Meeting - JUN 26, 2024

Group: Los Angeles

Time: 17:30-07:00 (America/Los_Angeles)

Description: **TOPIC**: What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it. Join us for great networking, dinner and drinks, and see a presentation by **Darren Meyer**, Lead Solution Architect at Endor Labs. **ABSTRACT**: With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with. Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results. **Thanks to our Sponsor**: *[Endor Labs](https://www.endorlabs.com/)* *Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.* **Thanks to our Host**: *[HiveWatch](https://www.hivewatch.com/)* *Intelligent, efficient, and scalable security* *HiveWatch is a cloud-based SaaS platform built for physical security teams to enhance their current security technologies. It streamlines incident response, allows for the consolidation of disparate programs and systems, and reduces false alarms.* **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]* **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: [https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)


Event: OWASP Melbourne - June 2024 Meetup

Group: Melbourne

Time: 18:00+10:00 (Australia/Melbourne)

Description: G'day all, OWASP Melbourne is (finally) meeting again. But, in a different format. Our sincere apologies for the silence these past few months; it's been a rough time, in many ways. The landscape and conditions for meetups have changed, especially in the last year, thus, we must adapt to carry-on. So, what's happening? The TLDR: We'd meet at 6pm on a Wednesday monthly (except Dec/Jan), at a (different) food place each meetup. Hangout, and together contribute and decide on the AppSec topics we'd want to discuss, while we all grab a bite to eat (at own cost). All these finishing up by 7pm. For RSVPs, please do try to keep it updated so that whomever that arrives first at the food place, can try to grab a table/seats for us. We'd be trying to just walk-in and grabbing a table. Please see this Google Form for the details, and a quick poll on which Wednesday y'all prefer: [https://forms.gle/U3ArrazUpt9R5EGH8](https://forms.gle/U3ArrazUpt9R5EGH8) We'll close this poll by the 21st June 2024. We've picked the first event's date and location, to get the ball rolling. See you there. Thank you.



June 27, 2024


Event: Attack Surface Mapping with OWASP Amass

Group: Atlanta

Time: 18:30-04:00 (America/New_York)

Description: In the ever-evolving landscape of cybersecurity, understanding your attack surface and adopting an adversarial perspective are critical components for building a robust security program. This talk will delve into the strategic importance of these concepts, emphasizing how they can preemptively identify and mitigate potential security threats. We will explore the methodologies behind attack surface mapping, highlighting the necessity of viewing your infrastructure through the lens of an attacker to uncover vulnerabilities that might otherwise go unnoticed. By embracing this mindset, organizations can proactively defend against sophisticated attacks, ensuring their defenses are as robust and comprehensive as possible. The talk will shift to a demonstration, centered around the Amass Project, OWASP’s powerful tool designed for in-depth attack surface mapping and asset discovery. Attendees will have the opportunity to gain hands-on experience with Amass, learning how to leverage its capabilities to uncover and visualize the full extent of an organization’s external exposure. The session will cover practical examples, showcasing how Amass can be integrated into security workflows to enhance situational awareness and threat intelligence. By the end of the presentation, participants will have a clear understanding of how to implement these strategies in their security programs, ultimately fortifying their defenses against potential adversaries.


Event: OWASP Austin Study Group

Group: Austin

Time: 12:00-05:00 (America/Chicago)

Description: Since 4/25/24: discussions on AI and LLM's generally and the Coursera Prompt Engineering series from Vanderbilt specifically. We are now studying ChatGPT Advanced Data Analysis.... For General Study Group info, see #studygroup in OWASPAustin Slack For topic specific info, see #ai in the OWASPAustin Slack


Event: Hacker Thursday with Pacific Hackers & OWASP – CTF Time

Group: Bay Area

Time: 17:00-07:00 (America/Los_Angeles)

