diff --git a/_data/community_events.json b/_data/community_events.json index aedab4fde9..abd87e7b24 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -79,26 +79,6 @@ "timezone": "Australia/Brisbane", "description": "Join me on a journey through my recent source code reviews, where I uncovered vulnerabilities in Navidrome, an open-source music server written in Go, and explored how JWT libraries prevent algorithm confusion attacks in JSON Web Tokens (JWT).\nIn the first part of this talk, I will share my findings from examining Navidrome\u2019s codebase, discussing specific security issues that emerged from my review, including insights gained from a CVE analysis.\nThe second part will focus on JWT algorithm confusion\u2014a prevalent security issue that arises when implementations fail to enforce proper algorithm selection. I will examine real-world examples of this vulnerability and outline common strategies that developers use to prevent such issues." }, - { - "group": "Brisbane", - "repo": "www-chapter-brisbane", - "name": "API Security Workshop with OWASP crAPI (hands-on)", - "date": "2024-11-12", - "time": "17:30+10:00", - "link": "https://www.meetup.com/brisbane-owasp-meetup-group/events/304354630", - "timezone": "Australia/Brisbane", - "description": "In today's rapidly digitalizing world, Application Programming Interfaces (APIs) are the backbone of communication in the vast landscape of web services, cloud applications, and microservices.\nWith this increased usage comes the inevitable rise of security threats targeting APIs. This workshop aims to arm participants with practical knowledge and hands-on experience to secure APIs effectively.\nIn this workshop, we will be using OWASP crAPI (completely ridiculous API), a purposely insecure API, to demonstrate common API vulnerabilities and their mitigations. We will discuss the 'Shift Left' approach in API security, emphasizing the importance of integrating security measures early in the development lifecycle. Participants will learn to identify, exploit, and secure API vulnerabilities, equipping them with the necessary skills to build more secure\napplications.\n\n**Requirements**:\n1\\. Active Participation: The workshop will be highly interactive\\. Questions\\, comments\\, and sharing of experiences are strongly encouraged\\.\n2\\. Laptop: As this is an in\\-person workshop\\, please bring along your laptop with any API testing tool installed\\.\n3\\. Pre\\-workshop Material: On confirmation of your attendance\\, you will receive some pre\\-workshop reading materials\\. We recommend reviewing these before the event to maximize your learning experience\\." - }, - { - "group": "Cleveland", - "repo": "www-chapter-cleveland", - "name": "OWASP Cleveland: Security Roundtable", - "date": "2024-11-12", - "time": "18:30-05:00", - "link": "https://www.meetup.com/owasp-cleveland-group/events/304415299", - "timezone": "America/New_York", - "description": "We\u2019ll be gathering on Tuesday, 11/12, at Market Avenue Wine Bar for a discussion on all things information and application security. Charles Bickel will be speaking on how he found multiple CVEs and how you can too. This will be a roundtable-style meetup, offering a chance to connect with others and talk security." - }, { "group": "Columbus", "repo": "www-chapter-columbus", @@ -109,16 +89,6 @@ "timezone": "America/New_York", "description": "*This will be at the new location, as shown below! Don't go to the wrong place!*\n\nHands-on hacking time! Security Journey has graciously allowed us to borrow their CTF for the evening to see and fix coding flaws that lead to security vulnerabilities. It's all web based, so bring your laptop! (There really isn't anything to install, so bring your work laptop.) But be there!\n\nWe'll start off with a few highlights related to what is new in the world of appsec, and have a good-of-the-order style chat about the near, they we will dig into finding and fixing some stuff." }, - { - "group": "Dallas", - "repo": "www-chapter-dallas", - "name": "OWASP November Meet - In person", - "date": "2024-11-12", - "time": "17:30-06:00", - "link": "https://www.meetup.com/dallas-the-open-web-application-security-project-meetup/events/304180205", - "timezone": "America/Chicago", - "description": "Mobile App Pentesting for Fun and Profit\n\nWelcome to the thrilling world of mobile app pentesting! This session will equip you with the skills to uncover vulnerabilities in mobile applications. Whether you\u2019re a seasoned pro or a curious newcomer, prepare for an adventure in cybersecurity." - }, { "group": "Denver", "repo": "www-chapter-denver", @@ -139,16 +109,6 @@ "timezone": "Europe/Berlin", "description": "Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event.