OWASP Community Meetings


Quick List (Details below)

November 12, 2024

Event: API Security Workshop with OWASP crAPI (hands-on)

Group: Brisbane

Time: 17:30+10:00 (Australia/Brisbane)

Description: In today's rapidly digitalizing world, Application Programming Interfaces (APIs) are the backbone of communication in the vast landscape of web services, cloud applications, and microservices. With this increased usage comes the inevitable rise of security threats targeting APIs. This workshop aims to arm participants with practical knowledge and hands-on experience to secure APIs effectively. In this workshop, we will be using OWASP crAPI (completely ridiculous API), a purposely insecure API, to demonstrate common API vulnerabilities and their mitigations. We will discuss the 'Shift Left' approach in API security, emphasizing the importance of integrating security measures early in the development lifecycle. Participants will learn to identify, exploit, and secure API vulnerabilities, equipping them with the necessary skills to build more secure applications. **Requirements**: 1\. Active Participation: The workshop will be highly interactive\. Questions\, comments\, and sharing of experiences are strongly encouraged\. 2\. Laptop: As this is an in\-person workshop\, please bring along your laptop with any API testing tool installed\. 3\. Pre\-workshop Material: On confirmation of your attendance\, you will receive some pre\-workshop reading materials\. We recommend reviewing these before the event to maximize your learning experience\.


Event: OWASP Cleveland: Security Roundtable

Group: Cleveland

Time: 18:30-05:00 (America/New_York)

Description: We’ll be gathering on Tuesday, 11/12, at Market Avenue Wine Bar for a discussion on all things information and application security. Charles Bickel will be speaking on how he found multiple CVEs and how you can too. This will be a roundtable-style meetup, offering a chance to connect with others and talk security.


Event: OWASP November Meet - In person

Group: Dallas

Time: 17:30-06:00 (America/Chicago)

Description: Mobile App Pentesting for Fun and Profit Welcome to the thrilling world of mobile app pentesting! This session will equip you with the skills to uncover vulnerabilities in mobile applications. Whether you’re a seasoned pro or a curious newcomer, prepare for an adventure in cybersecurity.


Event: German OWASP Day 2024

Group: Frankfurt

Time: 09:00+01:00 (Europe/Berlin)

Description: **\*\*This is a paid event\*\*** Dear all, We're proud to present a cool lineup of talks for the German OWASP Day in Leipzig on November 13th! The program committee got a solid amount of high quality submissions and thus the agony of choice. \* Frederik Braun will present "Modern solutions against Cross-Site Leaks (xs-leaks) and CSRF“ \* Thomas Barber will give us insights into the project Foxhound, a taint tracking project using a patched Firefox \* Malte Wessels will display results of his research on SSRF \* Shubham Agarwal will raise his voice against "Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike" \* Björn Kimminich is celebrating the "OWASP Juice Shop 10th anniversary" \* While Dr. Daniel Fett will be talking about "How (Not) to Use OAuth in 2024“, \* Kristina Yasuda will tell you "The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems" (EUDI Wallet) \* Tim Philipp Schäfers will demystify NIS2 and hopefully NIS2UmsuCG \* Diana Calderón will explore strategies for creating and implementing Security Champion programs in organisations \* Hanno Böck will tell not-so-good stories about private keys \* Stephan Pinto Spindler will share his experiences wrt "Network Fingerprinting for Securing User Accounts" \* Behnaz Karimi will give us an overview of the OWASP AI Exchange project \* Niklas Bunzel and Raphael Antonius Frick will explore the security challenges and opportunities posed by GenAI \* Clemens Hübner will amend that showing how GenAI can help identifying threats \* Florian Hantke and Sebastian Roth will show how to scan for Vulnerabilities Without Getting Into Trouble \* Nicolas Schickert, Ole Wagner and Matthias Göhring will tackle most companies problem child "SAP from an Attacker’s Perspective – Common Vulnerabilities and Pitfalls" The full program is on the web site [https://god.owasp.de/](https://god.owasp.de/) . **Registration is open. [Reserve your spot](https://god.owasp.de/2024/#tickets)! \*\*This is a paid event\*\*** On the 12th of November we also offer three trainings — those have to be booked separately: \* OWASP Juice Shop: Advanced Demos & For-fun CTF by Björn Kimminich + Jannik Hollenbach \* Getting started for establishing your Security Champions Program by Juliane Reimann + Michael Bernhardt \* Building Secure Software: A Hands-On OWASP SAMM Training by Daniel Kefer. As usual on the evening before the conference day (November 12th) there’s a get-together with food and drinks. **\*\*THIS IS A PAID EVENT\*\***


