OWASP Community Meetings

Quick List (Details below)

May 30, 2024

Event: OWASP Austin Study Group

Group: Austin

Time: 12:00-05:00 (America/Chicago)

Description: Since 4/25/24: discussions on AI and LLM's generally and the Coursera Prompt Engineering series from Vanderbilt specifically. We are now studying ChatGPT Advanced Data Analysis.... For General Study Group info, see #studygroup in OWASPAustin Slack For topic specific info, see #ai in the OWASPAustin Slack

Event: OWASP CoS May 2024

Group: Colorado Springs

Time: 18:00-06:00 (America/Denver)

Description: Speaker: Ben Struebing; "The Summit Awaits: Are you ready the Purple Ascent?" After / during: Pizza, Beer, Assortment of soft drinks Location: National Cyber Center (NCC): https://cyber-center.org/

Event: Steps to Reduce Friction between Development and Security Teams

Group: Orange County

Time: 18:00-07:00 (America/Los_Angeles)

Description: **NOTE: The following will be in effect and mandatory for this meeting venue.** * **RSVPs will close at 11:59 PM PT on May 26th, so kindly submit your RSVP by then. Walk-ins will not be permitted.** * **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.** * If your first and last name do not appear in our admin view, we will contact you. * Alternatively, feel free to reach out directly or email us at [email protected] to provide that information. **Parking** Park in the public garage structure next to the building. We will be providing paid tickets for exiting the garage. **Live Stream** Stream us live on Twitch: http://twitch.tv/owaspoc *Please change your RSVP to "No" if you can't make it and/or will join via livestream instead.* **Abstract** In an era where cloud security is critical, the delicate balance between rapid development and maintaining stringent security measures is more critical than ever. Join Doron Naim (DevOcean) as he addresses this challenge head-on, offering members of OWASP new actionable strategies and expert insights for enhancing collaboration and efficiency in cloud security and remediation efforts. **Key Insights:** * **Collaboration Techniques**: Learn proven collaboration methods to boost synergy across security, DevOps, and development teams. * **Smart Remediation**: Discover how intelligent workflows can significantly speed up the identification and resolution of security vulnerabilities. * **Ownership & Efficiency**: Gain insights on automating the assignment of fixes to the right team members, streamlining the remediation pipeline, and cutting down on ticket clutter. * **Preventive Measures:** Explore methods to ensure vulnerabilities are fixed right the first time, preventing future occurrences. **Why Attend:** * **Immediate Value**: Walk away with strategies you can implement now, no matter your platform or tools. * **Enhanced Security Posture**: Learn how to reduce friction and elevate your cloud security practices. * **Practical Knowledge**: Whether or not DevOcean is part of your toolkit, this session promises insights to help your organization thrive in cloud security. **Ready to Bridge the Gap between Security and Dev?** Join us to unlock NextGen collaboration strategies that support secure, rapid development. Learn how to streamline workflows, elevate your cloud security posture, and achieve continuous innovation.

Event: Monthly Networking Social

Group: Peterborough

Time: 19:00+01:00 (Europe/London)

Description: Thirsty Thursdays. Same time. Same day each month. Differing places. Good chat. **What?** * Casual conversation over food & drinks **Where?** * It may differ each month, bars, restaurant and eateries around Peterborough **When?** * \~ The last Thursday of each month Everybody welcome, the next event details will be chosen from the last (and so on!).

May 31, 2024

Event: OWASP Chapter Limassol meetup 2024-v1

Group: Limassol

Time: 18:30+03:00 (Asia/Nicosia)

Description: The location is **The Ballroom Suite B** at the [Crowne Plaza Hotel](https://maps.app.goo.gl/38rAWxBS9gMoSiH69). **Calling all tech and security enthusiasts!** We are thrilled to announce the fourth meetup of the [OWASP Chapter in Limassol](https://owasp.org/www-chapter-limassol/), supported by [Semrush Inc.](https://semrush.com)! We cordially invite you to join us for an evening of engaging discussions, networking, and knowledge sharing among cybersecurity enthusiasts, professionals, and enthusiasts from various backgrounds. We look forward to seeing you there and would be delighted to offer a **complimentary gift to each attendee**! **Schedule:** 18:30 — 19:00 — Gathering & Intro 19-00 — 19:35 **Ivan Elkin**, Application Security Team Leader at Exness with the topic **ASPM - story about unicorns, sneaky business and unexpected decisions** 19-35 — 20:05 **Michael Markevich**, Security Lead at DHIS2, ex-CISO at Opera, with a talk **DHIS2: Building Security For An Open-Source Project**, which is a great opportunity to learn how a security professional can make the world of open-source better. 20:05 — 20:30 A short break + Quiz 20-30 — 21:00 **Dmitrii Stepul**, student of Neapolis university Pafos will talk about **Content Blocking system in Cyprus** 21:05 — 21:40 **Sergey Belov**, Product Security Lead at Acronis. The topic will be **Impossible security - solving tasks with no right solution** 21:40 — 22:05 Outro + Quiz 22:05 — 23:00 Eat, drink, networking! In addition, as usual, we are working hard to deliver the best knowledge to the community and are happy to announce that this event is fully packed with amazing gifts: \- quizzes winners \(**RTL-SDR Blog V3** R860 RTL2832U 1PPM TCXO HF Bias Tee SMA SDR with Dipole Antenna Kit) + branded T-shirt \- activity winners \(NooElec '**Yard Stick One**' USB Transceiver & 915MHz Antenne) + branded T-shirt \- speakers \(**Hamgeek HackRF One R9** and Portapack H2 Include 5 Antennas and Data Cable 1MHz-6GHz SDR Radio Unmounted Black) + branded T-shirt We'll have catering and a chilly sunset view zone to make the evening unforgettable. [Don't forget to join us on Telegram (we will send updates there quickly).](https://t.me/+W1hEPzn4BOcwMTNi)

June 01, 2024

Event: OWASP Kathmandu Meetup - 0x06

Group: Kathmandu

Time: 10:00+05:45 (Asia/Kathmandu)

Description: We are excited to announce that the 0x06 Meetup for OWASP Kathmandu, proudly sponsored by **Vairav Technology**, is set to take place on June 1, 2024, at Islington College, Kamalpokhari, Kathmandu. We are honored to have the esteemed Vairav Technology as our sponsor for this event. The meetup will feature a diverse range of talks, covering topics such as Application Security, Bug Bounty, Network Security, Threat Hunting, and much more. Please be aware that we have implemented a strict RSVP policy for this event. Therefore, we kindly request you to confirm your attendance only if you are certain you will be able to attend.