Description: **Want to tap into your inner evildoer and test your skills in hunting down web application vulnerabilities?** Join us at this joint event between Pacific Hackers and OWASP Bay Area to immerse yourself in the industry’s most authentic environment, where players exploit their way through hundreds of vulnerabilities that lurk in business applications today. Success means learning quickly that attack and defense are all about thinking on your feet. For each vulnerability you uncover, you are awarded points. Climb the interactive leaderboard as you vie for the top spot! **About the Range:** The CMD+CTRL Cyber Range is ideal for anyone interested in learning how web applications are attacked, furthering their cybersecurity acumen, or honing the skills needed to protect the enterprise. From curious bystanders to active practitioners to Risk and Security Executives, there’s something for everyone. Registration: Please register here to get more event details and help us organize food and drinks [https://web.securityinnovation.com/owasp-bayarea](https://web.securityinnovation.com/owasp-bayarea) **Agenda:** 5 PM – Food & Networking 5:30 PM – 8:30 PM – CTF Time 8:30 PM – Prizes


Event: OWASP CoS June 2024

Group: Colorado Springs

Time: 18:00-06:00 (America/Denver)

Description: Speaker: Jeff Tomkiewicz; "InfluenceOps: Practical Pretexing" After / during: Pizza, Beer, Assortment of soft drinks Location: National Cyber Center (NCC): https://cyber-center.org/


Event: OWASP Orlando - Chapter Meeting

Group: Orlando

Time: 18:00-04:00 (America/New_York)

Description: This is an In-Person Event Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **Marc Frankel** Topic: AIBOM - summary TBD Speaker 2: **TBD**


Event: Monthly Networking Social

Group: Peterborough

Time: 19:00+01:00 (Europe/London)

Description: Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).



June 28, 2024


Event: Phishing Unveiled: Malicious JavaScript and First-Stage Loaders

Group: Jakarta

Time: 16:30+07:00 (Asia/Jakarta)

Description: Topic Name - Phishing Unveiled: Malicious JavaScript and First-Stage Loaders Abstract : Phishing attacks have become increasingly sophisticated, often using malicious JavaScript to initiate the first stage of infection. This session will explore how attackers deploy JavaScript within phishing campaigns to evade detection and deliver harmful payloads. We will examine real-world examples, identify key indicators of malicious activity, and discuss strategies for effective defense. Participants will leave with a clear understanding of the role of JavaScript in phishing and how to protect against these evolving threats. Bio - Shrutirupa is an experienced Security Researcher with a proven track record in computer and network security. She currently works on the Threat and Detection Team at Seqrite. Shrutirupa is also recognized as a Google Developer Expert in Web Technologies. Shrutirupa is passionate about tackling challenges related to reverse engineering and conducts malware research both in her professional role and as a personal interest. In addition to her security work, she is a YouTuber, known for her channel "CryptoW@re." She has shared her knowledge as a speaker and trainer at various conferences, including OWASP Foundation Virtual Appsec, Day Of Shecurity, BSides Singapore, Rootconf, OWASP Seasides, EnCypher20, Tech(k)now Day, COcON, Devfest, Google I/O Extended Kochi and numerous other meetings and webinars


Event: Practical Web App Pentesting for Beginners

Group: Seattle

Time: 11:00-07:00 (America/Los_Angeles)

Description: *Join us for a two-hour workshop designed to introduce you to the exciting world of web application penetration testing. This event is proudly delivered by [TCM Security Academy](https://academy.tcm-sec.com/), [OWASP Seattle](https://owasp.org/www-chapter-seattle/), and [WiCyS Western Washington](https://www.linkedin.com/company/women-in-cybersecurity-wicys-western-washington/).* *The workshop is perfect for beginners looking to start their journey in application security. You'll learn practical skills for identifying and exploiting common web vulnerabilities, with a focus on real-world scenarios and hands-on exercises.* *[Alex Olsen,](https://www.linkedin.com/in/alex-olsen-ase/) from [TMC Security](https://tcm-sec.com/) will be delivering this practical workshop focusing on the basics of web app pentesting, exploring the [OWASP Top 10 vulnerabilities](https://owasp.org/www-project-top-ten/), and diving into specific issues like injection flaws, logic problems, and access control weaknesses. We'll also discuss where to go next in your learning journey, including career paths in AppSec and resources for skill development. The event will conclude with a Q&A session, giving you the opportunity to ask questions and gain insights from experienced professionals.* *Whether you're a developer, IT professional, or simply curious about cybersecurity, this workshop will provide valuable knowledge and practical experience to kickstart your path in web application security.* *Google Meet link will be shared with all registered participants 24 hours prior to the event.*



June 29, 2024


Event: OWASP BH está de volta!