Event: OWASP LA Monthly In-Person Meeting - NOV 12, 2024

Group: Los Angeles

Time: 17:30-08:00 (America/Los_Angeles)

Description: /\*\* NEW DATE NEW DATE NEW DATE \*\*/ **TOPIC**: State of Pentesting 2024 Join us for great networking, dinner and drinks, and see a presentation by **Caroline Wong**, Chief Strategy Officer at Cobalt. **ABSTRACT**: In the sixth annual installment of State of Pentesting 2024, Cobalt shares data and insights from more than 4000 manual pentest engagements performed in 2023, resulting in more than 39,000 security vulnerability findings. Caroline will present the data as well as commentary on artificial intelligence and offensive security. **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]* **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: [https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy) **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]*


Event: German OWASP Day 2024

Group: Wrongsecrets

Time: 09:00+01:00 (Europe/Berlin)

Description: **\*\*This is a paid event\*\*** Dear all, We're proud to present a cool lineup of talks for the German OWASP Day in Leipzig on November 13th! The program committee got a solid amount of high quality submissions and thus the agony of choice. \* Frederik Braun will present "Modern solutions against Cross-Site Leaks (xs-leaks) and CSRF“ \* Thomas Barber will give us insights into the project Foxhound, a taint tracking project using a patched Firefox \* Malte Wessels will display results of his research on SSRF \* Shubham Agarwal will raise his voice against "Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike" \* Björn Kimminich is celebrating the "OWASP Juice Shop 10th anniversary" \* While Dr. Daniel Fett will be talking about "How (Not) to Use OAuth in 2024“, \* Kristina Yasuda will tell you "The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems" (EUDI Wallet) \* Tim Philipp Schäfers will demystify NIS2 and hopefully NIS2UmsuCG \* Diana Calderón will explore strategies for creating and implementing Security Champion programs in organisations \* Hanno Böck will tell not-so-good stories about private keys \* Stephan Pinto Spindler will share his experiences wrt "Network Fingerprinting for Securing User Accounts" \* Behnaz Karimi will give us an overview of the OWASP AI Exchange project \* Niklas Bunzel and Raphael Antonius Frick will explore the security challenges and opportunities posed by GenAI \* Clemens Hübner will amend that showing how GenAI can help identifying threats \* Florian Hantke and Sebastian Roth will show how to scan for Vulnerabilities Without Getting Into Trouble \* Nicolas Schickert, Ole Wagner and Matthias Göhring will tackle most companies problem child "SAP from an Attacker’s Perspective – Common Vulnerabilities and Pitfalls" The full program is on the web site [https://god.owasp.de/](https://god.owasp.de/) . **Registration is open. [Reserve your spot](https://god.owasp.de/2024/#tickets)! \*\*This is a paid event\*\*** On the 12th of November we also offer three trainings — those have to be booked separately: \* OWASP Juice Shop: Advanced Demos & For-fun CTF by Björn Kimminich + Jannik Hollenbach \* Getting started for establishing your Security Champions Program by Juliane Reimann + Michael Bernhardt \* Building Secure Software: A Hands-On OWASP SAMM Training by Daniel Kefer. As usual on the evening before the conference day (November 12th) there’s a get-together with food and drinks. **\*\*THIS IS A PAID EVENT\*\***


November 13, 2024

Event: November Meet

Group: Bay Area

Time: 17:30-08:00 (America/Los_Angeles)