June 04, 2024

Event: OWASP Cairo Chapter in caisec 2024

Group: Cairo

Time: 12:00+03:00 (Africa/Cairo)

Description: **Important Note:** The OWASP room is open and free for anyone to attend, the room space is limited to 40 attendee and the event pre-registration is required. While registration for the CAISEC event is not mandatory, it is important to confirm your attendance. **Any confirmations made without attendance at the event will result in exclusion from future events hosted by the OWASP Cairo Chapter.** **Event Details:** This OWASP Cairo chapter event will focus on application threat modeling and mobile security in the multiverse of madness. The event will consist of two workshops: **•⁠ ⁠Time:** 12:00 PM - 4:00 PM **•⁠ ⁠Venue:** Dedicated room provided by CaiSec organizers **Event Agenda** **1.⁠ ⁠Introduction to Application Threat Modeling (60 minutes) (By: Khaled Battah)** * Understanding the importance of threat modeling * Exploring the STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) model * Applying the threat modeling process to web applications **2.⁠ Practical Application Threat Modeling with Attendees (90 minutes) (By: Mohamed alfateh and Khaled Battah)** * Attendees will work in small groups to perform a threat modeling exercise on a sample web application * Groups will present their findings and discuss mitigation strategies **3.⁠ Mobile Security in the Multiverse of Madness (60 minutes) (By: Kareem Selim and Hassan Mostafa)** * Analyzing the security challenges of mobile applications in the multiverse * Exploring common vulnerabilities and attack vectors in mobile apps * Discussing best practices for securing mobile applications * Hands-on exercises to demonstrate mobile security techniques

Event: June 2024 Meeting

Group: Phoenix

Time: 20:30-07:00 (America/Phoenix)

Description: **Intro to Web Application Firewalls (WAF’s)** \- 15\-20 Minutes Have you ever wanted to know more about Web Application Firewalls? This presentation will cover key concepts and considerations. 1. What is a Web Application Firewall? 2. Benefits 3. Case Studies/Testimonials 4. OWASP Support - ModSecurity 5. Ruleset Concepts 6. Quiz - View HTTP requests/responses - block or not? **Cost** Free! **OWASP Info** OWASP is a non-profit dedicated to **application security**. Our meetings are free to attend and you do not need to be a member, nor have any experience with application security. All are welcome! **Meetings Every Month!** Meetings occur the first Tuesday of every month. Be sure to join our Meetup page to be notified of future meetings and topics. **Free Parking** Free Parking Lot: 1 N Macdonald St, Mesa, AZ 85201 [https://downtownmesa.com/parking/green-lot](https://downtownmesa.com/parking/green-lot) Note that this parking lot is across the street from HeatSync Labs. There are other nearby lots and street parking as well.

June 05, 2024

Event: OWASP Cleveland - Meet and Greet

Group: Cleveland

Time: 18:30-04:00 (America/New_York)

Description: OWASP Cleveland is back! We're starting off with a meet & greet where we can get to know one another, gauge our community's areas of interest, and start planning our roadmap for the rest of the year. **Agenda:** * Introductions * Community roundtable: which AppSec topics and OWASP projects most interest you? * Planning for upcoming events Join us at Market Avenue Wine Bar in Ohio City! Check them out here: [https://marketavenuewinebar.com/](https://marketavenuewinebar.com/) **About OWASP** The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. Our programming includes: * Community-led open source projects including code, documentation, and standards * Over 250+ local chapters worldwide * Tens of thousands of members * Industry-leading educational and training conferences Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. Learn more about the OWASP Foundation and our work: [https://owasp.org/about/](https://owasp.org/about/)

Event: Pub evening - Summer OWASP meet up and after-work near Odenplan

Group: Stockholm

Time: 17:00+02:00 (Europe/Stockholm)

Description: Time for a summer get together before we all disappear for the summer holidays . This is the perfect opportunity for all of us app-sec interested folks to get together and meet up in real life for a relaxed chat and maybe a beer or some other refreshments. When: 5th June, 2024 17:00 Where: The Old Brewer - Public House & Dining Room at Luntmakargatan 98, 113 51 Stockholm Expect: Quick AppSec Tips Networking Drinks & Laughter The meeting will start at 17:00, but it's a casual event so turn up when it suits.

Event: OWASP Switzerland Summit: Recharge & Reconnect

Group: Switzerland

Time: 13:00+02:00 (Europe/Zurich)

Description: After more than two years with only online talks, we are going physical again. To celebrate this reboot, we are organizing an summit with four captivating talks and lots of opportunity for you to reconnect with your local application security community and recharge with know-how. As this is a physical event, please be sure to only register, if you will really be there, so that we get the amount of drinks right! But now for the **program**: *Startup:* * **13:15** **Doors open**: Grab a drink, meet old and new friends from the OWASP Switzerland community * **13:50 Welcome words** (OWASP Switzerland Leader-Team) *Talks: Recharge your know-how* * **14:00** **OWASP Mobile Application Security for Developers and Penetration Testers** (Stefan Bernhardsgrütter, Lead Security Tester @ Redguard AG) * **15:00 Beyond the Top 10: Limits of a finite Checklist** (Marco Schnüriger, Security Consultant @ Protect7 GmbH) *Break:* * **16:00 Break**. Reconnect with peers and refill your drinks. *Talks: Recharge with even more know-how* * **16:30 Cloud Security Building Blocks to Support Web Application Security** (Andrew Hutchison, Technical Program Manager @ Google) * **17:30 Confidential Computing** (Thomas Bossard, Security Consultant @ Zühlke Engineering) *On the move: Join DEFCON / OWASP Switzerland warm-up beer* * **18:45 Relocate** and join the warm-up beer with our friends from Area41/DEFCON Switzerland **@ 4. Akt - Heinrichstrasse 262, 8005 Zurich.** Enjoy the community. **Talk details:** * **OWASP Mobile Application Security for Developers and Penetration Testers**: Mobile applications are central to digital life today. To ensure that mobile e-banking, door controls, health data, personal messages and photos are secure, mobile applications should also be developed securely. As the threat model for a mobile app can differ from other kinds of applications, frameworks such as the OWASP Application Security Verification Standard (ASVS) may not cover all the relevant IT security topics. * **Beyond the Top 10: Limits of a Finite Checklist**: In his talk, Marco will share insights from almost two decades of experience with the OWASP Top 10. He will discuss how this checklist has advanced web application security and brought critical issues to the forefront and also to the attention of non-technical people. Marco will provide real-world project anecdotes to highlight the limits of the Top 10, particularly in stakeholder communication. He will explore how broader resources like OWASP ASVS and SAMM provide additional guidance and fit into the bigger picture of establishing security practices. The talk will conclude with an outlook on integrating practical checklists with detailed frameworks to enhance security strategies and stakeholder understanding. This session is a must for those seeking to bridge the gap between vulnerabilities and effective communication.. * **Cloud Security**: This presentation will review opportunities to address OWASP challenges using security elements of a cloud platform. Example elements will be discussed to show how platform features can help to mitigate web application threats. The emerging OWASP Cloud-Native Application Security Top 10 will also be reviewed and discussed, with insights also being given into how cloud platform provider and customer can work together in a Security by Design, Security by Default and Security in Deployment approach. * **Confidential Computing**: Encryption of data at rest and in transit are two well-established and generally advisable best practices for protecting IT environments. They can be implemented leveraging a plethora of tested and proven technologies such as disk encryption and network security. But what happens when data is processed, therefore not being at rest or in transit? At this point data becomes available in memory, usually in unencrypted to allow processing. This provides a window of opportunity for attackers to gain unallowed access to the data or perform various actions on it. Mitigating some of these attack vectors is what confidential computing aims to do. In this talk I will provide a brief overview over the concepts and outline use cases and limitations. There might after all be some caveats to it...