Group: Belo Horizonte

Time: 10:00-03:00 (America/Sao_Paulo)

Description: **OWASP BH está de volta!** Junte-se a nós no nosso primeiro meetup de 2024 e celebre a reabertura do capítulo OWASP BH! Agenda: **10h00 - 10h30:** Boas-vindas e reabertura oficial do capítulo OWASP BH: Apresentação da OWASP e dos planos do capítulo para 2024. **10h30 - 11h30:** Palestra "IA Generativa e o Cenário da Segurança Cibernética": Descubra os desafios e oportunidades da inteligência artificial na segurança. **11h30 - 12h00:** Palestra a definir **12h00 - 13h00:** Networking e encerramento


Event: OWASP Mumbai Online Meetup - 29th June 2024

Group: Mumbai

Time: 12:00+05:30 (Asia/Kolkata)

Description: #### Session Details: Introduction to OWASP Mumbai **Talk:-** How to be a Malware Researcher **Speaker:-** Adhokshaj Mishra QnA and FeedBack



July 02, 2024


Event: Threat Modeling/Threat Intelligence: Como Ambas Podem Ser Utilizadas em Conjunto

Group: Vitoria

Time: 19:30-03:00 (America/Sao_Paulo)

Description: Palestrante: Caique Barqueta Tema: Threat Modeling e Threat Intelligence: Como Ambas Podem Ser Utilizadas em ConjuntoData: 02/07/2024 às 19:30



July 03, 2024


Event: OWASP PENANG Virtual Meetup #1

Group: Penang

Time: 21:00+08:00 (Asia/Kuala_Lumpur)

Description: The OWASP Malaysia Federation is delighted to introduce the OWASP Penang Chapter to everyone. Join us for an online meet-and-greet event with OWASP Penang on July 3, 2024. We will feature young speakers who will present exciting and up-to-date topics related to the world of cybersecurity. Don't miss this opportunity! OWASP Malaysia Federation dengan berbesar hati ingin memperkenalkan OWASP Penang Chapter kepada semua. Sertai kami dalam acara suai kenal secara dalam talian bersama OWASP Penang pada 3 Julai 2024. Kami akan menampilkan penceramah muda yang akan mempersembahkan topik-topik menarik dan terkini berkaitan dengan dunia keselamatan siber. Jangan lepaskan peluang ini! Time: 03/07/2024 9:00PM Platform: Microsoft Teams Speaker 1 : Muhammad Fahimuddin Bin Mazlan Topic: Creating Your Own WiFi Jammer Speaker 2: Mohammad Ezaly Iman Bin Ramli Topic: Cyber Security Drill With CTF



July 04, 2024


Event: OWASP Austin Study Group

Group: Austin

Time: 12:00-05:00 (America/Chicago)

Description: Since 4/25/24: discussions on AI and LLM's generally and the Coursera Prompt Engineering series from Vanderbilt specifically. We are now studying ChatGPT Advanced Data Analysis.... For General Study Group info, see #studygroup in OWASPAustin Slack For topic specific info, see #ai in the OWASPAustin Slack


Event: OWASP Tallinn - Modern Cryptography - Vol. 2

Group: Tallinn

Time: 18:30+03:00 (Europe/Tallinn)