Description: Join us for Bay Area OWASP's upcoming event, Great talks, delicious food Courtesy our sponsors Endor Labs. Get ready for insightful discussions and the chance to network with some of the brightest minds in the industry. **Agenda:** 5:30 - 6:00: Doors open, networking and food 6:00 - 6:45: **Start Clean with AI: Select Safer LLMs** 6:45 - 7:30: **AI && Patterns for SAST Automation.** **Talk#1 Start Clean with AI: Select Safer LLMs** This talk will cover practical information that every developer that works with AI and AI models needs to be aware of. AI models have both similarities as well as important differences than OSS package dependencies. We will discuss ways that AI models can introduce both operational and security risk, and practical ways of managing this risk. As well as cover why it is really difficult to gain visibility into an AI model and some nascent industry efforts to address the problem. **Speaker:- George Apostolopoulos - Endor Labs Engineering** 20+ years of experience in building and delivering networking and security products with emphasis on innovation. 6+ years of hands-on experience in large scale security analytics and machine learning for cybersecurity including a key role in one of the first machine learning based security products in the market. Talk#2 **AI && Patterns for SAST Automation.** Description:- TBD Speaker: Bogdan Barchuk, SSCP. CISP. CISM. OSCP. OSCE.. OSCW. WAPT. CREST and OSWE. Bogdan is a seasoned pentester with keen interest in Offesive security


Event: OWASP Boston Chapter Meeting - November 2024

Group: Boston

Time: 19:00-05:00 (America/New_York)

Description: This month we will be welcoming Jim Manico, a form OWASP Global Board Member and long time project contributor, to our meetup. Doors open at 6:30pm and the presentation starts at 7pm. Pizza and soda will be provided. Jim will be presenting as part of our "Learn about OWASP Projects" series on his project team's project, the OWASP ASVS & Cheat Sheet Series . In this session you will learn: 1) How was the project started? 2) About the project and goals 3) How can one help, volunteer /sponsor? 4) Existing Team Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. He is also an investor/advisor for 10Security, Aiya, MergeBase, Nucleus Security, KSOC, and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of “Iron-Clad Java: Building Secure Web Applications” from Oracle Press. Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see [https://www.linkedin.com/in/jmanico](https://www.linkedin.com/in/jmanico).


Event: Patients at Risk: Investigating The Healthcare Cybersecurity Crisis

Group: Nashville

Time: 17:00-06:00 (America/Chicago)

Description: Want to learn more about the most successfully attacked industry in the world? Here’s your chance! Healthcare organizations are facing a digital storm. Cyberattacks are increasingly successful, targeting sensitive patient data, disrupting critical services, and putting lives at risk. Facing a growing threat landscape due to increasing reliance on interconnected technologies (including IoT, IoMT, OT and IT systems), many hospitals are struggling to recover from decades of accumulated cybersecurity debt. This presentation will explore the root causes of healthcare cyberattacks, providing real-world examples and discussing the technical vulnerabilities that make organizations prime targets. Attendees will gain insights into the emerging guidance and strategies for improving healthcare cybersecurity, as well as the debate surrounding the need for regulation in this critical sector. We will also examine the significant financial and reputational costs associated with cyberattacks and delve into the motivations and tactics of the attackers themselves. Join OWASP Nashville and Chad Holmes as we dive deep into the world of healthcare cybersecurity. We'll explore the root causes of cyberattacks, examine real-world examples, and discuss the technical vulnerabilities that make hospitals prime targets.


Event: Security Social Lunch Hours

Group: Seattle

Time: 12:00-08:00 (America/Los_Angeles)

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)


Event: November community call - OWASP SAMM

Group: Samm

Time: 14:30-05:00 (America/New_York)

Description: During our next community call we share highlights from our last project summit. As always, we'll have time for Q&A


November 14, 2024

Event: OWASP BE chapter meeting (14/11/2024, Mechelen)

Group: Belgium

Time: 19:00+01:00 (Europe/Brussels)

Description: On November 14th, we organize our next OWASP Belgium chapter meeting in Lamot (Mechelen). This event is co-located with the [CyberSecurity event "Strategic Research and Industry Impact"](https://cybersecurity-research.be/event/cybersecurity-strategic-research-and-industry-impact). **Agenda**: * 17h30-19h: networking drink * 19h-19h10: **OWASP update** * 19u10-20h00: **A Mobile Security Crash Course: Application Security, Resilience, and Malware** (by Jeroen Beckers, NVISO) * 20h00-20h30: **LanShield: Control your apps, defend your network** (by Jeroen Robben and Angelos Beitis, DistriNet, KU Leuven) More info can be found on the Belgium OWASP chapter page at [https://owasp.org/www-chapter-belgium/#div-meetings](https://owasp.org/www-chapter-belgium/#div-meetings) . Our chapter meetings are open for everyone, and attendance is free of charge. We ask you to register on Meetup in order to provide you with last-minute updates, if needed.