June 06, 2024

Event: OWASP Austin Study Group

Group: Austin

Time: 12:00-05:00 (America/Chicago)

Description: Since 4/25/24: discussions on AI and LLM's generally and the Coursera Prompt Engineering series from Vanderbilt specifically. We are now studying ChatGPT Advanced Data Analysis.... For General Study Group info, see #studygroup in OWASPAustin Slack For topic specific info, see #ai in the OWASPAustin Slack

Event: 1st OWASP Stuttgart Chapter Stammtisch

Group: Stuttgart

Time: 18:00+02:00 (Europe/Berlin)

Description: **OWASP® and beyond - much more than just OWASP Top 10** OWASP is famous for the OWASP Top 10. This session will explain why the OWASP Top 10 is misused all the time. You will learn about several other OWASP projects and their potential use in your daily work. There will also be a technical demo to solve together. **Agenda (Subject to Change):** * **6:00 PM**: Arrival * **6:30 PM - 7:30 PM**: Presentation * **7:30 PM - approximately 9:00 PM**: Barbecue, drinks, discussion, and networking

June 10, 2024

Event: How quantum computers can become a threat to cryptography

Group: Brisbane

Time: 17:55+10:00 (Australia/Brisbane)

Description: Looking at recent developments in quantum computers, we try to make a prediction how much of a threat quantum computers will be for "classical" cryptography. Look at how technologies were able to penetrate our society seems to give a good indication of how prevalent quantum computers will become. We also look at research results, and how they inform us about the threat of quantum algorithms.

June 11, 2024

Event: OWASP June Meet - In person

Group: Dallas

Time: 17:30-05:00 (America/Chicago)

Description: \*\*\*\*AI Hallucination\*\*\*\*\* 90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to compromise organizations. With GenAI quickly becoming a popular tool for developers to generate code, a new threat has emerged. AI package hallucinations is one of the more recent attack types within supply chain that is easy to execute and can have devastating effects. During this session we will give an overview of Supply Chain Security with some examples of the current threats, discuss AI package hallucinations, and preventative measures.

Event: 11.VI - Spotkanie OWASP w Warszawie (AI Security)

Group: Poland

Time: 18:00+02:00 (Europe/Warsaw)

Description: **Wznawiamy w pełni stacjonarne spotkania OWASP w Warszawie!** Zaczynamy od gorącego tematu – wykorzystania sztucznej inteligencji w obszarze bezpieczeństwa aplikacji. Nasze najbliższe spotkanie odbędzie się we **wtorek, 11 czerwca o godzinie 18:00** w siedzibie firmy **Snowflake** (**Warszawa, Kasprzaka 4**), która będzie nas tego dnia gościła. Oprócz wystąpień merytorycznych będzie przestrzeń do otwartej dyskusji, wymiany poglądów oraz networkingu przy poczęstunku. Zachęcam do rejestracji, z uwagi na ograniczoną pojemność sali. Ponieważ spotkanie odbędzie się w siedzibie Snowflake, po rejestracji w ramach MeetUp wysłane zostanie również dodatkowe zaproszenie z systemu rejestracji Envoy. Prośba spodziewać się wiadomości e-mail z adresu [email protected]. Dodatkowa rejestracja jest wymagana, by móc wziąć udział w spotkaniu w biurze Snowflake. \-\-\- 17:30 – 18:00 – Rejestracja (prośba o możliwie wcześniejsze przybycie, by uniknąć kolejki przy recepcji) 18:00 – 18:25 – Otwarcie spotkania oraz **omówienie aktualnych projektów OWASP dotyczących bezpieczeństwa sztucznej inteligencji**, Michał Kurek, OWASP Poland W ramach dorobku OWASP pojawiło się w ostatnim czasie wiele ciekawych projektów, które pomagają rzucić więcej światła na ciemne strony AI. W trakcie prezentacji omówione zostaną główne zagrożenia dla AI oraz specyficzne wyzwania w zakresie zapewnienia bezpieczeństwa sztucznej inteligencji, przez pryzmat takich projektów OWASP jak: OWASP AI Exchange, OWASP Top 10 for LLM Applications, OWASP AI Security & Privacy Guide, OWASP Machine Learning Security Top 10. Michał współkieruje polskim oddziałem OWASP. Na co dzień zarządza zespołem ekspertów stanowiącym regionalne centrum kompetencyjne KPMG w zakresie cyberbezpieczeństwa. Posiada bogate, przeszło 20-letnie doświadczenie w zakresie doradztwa w obszarze cyberbezpieczeństwa. Zdobył m.in. następujące certyfikaty: CISM, CISSP, CISA, GICSP, GDSA, LPT, CEH, GWAPT, CRISC, CCSP, CCSA, GSSP-JAVA, ECSA, PMP, CIA, GAWN, CCNA. 18:30 – 19:00 – **Moc AI w programie AppSec**, Jakub Kałużny, Snowflake W ramach prezentacji zostaną przekazane praktyczne wskazówki, jak wzbogacić program zarządzania bezpieczeństwem aplikacji z wykorzystaniem sztucznej inteligencji. Zostanie omówione jak wykorzystać funkcjonalność LLM, RAG i GBM aby osiągnąć następujące cele: \- identyfikacja niepokojących sygnałów poprzez semantyczną analizę danych w systemach wspierającychwytwarzanie oprogramowania \(Jira\, Github\) \- uzyskanie szybkich wglądów w bezpieczeństwo w ramach przeglądów kodu źródłowego \- wsparcie wiedzą z zakresu polityk i procedur wewnętrznych w ramach przeglądów bezpieczeństwa \- automatyzacja modelowania zagrożeń dzięki dostarczaniu odpowiednich zagrożeń i środków mitygujących ryzyko poprzez wytrenowanie modelu AI z wykorzystaniem ustrukturyzowanych danych z modelowania zagrożeń Jakub kieruje działaniami związanymi z bezpieczeństwem AI w Snowflake jako Starszy Menedżer w zespole Product Security, gdzie zarządza portfelem usług związanych z bezpieczeństwem aplikacji. Przed dołączeniem do Snowflake zarządzał programami pentestingowymi i wdrażał procesy modelowania zagrożeń w wielu różnych przedsiębiorstwach w Australii i Polsce. Ekspert w Fundacji AI Security. 19:00 – 19:30 – **Otwarta dyskusja** 19:30 – 21:00 – **Networking** \-\-\- ENGLISH \-\-\- 17:30 – 18:00 – Registration (please arrive as early as possible to avoid the queue at the reception) 18:00 – 18:25 – Opening of the meeting and presentation of **current OWASP projects regarding AI security**, Michał Kurek, OWASP Poland OWASP has recently launched many interesting projects that help shed more light on the dark sides of AI. During the presentation, the main threats to AI and specific challenges in ensuring the security of artificial intelligence will be discussed, through the prism of such OWASP projects as: OWASP Top 10 for LLM Applications, OWASP AI Security & Privacy Guide, OWASP Machine Learning Security Top 10. 18:30 – 19:00 – **Amplify your AppSec program with AI**, Jakub Kałużny, Snowflake In this presentation, you will learn practical knowledge how to power your AppSec program with AI - I will talk how to use LLM functions, RAG and GBM to achieve the following goals: \- identify concerning signals earlier via semantic search through engineering and security data with LLMs \- provide instant security insights in code reviews \- contextualize consults via application of internal security policies in simple security reviews \- automate threat modeling with contextualized threats and mitigations via training a model on your structured threat modeling data 19:00 – 19:30 – **Open discussion** 19:30 – 21:00 – **Networking**