Description: ** Welcome to the Summer Event of OWASP Estonia: Modern Cryptography - Vol. 2 ** In this event we'll host two very special speakers: **Stefano Alberico**, tech lead mentor at **NATO DIANA** accelerator and founder at Skudo, is a technology visionary with 25 years of international experience. He is very problem solving oriented and prefers to set up a demo with a Raspberry Pi rather than only explaining things on a PPT. He is now focused on hardware encryption (HSM and PKI) for space and drone applications, based on Skudo's own FPGA implementation. Speech: **Practical use-cases of encrypted satellite communication** In my 30-minute presentation, Stefano will discuss two key use-cases of encrypted digital satellite communication that his company has worked on. The first use-case involves a project with the European Space Agency (ESA) last year. We remotely reprogrammed the OPS-SAT's onboard FPGA with our custom cores, adding a Hardware Security Module (HSM) and a RISC-V processor. We then developed an application that captured a satellite image, processed it on the RISC-V, encrypted it on the HSM, and sent it to our ground office. There, we decrypted the image using the appropriate key and displayed it, ensuring secure data transmission. The second use-case is an ongoing project to create an encrypted satellite communication link. This involves integrating our HSM/FPGA with an Iridium modem using the Short Burst Data (SBD) service. This setup enables us to send end-to-end hardware-encrypted messages worldwide, ensuring secure and reliable communication. These examples demonstrate our work in enhancing secure satellite communications through advanced encryption and processing technologies. \-\-\- **Jelizaveta Vakarjuk** is a junior researcher in Cybernetica and industrial PhD student at Tallinn University of Technology. Her research focuses on post-quantum cryptography, privacy-preserving cryptography, and security of voting systems. Mainly she studies post-quantum digital signatures, but also focuses on the aspects of migration to post-quantum cryptography. Speech: **Obstacles of migration to post-quantum cryptography** With the rising development of quantum technologies there is an urgent need to secure existing IT infrastructure against quantum threats. Introducing post-quantum cryptography to present systems could protect them against future quantum computer attacks. Still, post-quantum migration is a challenging process which requires systematic planning and years of execution. In this talk, I will share what are the main migration obstacles in example of Estonian e-services. **And That's Not All - More Surprises Await!** Whether you're a cybersecurity professional, a tech enthusiast, or just curious about cryptography, there's something for everyone! **Connect, Collaborate, and Create:** This event is more than just talks - it's a platform to connect with like-minded folks! **Mark Your Calendars:** Thursday 04th July at 18:30 - 20:30 Workland Maakri 19 **Limited seats, registration on Meetup required!**



July 10, 2024


Event: Security Social Lunch Hours

Group: Seattle

Time: 12:00-07:00 (America/Los_Angeles)

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)



July 11, 2024


Event: OWASP Austin Study Group

Group: Austin

Time: 12:00-05:00 (America/Chicago)

Description: Since 4/25/24: discussions on AI and LLM's generally and the Coursera Prompt Engineering series from Vanderbilt specifically. We are now studying ChatGPT Advanced Data Analysis.... For General Study Group info, see #studygroup in OWASPAustin Slack For topic specific info, see #ai in the OWASPAustin Slack



July 13, 2024


Event: OWASP Summer Scavenger Hunt

Group: Manchester

Time: 13:00+01:00 (Europe/London)