November 15, 2024

Event: 2024 CyberSecurity Summit NYC with the OWASP NYC Chapter

Group: New York City

Time: 08:00-05:00 (America/New_York)

Description: OWASP New York City is a proud partner of this event; for a limited time has secured Exclusive Complimentary Admission for our network! OWASP NYC Chapter is giving out complimentary guest passes Must signup @ Register here: https://tinyurl.com/OWASPNYC-Cybersecurity-Summit Register and use code CSS24-OWASPNYC Or use the QR Code on the Flyer: It's an after-work Happy Hour with our Security Friends When: Friday November 15th, 2024 @ 8:00 - 6:00 Where: Sheraton New York Time Square Hotel @ 53th Street 811 7th Avenue, W 53rd St, New York, NY 10019 Register here: https://tinyurl.com/OWASPNYC-Cybersecurity-Summit [The agenda](https://www.secureworld.io/e3t/Ctc/I2+113/cg5XF04/VVNPhl2wq7r-W1bxcrw4rW_hmW5XFwz15lVx-wN5q1hkn3qgyTW7Y8-PT6lZ3n6W8YnVLp8spdqMN2PB4GY_GyVvF74VWZBqlX_W7S2vF_8WkXmCMT46TFVXjFqN2M66T0YyP0wW3D6xpK2N2kWYW3bRHpG5SDw9nW6P-nV-6c065SW5BnT7476K1BGW2lkLW745gYvvN1fqVY5Kzfl0W5YXKj84vcX_KVWqZKQ6fNGsyN6Mks8C7qV95W88BCTS24JYF1W1DDcJq3Sc9DmW1cHYXF8J1T8dW7rlkqG2B5JXnVBXvn28Dh29TW5dZrCT5LP3K_VgX-pQ8PCVYVW7SBQ7f8JSw-VW913q4d71qFnLW8pxX1j5yZGFhW3qpSnP3qGKTYf1_F4MC04) will offer informative sessions and the opportunity to earn In addition. By attending a full day at the Cybersecurity Summit, you will receive a certificate granting you Continuing Education Units or Continuing Professional Education Credits. To earn these credits, you must participate for the entire summit & confirm your attendance at the end of the day. Don't forget to stop by our OWASP NYC Chapter Booth


November 16, 2024

Event: Data Con LA 2024

Group: Los Angeles

Time: 09:00-08:00 (America/Los_Angeles)

Description: **OWASP LA** has organized an exceptional offer for our meetup membership to participate in ***[12th Annual Data Con LA ](https://www.dataconla.com/events/dcla-2024/)***on November 16th, in the campus of CSU Long Beach, CA. Join us for deep insight in new tools and technology, training. Whether you’re an industry veteran, a data science newbie, or somewhere in between, Data Con LA offers a unique opportunity to dive deep into the world of data. [Register](https://www.tickettailor.com/events/dataconla/1356949) now using discount code **OWASPLAxDCLA2024** for **33%** off the ticket price. Check the full schedule at [Data Con LA 2024 Sessions](https://www.dataconla.com/events/dcla-2024/sessions/). This year, we’re bringing you three dynamic tracks designed to cover the full spectrum of the data universe: * **AI, ML and Data Science**: Explore the cutting-edge advancements in artificial intelligence, machine learning, and data science. From groundbreaking research to practical applications, this track is your gateway to understanding how these technologies are shaping the future. * **Data Engineering and Ops**: Discover the backbone of the data ecosystem. This track will delve into the best practices, tools, and platforms that power data-driven organizations. Learn how to build, scale, and maintain robust data infrastructures that can handle today’s complex challenges. * **Data Analytics and BI**: Uncover the insights that drive decision-making. This track focuses on the latest trends in data analytics and business intelligence, helping you transform raw data into actionable insights that can propel your organization forward. In addition to these tracks, we’re excited to feature a series of **expert panels** that will bring together thought leaders from across the industry to discuss the most pressing issues and future trends in data. For more details on the sessions planned visit the [Sessions page](https://www.dataconla.com/events/dcla-2024/sessions/) on our website and for speaker the speaker lineup, check out the [Speakers page](https://www.dataconla.com/events/dcla-2024/speakers/). While the final schedule is still being perfected, rest assured that each session will be packed with valuable content, hands-on learning, and opportunities to network with peers and leaders in the field. One last thing we are making happen this year is Match & Mingle, a chance to connect with another attendee. Those participating will be matched and introduced in to one other attendee based on background and interests, giving you a chance to meet someone new and make a deeper connection within the community. Look out for the opt-in question during the checkout! Don’t miss your chance to be part of this incredible event. Stay tuned for updates on the agenda, and secure your ticket today to ensure your spot at Data Con LA 2024! And finally **don't forget** to visit us at the OWASP Los Angeles booth!