June 12, 2024

Event: OWASP Boston Chapter Meeting - June 2024

Group: Boston

Time: 18:00-04:00 (America/New_York)

Description: This month we will be welcoming Lindsay Kaye as our presenter. Lindsay will be giving her presentation an Overview of the PROXYLIB Campaign. In May 2023, we identified a cluster of VPN apps available on the Google Play Store that transformed the user’s device into a proxy node without their knowledge. We’ve dubbed this operation PROXYLIB. Other researchers identified this malicious behavior in a single free VPN application—Oko VPN— which resulted in the app's removal from the Play Store. Based on further analysis of Oko VPN, Satori researchers uncovered 27 additional applications related to PROXYLIB. These apps shared a common native library, written in Golang, that enrolls the device as a proxy node. This talk will provide a high-level overview of the PROXYLIB Android malware and take the listener through the changes we observed in response to defenders’ actions. Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty spans the fields of malware analysis and reverse engineering, with a keen interest in dissecting custom cryptographic systems. Lindsay is an internationally-recognized cybersecurity speaker and author. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.

Event: Incident Response Coaching with SentinelOne’s Purple AI and MNP Digital

Group: Edmonton

Time: 17:30-06:00 (America/Edmonton)

Description: *As Franklin D. Roosevelt once wisely said, "A smooth sea never made a skilled sailor."* **Ahoy, cyber sailors!** Just as sailors master the waves, [SentinelOne ](https://www.sentinelone.com/)and [MNP Digital](https://mnpdigital.ca/) are here to steer your ship through the stormy seas of cyberspace. Picture this: [SentinelOne's Purple AI](https://www.sentinelone.com/platform/purple/) is your trusty first mate, offering personalized coaching to navigate through cyber currents and dodge digital pirates‍. Together, we'll transform your crew into skilled cyber defenders ready to face any challenge on the high seas of security. And that's not all - [MNP](https://mnpdigital.ca/) is bringing in an Incident Response specialist to share the latest insights and trends. MNP doesn't just crunch numbers and balance the books like the superheroes of the accounting world. But they also fend off digital villains with their mighty Cybersecurity team. Think of MNP as your financial wizards by day and cyber warriors by night. They keep your money safe in more ways than one – after all, who knew accountants could also be your digital bodyguards? ‍ Join us for a day of learning, laughter, and delicious food as we level up our cyber defenses together! **Culinary Details** After the presentation, we'll be descending a few floors to MNP's brand new social and games floor, with a huge shoutout and special thanks to MNP for granting us early access! But wait, there's more! Thanks to SentinelOne, we're serving up [Cornerstone BBQ's](https://www.cornerstonebbq.com/) mouthwatering beef brisket and grilled chicken at the event, all on the house! **Registration - 50 person limit** Due to limited capacity please wait for a confirmation of your RSVP. Unfortunately we will not be able to allow people into the event who have not received registration confirmation. Join us for an open and inclusive gathering, dedicated to our shared theme. In compliance with our commitment to provide an optimal experience, we encourage timely registration to accommodate all interested participants within the policy guidelines. **Agenda ** 5:00 - 5:30 - Registration Verification 5:30 - 6:00 - Presentation 6:00 - 7:00 - Dinner and Socializing

Event: Security Social Lunch Hours

Group: Seattle

Time: 12:00-07:00 (America/Los_Angeles)

Description: At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation. Suggest topics you’d like to see breakout rooms for and let us know if you’d like to sign up to lead one. Slack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack) [email protected] (https://groups.google.com/a/owasp.org/g/seattle-chapter)

Event: OWASP Toronto | OWASP Top 10 for LLM Applications

Group: Toronto

Time: 18:30-04:00 (America/Toronto)