Description: **To register for this you MUST go to our Eventbrite:** https://www.eventbrite.co.uk/e/owasp-summer-scavenger-hunt-tickets-921543680957?utm-campaign=social&utm-content=attendeeshare&utm-medium=discovery&utm-term=listing Do you like running round Manchester doing pointless challenges that may or may not be Hacker related for the chance of winning a £100 Amazon voucher? Yes?!? Then this is the event for you! This July OWASP Manchester will be hosting the first inaugural Charity Summer Scavenger Hunt. What you need to know: Who’s running it? Manchester OWASP and Silverphish, you may have entered a similar one at one of the BSides or at Steelcon. Where is it? Our base is the Piccadilly Central pub opposite Piccadilly Station, but the challenges will be all over the city centre. Teams You can enter as a team of up to five people or as an individual. It costs £5 per person to enter and the proceeds will go to the Mustard Tree. Running Time Registration is between 1pm - 2pm at Piccadilly Central, closing and prizes will be at the pub at 7pm. We’re welcome to stay on at the pub after, and may take a turn round the Gay Village. Prizes There will be £100 Amazon voucher PER TEAM for highest score and best submission, theres a £50 Amazon voucher for runner ups (second highest score). Who will Judge? Silverphish, Ben from OWASP and two exciting celebrity judges. Are there sponsors? Hell yes there are! We’d like to thank PTP for supplying the prizes and FireDuck for sponsoring the infrastructure. Will we provide refreshments? No. You’re on your own with that. Please eat before hand, and make sure to grab a Greggs during the hunt. Obvs as the base is a pub you’ll be able to buy a drink there too. Is the event suitable for Children? Hell no. It’s in a pub. It’s also not totally safe for work either, so be prepared for some mild adult content. Do you need technical knowledge to enter? You do not!!! There will be some mildly technical challenges but there will be plenty that are just silly or for fun. What should you bring with you? (These are suggestions, you’re grown-ups so we take zero responsibility for you) * A water bottle * Snacks * Comfortable shoes (preferably on your feet) * Sun cream * A brolly (it’s Manchester after all) * A sense of adventure * Probably some money **To register for this you MUST go to our Eventbrite:** https://www.eventbrite.co.uk/e/owasp-summer-scavenger-hunt-tickets-921543680957?utm-campaign=social&utm-content=attendeeshare&utm-medium=discovery&utm-term=listing



July 15, 2024


Event: La Sensibilisation à la Sécurité Informatique

Group: Cotonou

Time: 08:00+01:00 (Africa/Lagos)

Description: Le Chapitre Cotonou de la fondation OWASP en partenariat avec l’Agence des Systèmes d’information et du Numérique (ASIN), organise du 15 au 19 Juillet 2024 une formation de 5 jours sur le thème : sensibilisation à la sécurité de l’information. Cette formation est destinée à toute personne qui désire approfondir ses connaissances en sécurité informatique pour ne pas demeurer le maillon faible du système de management de la sécurité de son organisation. N'hésitez pas à vous inscrire très rapidement à partir du lien sur l'affiche ([https://owaspformation.emes.bj](https://owaspformation.emes.bj) /) car le nombre de places est très très limité.


Event: OWASP Monthly meeting

Group: Jacksonville

Time: 18:45-04:00 (America/New_York)

Description: OWASP topic TBA



July 16, 2024


Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+12:00 (Pacific/Auckland)

Description: We're picking up our regular Meetup schedule in 2024, starting in March. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We restarted our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting. Our Top 10 topic for July will be **A03:2021 - Injection**. **Technical Topic Speaker:** TBC **Talk Title:** TBC We're always looking for presenters and topics for future meetings - contact John ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be John talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.



July 17, 2024


Event: Threat modelling software supply chains during a red team assessment.

Group: Brisbane

Time: 18:00+10:00 (Australia/Brisbane)

Description: The software supply chain is under increasing threat. New attacks and threats have popped up that we couldn't have imagined even two years ago. Total attacks on the software supply chain are increasing by more than 730% year on year since 2019. One way for organizations to combat this growing threat is to empower their red teams to test the software supply chains for that organization. But many red teams are ill-prepared to tackle this new attack surface. This talk will have three distinct parts: 1\. I will describe how security teams\, red teams\, or security researchers can quickly identify the multiple components in a particular applications software supply chain\, and then how to find soft targets to focus on\. 2\. I will describe my VBP framework \(value\, behaviour and patterns\) which is an applied threat modelling framework for software supply chains\. 3\. Finally\, I will visually describe one of my red team operations on an open\-source project and the tools that I use \(or have written\) to make that possible\.



July 18, 2024


Event: Lessons from recent breaches

Group: Columbus

Time: 18:00-04:00 (America/New_York)

Description: Jay Bobo from CoverMyMeds is speaking! I'll get an abstract up here shortly, but it will be fantastic. And we are at a NEW location! Check it out!