November 18, 2024

Event: Recent Discoveries in My Source Code Review Journey: Navidrome Vulnerabilities

Group: Brisbane

Time: 18:00+10:00 (Australia/Brisbane)

Description: Join me on a journey through my recent source code reviews, where I uncovered vulnerabilities in Navidrome, an open-source music server written in Go, and explored how JWT libraries prevent algorithm confusion attacks in JSON Web Tokens (JWT). In the first part of this talk, I will share my findings from examining Navidrome’s codebase, discussing specific security issues that emerged from my review, including insights gained from a CVE analysis. The second part will focus on JWT algorithm confusion—a prevalent security issue that arises when implementations fail to enforce proper algorithm selection. I will examine real-world examples of this vulnerability and outline common strategies that developers use to prevent such issues.


Event: OWASP Monthly meeting

Group: Jacksonville

Time: 17:30-05:00 (America/New_York)

Description: OWASP topic TBA


November 19, 2024

Event: OWASP New Zealand - Auckland Meetup

Group: New Zealand

Time: 18:30+13:00 (Pacific/Auckland)

Description: We're picking up our regular Meetup schedule in 2024, starting in March. Our approximate agenda for the evening: * 6:00 p.m. - Gather and networking * 6:30 p.m. - Introductions, Top 10 Topic * 7:15 p.m. - Pizza and more networking * 7:45 p.m. - Technical Topic We restarted our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting. Our Top 10 topic for November will be **A05:2021 - Security Misconfiguration**. **Technical Topic Speaker:** Jagan Boda (Jay) **Talk Title:** How scary is a Post-Quantum Computing Crypto World? In my presentation, I will explore the transformative potential and security challenges of quantum computing. I will try to explain key quantum concepts like superposition and entanglement, contrasting them with classical computing principles. I will address security concerns by discussing the vulnerability of current cryptographic algorithms and infrastructure to quantum attacks. A brief history of cryptography and solutions to the challenges from quantum computing. Then we will outline ongoing efforts to develop quantum-resistant cryptography and the standardization processes from organizations such as NIST. Opportunities for adoption of post-quantum computing safe algorithms exist today and can be planned for and budgeted. Education and awareness will be crucial, ensuring stakeholders understand the implications of quantum computing on cybersecurity. By the end of the presentation, attendees will gain a foundational understanding of quantum computing's impact on security and practical steps to protect sensitive data in a quantum-enabled future. We're always looking for presenters and topics for future meetings - contact John ([email protected]) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be John talking about what he's been working on recently. The Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays.


Event: OMFG We’ve been hacked! Cyber Insurance Policy after the Walls Come Down

Group: Philadelphia

Time: 19:00-05:00 (America/New_York)

Description: Last Call!! Woah has it been (almost) a year?! You'd forgive me if I am confused while we experience May weather in November. Anyhow, this will in fact be our last in person meeting for the good year 2024. Please join us for comradery, security, and our final speaker - Mike Briley! There's been quite a buzz (not an OWASP joke) around this one since we announced it way back in September. Close down the year with us with this engaging speaker. Lite refreshments will be served. This talk will explore many elements of the cyber insurance industry. Security controls have failed, leading to a system compromise. So now what?! He will discuss what a cyber policy covers and how the process unfolds while taking a deep dive into a real-life claims example.


November 20, 2024

Event: Denver OWASP November Meetup - Join Us!