Description: **TALK** **\-\-\-\-\-\-\-\-\-\-\-** **OWASP Top 10 for LLM Applications** **Summary:** The presentation will discuss the OWASP Top 10 for LLM AI Applications, highlighting the work accomplished and the vision for version 2.0 moving forward. It aims to educate developers, designers, architects, managers, and organizations about the potential security risks associated with deploying and managing Large Language Models (LLMs). Attendees will learn about the synergy and collaborative efforts between this project, international institutions and governments in protecting the rollout of Generative AI. We will present emerging trends and resources available to safeguard and promote the responsible use of AI, thereby empowering security strategies. **Presenters** **Emmanuel Guilherme Junior** Dedicated Cyber Security Professional with over a decade of experience, he serves as an AI/LLM Security Researcher at the OWASP Foundation. In this role, he is leading the development of the OWASP TOP 10 for AI/LLM-based Applications v2.0 Data Gathering Methodology and contributed in creating the Security & Governance Checklist for Chief Information Security Officers (CISOs). This work aids CISOs in navigating the intricacies of deploying Generative AI technologies. His contributions also extend to Business Strategy, Information Security Research, and Project Management, where he has offered valuable insights to several Fortune 500 companies. He possesses a nuanced understanding of the global security landscape, advanced security strategies, and compliance frameworks. Committed to enhancing security measures with innovative and practical solutions, he consistently aims to share his knowledge and expertise in a manner that benefits the wider community. **Ads Dawson** Ads, full stack AI red teamer, is the Technical Lead for the OWASP Top 10 for LLM Applications project and is a seasoned security engineer in all realms of the industry, primarily focusing on red teaming, ethical hacking, and offensive security, primarily orientating REST & GraphQL APIs, LLM application security, MLSecOps and also has a strong background in network and infrastructure penetration testing and security, originally stemming as a self-taught network engineer.

Event: Monthly OWASP SAMM Community Call - June 2024

Group: Samm

Time: 15:30-04:00 (America/New_York)

Description: Our next community call in June 12, we will cover: 1) Welcome new community members 2) SAMM project updates 2) Q&A

June 13, 2024

Event: June 2024 OWASP Austin Security Professionals Happy Hour

Group: Austin

Time: 17:30-05:00 (America/Chicago)

Description: **When:** Thursday, June 13th, 5:30 pm - 7:30 pm **Where:** Lavaca Street Bar at the Domain Northside (Rock Rose District), 11420 Rock Rose Ave #100, Austin, TX 78758. We will have tables reserved inside the bar, to the right as you enter. Parking: nearest parking in the Red Garage located off of Rock Rose Ave ([map of Domain](https://domainnorthside.com/map/)). **What:** The Austin Security Professionals Happy Hour is a monthly event coordinated by the OWASP Austin Chapter and sponsored by various companies. We try to meet every second Thursday of the month from January to September (but occasionally we make schedule adjustments when needed). The event is an informal social gathering of local information security professionals. If you're involved with InfoSec or even if you have an interest, come on out for drinks, good food and conversation. **Sponsor:** [Checkmarx](https://checkmarx.com) *Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers and security teams. As the AppSec testing leader, we deliver the unparalleled accuracy, coverage, visibility, and guidance our customers need to build tomorrow’s software securely and at speed.*

Event: OWASP Austin Study Group

Group: Austin

Time: 12:00-05:00 (America/Chicago)

Description: Since 4/25/24: discussions on AI and LLM's generally and the Coursera Prompt Engineering series from Vanderbilt specifically. We are now studying ChatGPT Advanced Data Analysis.... For General Study Group info, see #studygroup in OWASPAustin Slack For topic specific info, see #ai in the OWASPAustin Slack

Event: OWASP Meeting in Krakow - Ataki przy użyciu Flipper Zero - modelowanie zagrożeń

Group: Poland

Time: 18:00+02:00 (Europe/Warsaw)

Description: Tym razem nasze spotkanie będzie po Polsku. A temat to: Modelowanie zagrożeń - Flipper Zero w atakach fizycznych. W trakcie tego spotkania dowiesz się, jak identyfikować potencjalne zagrożenia oraz jak je łagodzić. Odkryj, jak to urządzenie może być używane w rzeczywistych scenariuszach ataków, w tym: * Odczytywanie, zapisywanie i klonowanie kluczy RFID 125 kHz, * Hakowanie czytników kart RFID 125 kHz, * Wykorzystywanie czytników NFC-A Mifare Classic 1K, * Odczytywanie i nagrywanie sygnałów z pilotów (bramy, rolety, aut), * Odczytywanie karty płatniczej (multi-protocol card) i inne. Podczas spotkania zastosujemy metodę modelowania zagrożeń w uproszczonym podejściu. Metoda ta pozwala na identyfikację, ocenę i łagodzenie zagrożeń. Nie przegap tej okazji, aby nauczyć się praktycznych technik i pogłębić swoją wiedzę na temat luk w zabezpieczeniach oraz strategii ich przeciwdziałania. Spotkanie poprowadzą: [Sebastian Obara](https://www.linkedin.com/in/sobara/) i [Michał Kłaput](https://www.linkedin.com/in/michalklaput/)

June 14, 2024

Event: C3 Dev Festival - the contemporary software engineering and design festival

Group: Belfast

Time: 08:00+01:00 (Europe/London)

Description: OWASP Belfast is pleased to announce the C3, a contemporary software engineering & design festival! **With 3 free tickets, we'll run a draw on May 20th among all who comment on this post!** Code, career, creativity 12 artists & 30 speakers Speed Networking & many more **#Amsterdam, June 14-15, 2024 → https://c3fest.com** Сonference announcement: Check out the C3, a contemporary software engineering & design festival, organized by GitNation! It is set to be one of the most vibrant festivals, blending technology, design, art, and music. It's a global gathering of tech enthusiasts in the beautiful city of Amsterdam! Except for the 40 + speaker talks, the festival includes workshops, icebreaker activities, a game tournament, a pre-party, discussion rooms, a digital art exhibition, and a night party featuring 18+ DJs, musicians & creative coders on Techno/House, Algorave/Experimental, Night Cinema/Karaoke Hall stages Amongawesome first confirmed artists & speakers: • Rival Consoles, London-based critically acclaimed electronic music producer presenting a brand new unique performance that will take the form of an immersive audio-visual experience • Sam Aaron, key figure in algorave movement • Saskia Freeke, Creative coder, interaction designer, visual designer and educator • Christian Heilmann, Author of the Developer Advocacy Handbook & more Explore more about C3 and grab your ticket → https://c3fest.com/

Event: OWASP Tampa Chapter 2024Q2 Lunch and Learn

Group: Tampa

Time: 11:30-04:00 (America/New_York)