\n\n*What are we going to talk about?*\n\n**DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event\u2014details to be announced soon!\n\n**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.\n\n*Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward.\n\n*When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST.\n\n*Where?* The event will be held at CHECK24 AG, located at Speicherstra\u00dfe 55, 60327 Frankfurt am Main.\n\n*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)\n\n*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.\n\n*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!" }, - { - "group": "Frankfurt", - "repo": "www-chapter-frankfurt", - "name": "German OWASP Day 2024", - "date": "2024-11-12", - "time": "09:00+01:00", - "link": "https://www.meetup.com/owasp-frankfurt/events/304040492", - "timezone": "Europe/Berlin", - "description": "**\\*\\*This is a paid event\\*\\***\n\nDear all,\n\nWe're proud to present a cool lineup of talks for the German OWASP Day in Leipzig on November 13th! The program committee got a solid amount of high quality submissions and thus the agony of choice.\n\n\\* Frederik Braun will present \"Modern solutions against Cross-Site Leaks (xs-leaks) and CSRF\u201c\n\\* Thomas Barber will give us insights into the project Foxhound, a taint tracking project using a patched Firefox\n\\* Malte Wessels will display results of his research on SSRF\n\\* Shubham Agarwal will raise his voice against \"Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike\"\n\\* Bj\u00f6rn Kimminich is celebrating the \"OWASP Juice Shop 10th anniversary\"\n\\* While Dr. Daniel Fett will be talking about \"How (Not) to Use OAuth in 2024\u201c,\n\\* Kristina Yasuda will tell you \"The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems\" (EUDI Wallet)\n\\* Tim Philipp Sch\u00e4fers will demystify NIS2 and hopefully NIS2UmsuCG\n\\* Diana Calder\u00f3n will explore strategies for creating and implementing Security Champion programs in organisations\n\\* Hanno B\u00f6ck will tell not-so-good stories about private keys\n\\* Stephan Pinto Spindler will share his experiences wrt \"Network Fingerprinting for Securing User Accounts\"\n\\* Behnaz Karimi will give us an overview of the OWASP AI Exchange project\n\\* Niklas Bunzel and Raphael Antonius Frick will explore the security challenges and opportunities posed by GenAI\n\\* Clemens H\u00fcbner will amend that showing how GenAI can help identifying threats\n\\* Florian Hantke and Sebastian Roth will show how to scan for Vulnerabilities Without Getting Into Trouble\n\\* Nicolas Schickert, Ole Wagner and Matthias G\u00f6hring will tackle most companies problem child \"SAP from an Attacker\u2019s Perspective \u2013 Common Vulnerabilities and Pitfalls\"\n\nThe full program is on the web site [https://god.owasp.de/](https://god.owasp.de/) .\n\n**Registration is open. [Reserve your spot](https://god.owasp.de/2024/#tickets)! \\*\\*This is a paid event\\*\\***\n\nOn the 12th of November we also offer three trainings \u2014 those have to be booked separately:\n\\* OWASP Juice Shop: Advanced Demos & For-fun CTF by Bj\u00f6rn Kimminich + Jannik Hollenbach\n\\* Getting started for establishing your Security Champions Program by Juliane Reimann + Michael Bernhardt\n\\* Building Secure Software: A Hands-On OWASP SAMM Training by Daniel Kefer.\n\nAs usual on the evening before the conference day (November 12th) there\u2019s a get-together with food and drinks.\n\n**\\*\\*THIS IS A PAID EVENT\\*\\***" - }, { "group": "Gothenburg", "repo": "www-chapter-gothenburg", @@ -169,6 +129,16 @@ "timezone": "America/New_York", "description": "OWASP topic TBA" }, + { + "group": "London", + "repo": "www-chapter-london", + "name": "OWASP London Chapter Meetup [IN-PERSON]", + "date": "2024-11-25", + "time": "18:00Z", + "link": "https://www.meetup.com/owasp-london/events/304531909", + "timezone": "Europe/London", + "description": "**This event is kindly hosted by Civo Tech Junction and sponsored by Security Compass. There is limited seating available for in-person attendees. Registration required.**\n\n**This event will be live-streamed on YouTube.**\n\n**Recordings will be available on the OWASP London YouTube channel.**\n\n**Venue Location**: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW\n**Nearest Tube:** Old Street (Northern Line), Cowper Street exit - 1 min walk\n**Doors Open at 6pm** for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).