Event: Designing an Efficient Penetration Test Suite

Group: Portland

Time: 17:30-07:00 (America/Los_Angeles)

Description: How do you define the scope of penetration testing for a web application project? Is it the OWASP Top Ten, formal guidelines established by organizations such as NIST, security stories developed by the product owner and the security team, or recommendations made by your development team? The answer is all the above depending on the client, your development environment, and your capacity to take the risk. This presentation will share experiences gained from penetration testing of a web application hosted by a Government agency providing professional licenses to its prospective clients. The nature of the project touched numerous areas such as CJIS (Criminal Justice Information Service), Personal Identifiable Information (PII), Access Control (Authorization in particular), and adherence to the security standard’s office guidelines. The challenge was to identify and prioritize the test suite that will cover these specific areas in a constrained time period. To enhance the coverage, the test suite had to include DAST (using ZAP) and some specific general scenarios. The audience will take away some approaches that when applied can lead to a well balanced (both effective and efficient) penetration testing. SCHEDULE Doors open at 5:30. The talk will begin about 6pm. ENTRY There are doors on Washington and Broadway. Both of them auto-lock at 6pm. From 6 to 6:15pm, only the door on Broadway will be available. Take the elevator to the 11th floor. NO ENTRY AFTER 6:15 PM It will not be possible to enter the building after 6:15. ACKNOWLEDGEMENTS Our host again this month is NedSpace, a co-working space in downtown Portland--a friendly place to work when you don't want to work from home. FOOD We don't yet have a sponsor for July, so there may not be food this time. Plan accordingly. (If you know a company that might like to sponsor, please put them in touch with us.)


Event: OWASP Chapter POA - Encontro #15 [ONLINE]

Group: Porto Alegre

Time: 19:30-03:00 (America/Sao_Paulo)

Description: Em julho teremos o nosso próximo encontro, online e com participação de todos através do **ZOOM**. Venha aprender e conversar **com um dos principais colaboradores** do OWASP Top 10 For LLM. **Link para a transmissão:** https://us06web.zoom.us/j/87962925968 **Confira nossa agenda:** 19h30 \~ 20h30 **"Segurança de IA na Prática: OWASP Top 10 para LLM Apps"** Nesta apresentação, exploraremos as melhores práticas de segurança para aplicações que utilizam Modelos de Linguagem de Grande Escala (LLM). Vamos discutir o OWASP Top 10, um guia essencial para identificar e mitigar os principais riscos de segurança nessas aplicações. Através de exemplos práticos e insights detalhados, você aprenderá como proteger suas implementações de IA, garantindo conformidade e segurança robusta. Esta sessão é fundamental para profissionais de segurança, desenvolvedores e líderes de tecnologia que buscam fortalecer suas defesas contra ameaças emergentes no campo da inteligência artificial. **Palestrante:** Emmanuel Guilherme Junior \(Cybersecurity Leadership \| AI & LLM Security \| Cloud Security \| OWASP Top 10 for LLM Core Team Member\)


Event: Webauthn - WTF or FTW?

Group: Vancouver

Time: 18:00-07:00 (America/Vancouver)

Description: **Webauthn - WTF or FTW?** with Don Burks While it has been around for a few years, the Web Authentication Standard (or Webauthn) is just starting to become mainstream. This talk will explore some of the real-world applications of this technology, in particular discussing adoption strategies, observability practices, and evaluating Webauthn against other strategies such as OAuth and 2FA. **Don Burks** is a technical leader who has been working in the industry for over 25 years. Former Head Instructor of Lighthouse Labs and with experience both in startups and FAANG companies, Don's background in software development and technical leadership has provided a wealth of experience which he shares in books, talks, and the great teams with which he gets to work. Currently, Don is the Director of Engineering for Bulletproof Studio Tools, based in Vancouver, BC.