Description: **Welcome to our OWASP Tampa 2024Q2 Lunch and Learn!** We invite you to join us and members of our local Tampa Bay community to hear from industry experts in cybersecurity. This lunch and learn will bring topics that influence discussion among your peers and provide a venue to meet others that share your passions. **Agenda:** * 11:30am - Registration and Lunch * 12:00pm - Speaker - Chris Lindsey - From Reactive to Effective: Building Application Security that Works * 1:00pm - Depart **Speaker:** Chris Lindsey is a seasoned speaker who has appeared at conferences, webinars, and private events. Currently building an online community and creating a podcast series, Chris draws on expertise from more than 15 years of direct security experience and over 35 years of experience leading teams in programming and software, solutions, and security architecture. For three years, Chris built and led an entire application security program that includes the implementation of mature AppSec programs, including oversight of security processes and procedures, SAST, DAST, CSA/OSA, compliance, training, developer communication, code reviews, application inventory gathering, and risk analysis. **Abstract**: In 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -- while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how? The key is to move from a compliance-based approach to managing application risk. Join Chris Lindsey, Application Security Evangelist, for an in-depth discussion of what it takes to stop playing defense when it comes to application security. He'll wrangle over topics like: * The tell-tale signs of reactive mode * The value of preventative best practices * How to build security actions into the developer experience * The need for a holistic view and effective prioritization * Arming the security team with instant control at scale **Location:** GuidePoint Security 3030 N Rocky Point Drive W Ste 600 Tampa, FL **Sponsors:** [Mend](https://www.mend.io/)

June 15, 2024

Event: AppSec Days Pacific Northwest 2024

Group: Portland

Time: 21:00-07:00 (America/Los_Angeles)

Description: AppSec PNW is an annual regional conference produced by the Portland, Seattle, Vancouver, and Victoria OWASP chapters. This year it will be in Vancouver BC. (Last year it was in Portland.) Our featured speakers are [E Coleen C.](https://www.linkedin.com/in/ecoleenc/), CISO Advisor, and [Jason Haddix](https://www.linkedin.com/in/jhaddix/), CEO of Arcanum Information Security! Coleen will kick off the builder track, and Jason will launch the breaker track. All the talks are on Saturday this year, and all the workshops on Sunday. You can find full details, including the complete schedule, at [appsecpnw.org](https://www.appsecpnw.org/schedule). Registration is on [EventBrite](https://www.eventbrite.com/e/4th-annual-owasp-appsec-days-pacific-northwest-conference-june-15-16-tickets-858457528577?aff=oddtdtcreator).

Event: AppSec Days Pacific Northwest Conference 2024

Group: Seattle

Time: 08:00-07:00 (America/Los_Angeles)

Description: Join your security community for two days of builder and breaker content, including session talks, workshops, and a CTF. Learn, play, network, meet new friends, or connect with existing ones. Coleeen Coolidge will open our breaker track & Jason Haddix will kick off our breaker track. Full schedule @ [https://www.appsecpnw.org/schedule](https://www.appsecpnw.org/schedule) Tickets @ [https://bit.ly/appsecpnw2024-tickets](https://bit.ly/appsecpnw2024-tickets) See you there!

Event: Application Security Pacific Northwest Conference

Group: Vancouver

Time: 08:00-07:00 (America/Vancouver)

Description: You have to buy tickets for this OWASP conference, please go to the following site to register for the event: https://www.eventbrite.com/e/4th-annual-owasp-appsec-days-pacific-northwest-conference-in-person-tickets-858457528577

June 17, 2024

Event: OWASP Monthly meeting

Group: Jacksonville

Time: 18:45-04:00 (America/New_York)

Description: OWASP topic TBA

June 18, 2024

Event: June meetup: Hidden Risks in Open-Source Code and AI Models

Group: Minneapolis St Paul

Time: 17:30-05:00 (America/Chicago)

Description: **Hidden Risks in Open-Source Code and AI Models** **Ryan Wakeham, Senior Solutions Engineer, Checkmarx** This presentation will explore some of the threats and risks associated with open-source code and generative AI models. Open-source packages, while widely adopted for their flexibility and collaborative benefits, can be exploited through supply chain attacks, where malicious code is introduced into trusted components. Similarly, open-source AI models face risks such as data poisoning, model theft, and adversarial attacks, which can compromise their integrity and reliability. Understanding these threats is crucial for developing robust security measures and ensuring the safe use of open-source technologies. Audience level: Moderately technical Approximate agenda (U.S. Central Time): 5:30 - Doors open; socializing/connecting, food, OWASP announcements 6:00 - Presentation Please remember to register and keep your registration up to date so we know how many to expect.

June 19, 2024

Event: Digital Safeguards: Your Essential Blueprint for Navigating Cyber Threats”

Group: Nashville

Time: 19:00-05:00 (America/Chicago)

Description: Outdated cybersecurity tactics leave us vulnerable. This thought-provoking talk introduces the “Cyber Risk Manifesto”, drawing upon the wisdom of military intelligence and corporate defense methodologies. Explore innovative strategies for predicting threats, reinforcing defenses, and empowering everyone to become cybersecurity guardians. Discover how outmaneuvering attackers is the key to digital resilience.

Event: OWASP Newcastle June 2024

Group: Newcastle Uk

Time: 18:00+01:00 (Europe/London)

Description: We're back with our second event of 2024! We’ll be doing our usual two talks and pizza format. Location: Precursor Security (at the old Newcastle Building Society office) Rough schedule: 1800 - 1815 Arrival and networking 1815 - 1830 OWASP Newcastle Welcome 1830 - 1915 Talk one 1915 - 2000 Pizza and networking 2000 - 2045 Talk two 2045 - onwards Pub? Talk overviews: Talk one **Title:** Supercharging Enterprise DFIR - 'Forensics as Code', AI, Automation and Cloud. **Speaker:** Michael L **Speaker Bio:** Currently the Director of SOC/DFIR for Precursor Security, experienced working in different SOC teams across public sector, financial services and managed services. I've lead DFIR engagements for a varied client base across EMEA. **Talk Synopsis:** This talk will introduce the latest techniques to supercharge your response to threat actors at enterprise scale. We will cover techniques I've employed to combat Lockbit, Akira and other TA's in challenging and diverse environments, focusing on new trends shaking up the DFIR corner such as performing forensics investigations 'as code', harnessing AI for DFIR and utilising Azure for automation and almost limitless scale. Talk two **Title:** Utilizing PowerBI for DFIR and incident investigation. **Speaker:** Venkatraman Krishnamoorthy **Speaker Bio:** Working as SOC manager for Sage . I have lead critical investigations, detection engineering efforts, Security automation. Providing free cyber security Mentoring for economically modest students. **Talk Synopsis:** Leveraging Power BI for Digital Forensics and Incident Response (DFIR): Enhancing Data Analysis and Visualization As always, tickets aren’t required but help us gauge how much food to order. **Live Stream Info:** We're hoping to be able to live stream the event on our [playeur channel](https://playeur.com/c/OWASPNewcastle/) if not, the talks will be recorded and uploaded there.