\n\n**TALKS:**\n\n**OWASP Introduction, Welcome and News** \\- Sam Stepanyan\\, Andra Lezza\\, Sherif Mansour \\- OWASP London Chapter Leaders\n\n**\"Security by Design, Not Injection\"** \u2013 Trevor Young\n\nSecurity by Design encompasses a variety of processes and technologies aimed at embedding security and compliance early in the development lifecycle. We know adopting Security by Design culture and processes can lower risk by preventing vulnerabilities in software, however effectively educating and shifting teams to implement these changes is notoriously difficult. It is a paradigm shift for most organizations, and many of them fail on their first attempt before finding\nsomething that works for them. This discussion will highlight how to explain what Security by Design is and will present strategies for communicating the importance and value it delivers.\n\n**\"OWASP Depscan v6 - The SCA Tool For Agile Builders, Creators, And Doers\"** \\- Prabhu Subramanian\n\nMost SCA tools can be best described as simple SBOM scanners with a backing vulnerability database. This naive design can lead to numerous false positive alerts due to a lack of comprehensive context. To accurately assess an application's security posture, it's crucial to consider its entire lifecycle, from pre-build to post-build, and capture the full-stack information in the form of SBOM, SaaSBOM, CBOM, OBOM etc.\nOWASP depscan v6 is a groundbreaking SCA tool that addresses these limitations by leveraging full-stack information. This innovative approach enables more precise vulnerability triage and prioritization, empowering developers to take informed action.\nJoin us to meet the project leader behind depscan v6, explore live demos, and delve into the technical intricacies of an xBOM-based SCA tool.\n\n**Guest Talk: TBC**\n\n**RAFFLE - win a prize kindly donated by our sponsors!**\n\n**SPEAKERS:**\n\n**Trevor Young**\n\nTrevor Young is an entrepreneurial product and technology leader who stays on top of the latest in design, architecture, and creative technologies. Having founded and led companies providing digital offerings, he uncovered his passion for collaborative problem solving, and innovation.He excels at finding inefficiencies in digital markets and disrupting them.\nTrevor combines strategic leadership with technical ability, formed from experience in a broad background of practical applications. Trevor currently serves as Chief Product Officer at Security Compass, where heleads product strategy for the company's Secure by Design platform, and Application Security Training library.\n\n**Prabhu Subramanian (@_prbh)**\n\nPrabhu Subramanian is a distinguished security expert and active contributor to the open-source security community. Prabhu is the author and OWASP Leader behind projects such as OWASP CycloneDX Generator (cdxgen) and OWASP depscan. He specializes in Supply Chain Security and offers consultancy to global clients via his company, AppThreat Ltd.\n\n**TICKETS:**\n\nOWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.\n\n**CODE OF CONDUCT:**\n\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)" + }, { "group": "Los Angeles", "repo": "www-chapter-los-angeles", @@ -189,16 +159,6 @@ "timezone": "America/Los_Angeles", "description": "**OWASP LA** has organized an exceptional offer for our meetup membership to participate in ***[12th Annual Data Con LA ](https://www.dataconla.com/events/dcla-2024/)***on November 16th, in the campus of CSU Long Beach, CA. Join us for deep insight in new tools and technology, training. Whether you\u2019re an industry veteran, a data science newbie, or somewhere in between, Data Con LA offers a unique opportunity to dive deep into the world of data.\n\n[Register](https://www.tickettailor.com/events/dataconla/1356949) now using discount code **OWASPLAxDCLA2024** for **33%** off the ticket price. Check the full schedule at [Data Con LA 2024 Sessions](https://www.dataconla.com/events/dcla-2024/sessions/).\n\nThis year, we\u2019re bringing you three dynamic tracks designed to cover the full spectrum of the data universe:\n\n* **AI, ML and Data Science**: Explore the cutting-edge advancements in artificial intelligence, machine learning, and data science. From groundbreaking research to practical applications, this track is your gateway to understanding how these technologies are shaping the future.\n* **Data Engineering and Ops**: Discover the backbone of the data ecosystem. This track will delve into the best practices, tools, and platforms that power data-driven organizations. Learn how to build, scale, and maintain robust data infrastructures that can handle today\u2019s complex challenges.\n* **Data Analytics and BI**: Uncover the insights that drive decision-making. This track focuses on the latest trends in data analytics and business intelligence, helping you transform raw data into actionable insights that can propel your organization forward.