Group: Denver

Time: 17:30-07:00 (America/Denver)

Description: **Everyone is welcome! Bring a friend...** Join us on November 20th for food, drinks, networking and an exciting presentation. Networking with your peers starts at 5:00 - food is served at 5:30 and the presentation starts at 6:00. This month's presentation is brought to you by Mend.io! **Presentation:** From Reactive to Effective: Building Application Security that Works **Abstract**: In 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -– while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how? The key is to move from a compliance-based approach to managing application risk. Join us for an in-depth discussion of what it takes to stop playing defense when it comes to application security. He'll wrangle over topics like: * The tell-tale signs of reactive mode * The value of preventative best practices * How to build security actions into the developer experience * The need for a holistic view and effective prioritization * Arming the security team with instant control at scale


Event: OWASP Gothenburg Security Pub (SäkPub)

Group: Gothenburg

Time: 17:30+01:00 (Europe/Stockholm)

Description: **OWASP Gothenborg Chapter invites you to an evening of security and entertainment!** Come hang out, grab a beer, and play arcade games with other security minded people! The event is open to anyone, but people on the guest list will receive arcade tokens from our sponsor KITS (if they show up before 18:30, or the tokens will be given to others). When: Wednesday 20/11 17:30 - 21:30 Where: Zamenhof, Esperantoplatsen 5, 411 19 Göteborg


November 21, 2024

Event: Security Journey CTF

Group: Columbus

Time: 18:00-05:00 (America/New_York)

Description: *This will be at the new location, as shown below! Don't go to the wrong place!* Hands-on hacking time! Security Journey has graciously allowed us to borrow their CTF for the evening to see and fix coding flaws that lead to security vulnerabilities. It's all web based, so bring your laptop! (There really isn't anything to install, so bring your work laptop.) But be there! We'll start off with a few highlights related to what is new in the world of appsec, and have a good-of-the-order style chat about the near, they we will dig into finding and fixing some stuff.


Event: The 2024 Los Angeles Cybersecurity Summit

Group: Los Angeles

Time: 07:30-08:00 (America/Los_Angeles)

Description: **OWASP LA** has organized \***ANOTHER**\* exceptional offer for our meetup membership to participate in ***Ninth Annual Los Angeles Cybersecurity Summit*** on November 21st, in Los Angeles, CA. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals. [Register ](https://cybersecuritysummit.com/register/losangeles24/)now using code **CSS24-OWASPLA** for your **complimentary** pass! Space is limited so act now to secure your place. Check the full schedule at [2024 California Technology Summit Agenda](https://cybersecuritysummit.com/summit/losangeles24/) The **Ninth Annual Los Angeles Cybersecurity Summit** connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. Admission gives you access to all Interactive Panels, Discussions, Catered Breakfast, Lunch & Cocktail Reception. **Conference Highlights:** ### Interactive Panel Discussions **Defining Cybersecurity-Readiness: How do you evaluate yours?** When looking at how to best protect your business, cybersecurity readiness should be top priority, but what is it? Let’s discuss GRC & the best steps to take when quantifying cyber risk, developing your incident response plan, creating a data security policy & more. **2024 & The Biggest Threats to Your Business** On this panel our lineup of industry experts will discuss the most dangerous and emerging threats to your organization as well as the solutions that go beyond anti-malware/anti-virus to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption. **Conceptualizing Cloud Security & Why it Matters Today** Cloud computing solves many problems like flexibility, cost-efficiency & scalability, so it’s no surprise that use of the cloud is consistently growing. Our experts will look at hybrid and multi-cloud environments, adopting the concept of cybersecurity mesh & Zero Trust, the Secure Access Service Edge (SASE) framework, cloud-native tools & platforms, as well as why the future of network security is in the Cloud. ### Top 8 Reasons to Attend the Cybersecurity Summit 1\. Learn 2\. Evaluate Demonstrations 3\. Time\, Travel and Money Savings 4\. Engage\, Network\, Socialize & Share 5\. CEUs / CPE Credits 6\. Investment 7\. Atmosphere 8\. Reality Check ### [Questions](mailto:[email protected]) For any questions, please contact **[[email protected]](mailto:[email protected])** or call **212.655.4505 ext. 225** And finally **don't forget** to visit us at the OWASP Los Angeles booth!