June 20, 2024

Event: The Truman Show: Real-world application attacks instead of canned demos

Group: Cincinnati

Time: 16:00-04:00 (America/New_York)

Description: **This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center. For security, RSVP is required.** **Sponsored by [Traceable](https://www.traceable.ai/)** In this presentation, Kevin Johnson of Secure Ideas will walk attendees through various scenarios used in penetration testing of applications. These demonstrations will use real attacks and discuss how a penetration tester views applications. This talk will explain the mindset of an attacker, using actual applications as well as demonstration apps to allow for exploitation. **Approximate schedule:** 4:00 - Doors open. Come for networking and refreshments 4:15 - Presentation begins. 5:15 - Networking and refreshments resume! 6:00 EOE (End of Event)

Event: Meetup OWASP Bordeaux Juin 2024

Group: France

Time: 17:30+02:00 (Europe/Paris)

Description: Le prochain meetup OWASP France sur Bordeaux aura lieu le 20 Juin a partir de 17h30. Il devrait avoir lieu dans le centre de Bordeaux (adresse a venir) Au programme : * Welcome to OWASP Bordeaux ; par Sebastien Gioria * Threat Modeling for Developers par Jonathan Marcil ; talk en Francais *Jonathan is from Montreal, Canada and is passionate about Application Security. He enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering and has 20 years of experience in IT and Security*. * Kubernetes par Maxime Girardet (Pentester chez Advens) *Durant ce talk, Maxime GIRARDET vous présentera le niveau de sécurité par défaut d'un cluster Kubernetes, différents scénarios réalistes d'attaques ainsi que les remédiations associées, au niveau système et applicatif*. Le nombre de place sera limité

Event: OWASP Italy Day 2024

Group: Italy

Time: 16:00+02:00 (Europe/Rome)

Description: OWASP Italy will host the next OWASP Italy Day 2024 on June 20th. It will be a full-day event dedicated to application security (AppSec)! #### **OWASP Italy Day 2024 will take place at Cagliari.** This is a free, one-day, informal event aimed at increasing awareness and knowledge of web application security. **Reserve your seat here:** [https://clicqui.net/2Lst5](https://clicqui.net/2Lst5) The event is primarily intended to appeal to security professionals, software developers, software quality engineers, and computer science students with a strong interest in computer security. ### **PROGRAM** The event will take place next 20th June from 4 PM to 22 PM (Italian time). We are working on the program at the moment. #### **Dinis Cruz, Founder @ The Cyber Boardroom, Chief Scientist @ Glasswall, vCISO and GenAI expert, will be the esteemed keynote speaker at the upcoming OWASP Italy Day 202**4! ### **Call for papers** Those who are interested in participating as speakers to the conference can submit an abstract of their proposed talk via Easychair by April, 2024. The Easychair link for submission is reported on this page. The abstract must be in PDF format and should contain the following information: Name and surname of the speaker Institutions and roles of the speaker therein Short biography of the speaker Title of the contribution Abstract of the presentation The submission must be no longer than 2 pages overall. No additional formatting requirements are in place. The submission will be reviewed by the program committee and the most interesting talk proposals will be selected for the conference. [CFP OWASP Italy Day 2024](https://easychair.org/cfp/CJ24) ### **Call for Sponsorship** We are excited to offer sponsorship opportunities for the OWASP Italy Day 2024, taking place in Cagliari on June 20th. This event provides a unique platform to connect with professionals from multiple facets of the software industry, including security experts, developers, engineers, and influential academics. #### Why Sponsor OWASP Italy Day 2024? Brand Visibility: As a sponsor, your brand will be prominently displayed before, during, and after the event. This includes logo placement in event materials, promotional content, and key areas at the venue. Enhance your brand recognition within the cybersecurity and developer communities. Community Engagement: Engaging with the OWASP community puts your company in the spotlight as a leader in supporting open software and security advancements. This event will provide you with the opportunity to network with industry leaders and cybersecurity professionals, offering a chance to build relationships and share your company’s expertise and solutions. Lead Generation: With hundreds of attendees from various sectors, sponsoring OWASP Italy Day 2024 gives you direct access to potential clients and customers. The event will provide a focused audience interested in cybersecurity solutions, products, and training. Please see **[here for details](https://owasp.org/www-chapter-italy/assets/images/2024%20OWASP%20Italy%20Day%20Sponsorship.pptx.pdf)** For detailed information on our sponsorship packages please read the details [here](https://owasp.org/www-chapter-italy/events/OWASPIt24SponsorKit) **RESERVE YOUR SEAT:** [https://clicqui.net/2Lst5](https://clicqui.net/2Lst5) Event official site: https://owasp.org/www-chapter-italy/events/OwaspItalyDay2024-06-20

Event: June 2024 OWASP Chapter Netherlands Meetup

Group: Netherlands

Time: 18:00+02:00 (Europe/Amsterdam)