July 19, 2024


Event: OWASP San Antonio Chapter Monthly Meeting-July 19th 2024

Group: San Antonio

Time: 11:00-05:00 (America/Chicago)

Description: Topics- See abstracts below * Securing API's in the Cloud * The top API threats seen in the first quarter of 2024 * Salesforce Security Pen Testing **Lunch Provided** small fee for parking est $5-$7.50 Bauerle Road Garage at UTSA Campus University Room 2.06.04 - Business Building, John Peace Library, 1 UTSA Circle, San Antonio, TX 78249 ZOOM link provided for remote attendees We encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity! Please feel free to pass this information on to your peers and team members. Please reply **“ONSITE”** if you plan on attending in person so we can finalize headcount for food and room attendance **Presentations will include:** ***I. Presentation on API Lifecycle-Optiv*** API lifecycle graphic review-provided baseline understanding of API journey-Optiv ***II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto*** This presentation explores the current state of API security in the cloud, covering industry trends and common challenges organizations face. It delves into effective strategies for API discovery, risk profiling, and real-time protection, providing practical insights and best practices to enhance API security. The discussion will highlight key concerns such as inadequate authentication, lack of visibility, and poor endpoint management, aiming to equip attendees with the knowledge to better secure their API ecosystems. ***III. API ThreatStats™ Report Q1 2024 Spotlight: Why API Security Is The First Thing For Enterprise AI- Wallarm*** The Wallarm Research Team has analyzed billions of data points to identify the top API vulnerabilities and exploits for the 1st quarter of 2024, shining a spotlight on the rising threat of API attacks targeting AI applications. The report explores the top significant threats, identifies key trends, and provides actionable insights that can help you strengthen your API Security program, with an emphasis on identifying and protecting your AI applications from API security issues. ***IV. Salesforce Pen-testing-Rodney*** Topic 2-PaaS Cloud Goat is a simulated vulnerable Salesforce Application providing hands-on experience with penetration testing of custom Salesforce applications. The tool is similar to other test tools like AWS CloudGoat, CloudFoxable, AzureGoat, GCPGoat, and Pen-Testing Cloud REST APIs in OpenStack. It is not, however, a tool for attacking [Salesforce.com](http://salesforce.com/) itself. It is novel because it focuses on custom applications deployed using the Salesforce platform and is the first tool to provide lab exercises with a collection of security tests. The main takeaways: 1\. Hands\-on learning opportunity of security tests for a custom Salesforce application 2\. Detailed training documentation material about the underlying flaws to look for 3\. Single consolidated list of common Salesforce application vulnerabilities



July 20, 2024


Event: Null/OWASP Combined Monthly Meet on 20 July 2024

Group: Bangalore

Time: 09:30+05:30 (Asia/Kolkata)

Description: null/owasp combined meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn. * Deepfakes Detection Techniques by **pretti Rajesh** * Block chain and Smart contracts by **Meera** * There's no honour among phishers: free phishing kits with hidden backdoors by **Anshuman** * Building your own threat intel sink by **Pavan Karthick M** ### Session Schedule | Name | Speaker | Start Time | End Time | Resources | | ---- | ------- | ---------- | -------- | --------- | | **Welcome Note / Registrations** | 09:30 AM | 09:40 AM | | | [Deepfakes Detection Techniques](https://null.community/event_sessions/4336-deepfakes-detection-techniques) | [pretti Rajesh](https://null.community/profile/48106-pretti-rajesh) | 09:40 AM | 10:10 AM | | | **Introduction to beginners** | 10:10 AM | 10:25 AM | | | [Block chain and Smart contracts](https://null.community/event_sessions/4338-block-chain-and-smart-contracts) | [Place Holder](https://null.community/profile/2-place-holder) | 10:25 AM | 11:20 AM | | | **Networking Session + Break** | 11:20 AM | 11:45 AM | | | [There's no honour among phishers: free phishing kits with hidden backdoors](https://null.community/event_sessions/4340-there-s-no-honour-among-phishers-free-phishing-kits-with-hidden-backdoors) | [Place Holder](https://null.community/profile/2-place-holder) | 11:45 AM | 12:40 PM | | | [Building your own threat intel sink](https://null.community/event_sessions/4341-building-your-own-threat-intel-sink) | [Pavan Karthick M](https://null.community/profile/37062-pavan-karthick-m) | 12:40 PM | 01:35 PM | | | **Feedback + Next Month’s Planning** | 01:35 PM | 01:55 PM |