Event: The Defender’s Advantage: A guide to activating cyber defense / Developing an Ap

Group: Orange County

Time: 18:00-08:00 (America/Los_Angeles)

Description: **NOTE: The following will be in effect and mandatory for this meeting venue.** * **RSVPs will close at 11:59 PM PT on Monday, November 18th, so kindly submit your RSVP by then. Walk-ins will not be permitted.** * **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.** * If your first and last name do not appear in our admin view, we will contact you. * Alternatively, feel free to reach out directly or email us at [email protected] to provide that information or any questions you may have regarding the event. **Parking** Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage. **Live Stream** Stream us live on Twitch: http://twitch.tv/owaspoc *Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.* **Talk 1** **The Defender's Advantage: A guide to activating cyber defense** Organizations today face relentless cyberattacks that can compromise their critical assets. The Defender’s Advantage is the concept that organizations have the upper hand in defending against attacks on their own environments. The overview will guide you through understanding the threat landscape, detecting and investigating malicious activity, testing and validating the effectiveness of controls and operations, hunting for active threats. The book goes into detail about each of these concepts to help organizations take control and galvanize their defender’s advantage. **Speaker 1 Bio** Gursev Singh, Sr. Information Security Consultant at Google. A seasoned cybersecurity professional with over 16 years of experience in the field. He has a strong track record of success, leading and managing cybersecurity projects for major customers.Gursev's expertise in cloud security (Google, AWS & Azure), SIEM, and data protection. His deep understanding of infrastructure security and cyber threat and vulnerability management further enhances his ability to analyze threats, identify vulnerabilities, and respond to security incidents.Currently, he's a Sr. Information Security Consultant at Google. **Talk 2** **Developing an Application Security Champions Program** Application security focuses on a specific set of issues which incur risk. Software security in general may cover everything from IT to cloud to access, to authentication, etc. What we are addressing in this discussion is a security program designed to surface and mitigate risk found within applications. Agenda * Remote Code Execution – an infamous example * The recurring cycle of scan, assess, mitigate * Update, Update, Update! * Ownership is essential **Speaker 2 Bio** Rich Newman, Technical Account Manager at Black Duck Software, Inc. Rich was a developer for 13 years in the embedded space, primarily embedded C and assembly code. He then transitioned to field engineering for Wind River, Intel, Coverity and Synopsys for the past 26 years. The technologies he supported covered a wide range of embedded operating systems and tools, live patching, static analysis and security tools and services. He has an active CISSP certification.


Event: Building tools using eBPF to trace applications / containers

Group: Vancouver

Time: 18:00-08:00 (America/Vancouver)

Description: **Building tools using eBPF to trace applications / containers** with **Adam Harrison** eBPF is a revolutionary technology that can help solve a variety of use-cases. This talk will provide an introduction to building tools with eBPF, and show how it can be leveraged in the application and network security space.


Event: OWASP Vilnius #6

Group: Vilnius

Time: 18:00+02:00 (Europe/Vilnius)

Description: Hello OWASP Vilnius community! It's been a while and I'm super happy to announce, that there will be a physical event again organised at the new Visma Tech office in Artery Vilnius ! Beer and snacks guaranteed :) Save the date in your calendars: Thursday, November 21st. More information soon. See you soon! -Dominykas


November 27, 2024

Event: 6. OWASP Augsburg Stammtisch

Group: Augsburg

Time: 19:00+01:00 (Europe/Berlin)

Description: **!WANTED! --> Women in IT Security <-- !WANTED!** **Agenda tbd** Du hast einen Vortrag? Melde dich! Wir sind immer auf der Suche nach interessanten Inhalten!! **Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben. Du hast eine Idee oder willst einen Talk halten? Melde dich einfach! Wichtiges für Talks in aller Kürze: * Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung * Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo * Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten könntest * Vertriebler, die eine Verkaufsveranstaltung durchführen wollen, werden ausgebuht und müssen diverse Runden Bier ausgeben


Event: OWASP Frankfurt Chapter #69 - Software Maturity Model and OWASP initiatives

Group: Frankfurt

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* **DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event—details to be announced soon! **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 AG, located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


Event: OWASP Frankfurt Chapter #69 - Software Maturity Model and OWASP initiatives

Group: Wrongsecrets

Time: 18:00+01:00 (Europe/Berlin)

Description: Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event. *What are we going to talk about?* **DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event—details to be announced soon! **Socializing Opportunities:** There will be plenty of time to socialize before and after the event. *Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward. *When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST. *Where?* The event will be held at CHECK24 AG, located at Speicherstraße 55, 60327 Frankfurt am Main. *Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt) *And now?* Save the date, spread the word, and bring your friends and colleagues along to our event. *Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!