Description: **Location:** VU, Amsterdam - Theater 7, 4E floor at the New University Building **Address:** De Boelelaan 1105 **Parking information:** [https://www.parkerenbijvu.nl/](https://www.parkerenbijvu.nl/) See [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter. 18:00 - 18:15 - **Reception of attendees** 18:15 - 19:00 - **Pizza** 19:00 - 19:15 - **Welcome and OWASP updates** 19:15 - 20:00 - **Ship Happens: The Stormy Seas of Supply Chain Security** by **David Archer** 20.00 - 20:15 - **Break with drinks** 20:15 - 21:00 - **Technical leverage: dependencies are a mixed blessing** by **Fabio Massacci** **Ship Happens: The Stormy Seas of Supply Chain Security** *Abstract:* “The more I know about how software is made, the less I want to know” - Me As a software developer with over a decade of experience and countless interactions with application security teams, I’ve discovered the unsettling complexities of modern software production. Despite what I thought I knew, the reality was far more intricate. Modern software development is a sprawling network of open-source dependencies, sophisticated build tools, plugins, pipelines, and runtimes. These components are fundamental in securing critical sectors of our daily lives—finance, healthcare, infrastructure, transportation, and social interactions. However, this supply chain is under relentless attack and many of the potential threats are poorly understood. This talk will delve into specific vulnerabilities, such as dependency poisoning and pipeline compromises, that exemplify the challenges we face. We’ll explore strategies to mitigate these threats and discuss practical takeaways that attendees can immediately implement in their software development practices. Expect to leave with a deeper understanding of supply chain security and with ideas to fortify your software factory against these escalating threats. *Bio:* David Archer is a Solution Architect at Endor Labs. He began his career as a software developer and witnessed significant shifts in how software is built over the last two decades. After spells as a development lead, product director and pre-sales consultancy roles David consistently saw a concerning trend: security often took a backseat amidst the hustle and bustle of development priorities. Seeking to help address this balance David took an opportunity in 2018 to work full-time in the field of application security with a particular focus on technologies that promise to enhance security without impeding development speed. Through his extensive experience with secure coding practises and hands-on experience with the myriad of code analysis tools like IAST, SAST, DAST, RASP and SCA, he gained valuable insights into their relevance and effectiveness in a modern software factory. **Technical leverage: dependencies are a mixed blessing** *Abstract:* Modern applications are build upon a large supply chain of (possibly open source) libraries and tools. In finance, leverage is the ratio of debts (other people’s money) vs equity (your money) and the Lehman Brothers have made that concept famous. For software, technical leverage is the ratio between other people’s code and your own code. I will argue with some examples from the Maven, Python and the NPM ecosystems that this is both a risk and an opportunity. The Lehmans Brothers were 30 to 1, what about the Software Sisters? *Bio:* Fabio Massacci is a co-author of CVSS v4. Among other things, he is also a professor at Vrije Universiteit. He has been a speaker at hackers’ venues (BlackHat USA, Asia) scientific security conferences (IEEE S&P, CCS), software engineering (ICSE,MSR) and risk analysis (SRA). He coordinates the EU project Sec4AI4Sec (name tells it all) and an NWO project on using AI for security threat intelligence. While almost all professors are sellers of tech (through their papers or their spin-offs) he was also for 7 years deputy for ICT procurements and services supervising a 70+ workforce and few millions Euro in outsourcing contracts. Being a buyer of tech makes a difference in perspective.

June 23, 2024

Event: OWASP IL Meetup - June 2024

Group: Israel

Time: 18:00+03:00 (Asia/Jerusalem)

Description: OWASP IL is thrilled to announce our next Meetup event! Get ready for a vibrant gathering of the AppSec community, featuring delicious food, refreshing drinks, networking opportunities, and insightful security discussions. This special occasion will be graciously hosted by Axonius! ==================================================================== Agenda: 18:00 - 18:30 - gathering and food - We will gather at Axonius's office for drinks, great treats and mingling. 18:30 - 18:35 - Meetup kickoff + Microphone tuning 18:35 to 19:20 - From Challenge to Triumph: Transforming AppSec with AI and Automated Code Reviews - A Journey of Lessons Learned *Michael Goberman - Director of Product Security and Aviad Feig - Product Security Architect @ Axonius* Maintaining a robust application security program with a lean team of experts is challenging. We’re eager to share with the community a practical and innovative approach that worked for us: How we were able to move away from manually reviewing every feature developed while increasing the thoroughness of our security oversight. We’ll explain how we succeeded at integrating generative AI tools using GitHub actions to automate the code review process and broaden security oversight in a highly efficient way. Attendees will learn from our journey and discover how they, too, can automate routine security checks, engaging human experts only when their expertise is truly needed. 19:20 to 19:30 - Beer Break 19:30 to 20:15 - Pains and advantages of application anomaly detection in containerized applications *Ben Hirschberg - CTO @ ARMO* In this talk an open-source based application anomaly detection system to detect malicious activity. The solution focuses on applications running in Kubernetes orchestration system. In the talk I will cover these points: \* Main attack vectors to these kinds of applications: exploit remote vulnerabilities, supply-chain attacks \* Anomaly detection dimensions: process, file, network and system-call activity \* What detection dimension is working (or not working) with what kind of applications \* What anomalies are bound to what kind of attacks \* Live demo with the Kubescape project to show results 20:15 to 21:00 - The Dark Side of AI: The Hidden Risks in Open-Source AI Models *Jossef Harush Kadouri - Security Researcher @ Checkmarx* This talk is for anyone who is using open source in their daily routine. The purpose is to bring awareness to the risks of software supply chain attackers lurking in some of our open-source code and to show how ridiculously easy it is for them to launch attacks. Join me as we unravel the construction of AI models, focusing on their weak spots. Through multiple demos, witness how AI models can be manipulated to become malicious. ==================================================================== This event is hosted by Axonius in collaboration with OWASP Israel. Join us at the event physically as we will not include Zoom or remote participation this time.

June 25, 2024

Event: OWASP Aarhus Chapter Meeting - June

Group: Aarhus

Time: 19:00+02:00 (Europe/Copenhagen)

Description: More info coming but this meetup is hosted by Vestas. Reach out if you would like to be a host for another meetup or do a presentation **IMPORTANT:** * **You need to reverse into the parking spot!** * **Please register your car upon arrival to avoid a parking fine**

Event: OWASP Austin Chapter Monthly Meeting - June 2024 (Online)

Group: Austin

Time: 11:30-05:00 (America/Chicago)

Description: 30 minutes of meet-and-greet and Chapter information, then the Presentation!

June 26, 2024

Event: OWASP LA Monthly In-Person Meeting - JUN 26, 2024

Group: Los Angeles

Time: 17:30-07:00 (America/Los_Angeles)

Description: **TOPIC**: **What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it.** Join us for great networking, dinner and drinks, and see a presentation by **Darren Meyer**, Lead Solution Architect at Endor Labs. **ABSTRACT**: With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with. Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results. **Thanks to our Sponsor**: *[Endor Labs](https://www.endorlabs.com/)* *Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.* **SPONSORSHIP Opportunities Available** *Vendors interested in sponsoring please send an email to [email protected]* **CODE OF CONDUCT** We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here: [https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)

June 27, 2024

Event: OWASP Orlando - Chapter Meeting

Group: Orlando

Time: 18:00-04:00 (America/New_York)

Description: This is an In-Person Event Food to be provided (Typically pizza or sandwiches) Introductions More details to be provided soon! Speaker 1: **Marc Frankel** Topic: AIBOM - summary TBD Speaker 2: **TBD**