November 28, 2024

Event: OWASP BeNeLux Days 2024

Group: Belgium

Time: 09:00+01:00 (Europe/Brussels)

Description: Exciting News! Join us at the "OWASP BeNeLux Days 2024" edition on November 28th and 29th in Utrecht, the Netherlands. Explore the latest in security, devops, and cloud with technical talks by industry experts. Get hands-on with top security training sessions. Gain insights from keynotes by industry leaders. Discover cutting-edge security tech at vendor booths. Check the link below for more information and registering for the event: [https://www.owaspbenelux.eu/](https://www.owaspbenelux.eu/)


Event: OWASP BeNeLux Days 2024

Group: Netherlands

Time: 09:00+01:00 (Europe/Amsterdam)

Description: Exciting News! Join us at the "OWASP BeNeLux Days 2024" edition on November 28th and 29th in Utrecht, the Netherlands. Explore the latest in security, devops, and cloud with technical talks by industry experts. Get hands-on with top security training sessions. Gain insights from keynotes by industry leaders. Discover cutting-edge security tech at vendor booths. Check the link below for more information and registering for the event: [https://www.owaspbenelux.eu/](https://www.owaspbenelux.eu/)


Event: Monthly Networking Social

Group: Peterborough

Time: 19:00Z (Europe/London)

Description: It's music night! Come join us for live music and great chat. Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).


December 05, 2024

Event: OWASP Birmingham December Meeting

Group: Birmingham Uk

Time: 18:15Z (Europe/London)

Description: Hey all, Just a heads up to get this in your calendar - we've got our next meetup coming up! Date: Thursday 5th December 2024 ⏰ Time: 6:00 PM onwards Location: Hays Office, Central Birmingham As usual, we'll have: * Two exciting cybersecurity talks * Food and refreshments provided * A chance to talk and connect with folks from across the cyber sector in the Midlands All are welcome - from students to veterans and everyone in between! Full agenda and speaker details will follow closer to the date. *\*\*\*First Talk Announcement\*\*\** **Speaker:** David Archer (Solution Architect at Endor Labs) **Title:** Ship Happens: The Stormy Seas of Supply Chain Security **Synopsis:** Modern software development is a sprawling network of open-source dependencies, sophisticated build tools, plugins, pipelines, repositories and runtimes. This “supply chain” is under relentless attack and many of the potential threats are poorly understood by our development and security teams. We’ll take a warts-and-all look at how software is produced, re-used and “secured”. We'll explore strategies to mitigate some of the threats that exist and share practical takeaways that you can immediately implement in their software development practices. Expect to leave with a feeling of dread(!), but also hopefully a deeper understanding of supply chain security and where you should pay closer attention to your software factory. Looking forward to seeing you there! Best regards, Jim + Nathe OWASP Birmingham Chapter Leaders


Event: End of year celebration!

Group: Brisbane

Time: 15:00+10:00 (Australia/Brisbane)

Description: Join us in celebrating yet another end to an amazing year. No presentations, just a catch up with all you hackers, security experts and enthusiasts alike. Tell us about sweet hacks you’ve done or things you’ve heard about. Hope to see you there!


Event: OWASP Orlando - Application Security

Group: Orlando

Time: 18:00-05:00 (America/New_York)

Description: This is an In-Person OWASP Orlando Chapter Meeting Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **Tony Turner** Topic: Five Elements of Trust - Tony with present on 5 elements of trustworthy software, useful in establishing software and technology assurance in your supply chains. Speaker 2: **TBD** Topic: TBD


December 10, 2024

Event: 3rd OWASP Stuttgart Chapter Stammtisch

Group: Stuttgart

Time: 18:00+01:00 (Europe/Berlin)

Description: **Exploiting deserialization vulnerabilities in recent Java versions** Due to attack techniques such as Insecure Deserialization and JNDI Injection, Java applications were prime targets for attackers. However, recent changes in Java have rendered many known exploits and attack patterns ineffective in newer versions. This talk will provide an overview of these changes and discuss which techniques are still viable. Additionally, we will discuss how to harden existing Java applications that run on current Java versions. **Agenda (Subject to Change):** * **6:00 PM**: Arrival * **6:30 PM - 7:30 PM**: Presentation * **7:30 PM - approximately 9:00 PM**: Barbecue, drinks, discussion, and networking


Watch Star