\n\nIn addition to these tracks, we\u2019re excited to feature a series of **expert panels** that will bring together thought leaders from across the industry to discuss the most pressing issues and future trends in data.\nFor more details on the sessions planned visit the [Sessions page](https://www.dataconla.com/events/dcla-2024/sessions/) on our website and for speaker the speaker lineup, check out the [Speakers page](https://www.dataconla.com/events/dcla-2024/speakers/).\n\nWhile the final schedule is still being perfected, rest assured that each session will be packed with valuable content, hands-on learning, and opportunities to network with peers and leaders in the field.\nOne last thing we are making happen this year is Match & Mingle, a chance to connect with another attendee. Those participating will be matched and introduced in to one other attendee based on background and interests, giving you a chance to meet someone new and make a deeper connection within the community. Look out for the opt-in question during the checkout!\nDon\u2019t miss your chance to be part of this incredible event. Stay tuned for updates on the agenda, and secure your ticket today to ensure your spot at Data Con LA 2024!\n\nAnd finally **don't forget** to visit us at the OWASP Los Angeles booth!" }, - { - "group": "Los Angeles", - "repo": "www-chapter-los-angeles", - "name": "OWASP LA Monthly In-Person Meeting - NOV 12, 2024", - "date": "2024-11-12", - "time": "17:30-08:00", - "link": "https://www.meetup.com/owasp-los-angeles/events/300687868", - "timezone": "America/Los_Angeles", - "description": "/\\*\\* NEW DATE NEW DATE NEW DATE \\*\\*/\n**TOPIC**: State of Pentesting 2024\nJoin us for great networking, dinner and drinks, and see a presentation by **Caroline Wong**, Chief Strategy Officer at Cobalt.\n\n**ABSTRACT**:\nIn the sixth annual installment of State of Pentesting 2024, Cobalt shares data and insights from more than 4000 manual pentest engagements performed in 2023, resulting in more than 39,000 security vulnerability findings. Caroline will present the data as well as commentary on artificial intelligence and offensive security.\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*" - }, { "group": "Nashville", "repo": "www-chapter-nashville", @@ -279,6 +239,16 @@ "timezone": "America/Toronto", "description": "**Welcome to our in-Person Meetup at the University of Ottawa**\n\nIn-Person Location:\n150 Louis-Pasteur Private, Ottawa,\nUniversity of Ottawa\nRoom 117\n\nWe will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you\u2019ll get a notification as soon as we go live!\n\n**YouTube Live Stream Link**: TBA\n\n**6:00 PM EST** Arrival, setup, mingle, PIZZA!!!\n\n**6:30 PM EST** Technical Talks\n\n1. Introduction to OWASP Ottawa, Public Announcements.\n2. **A Brief Overview of the OWASP Top 10 with Gabriel Kronfeld.**\n3. **DevSecOps Worst Practices with Tanya Janca.**\n\n**Abstract:**\n*A Brief Overview of the OWASP Top 10 with Gabriel Kronfeld.*\nThe OWASP Top 10 reveals the most critical security vulnerabilities facing modern web applications. This talk will walk attendees through each item on the 2021 list, from broken access control to server-side request forgery. Each vulnerability is explored in detail\u2014understanding how it works, why it\u2019s dangerous, and what\u2019s needed to prevent it. With real examples to bring these threats to life, this session is an accessible introduction for beginners and a useful refresher for seasoned practitioners.\nJoin us to get a solid foundation in web security essentials.\n\n*DevSecOps Worst Practices with Tanya Janca.*\nQuite often when we read best practices we are told \u2018what\u2019 to do, but not the \u2018why\u2019. When we are told to ensure there are no false positives in the pipeline, the reason seems obvious, but not every part of DevOps is that intuitive, and not all \u2018best practices\u2019 make sense on first blush. Let\u2019s explore tried, tested, and failed methods, and then flip them on their head, so we know not only what to do to avoid them, but also why it is important to do so, with these DevSecOps WORST practices.\n\n**Speakers:**\n**Gabriel Kronfeld** is a graduate from the University of Ottawa with a degree in Computer Engineering. With experience spanning backend programming, DevOps, system administration, and database management, Gabriel has collaborated with various Ottawa-based companies on technical projects. Although new to cybersecurity, he brings a strong technical foundation and is keen to expand his knowledge in this field. Outside of work, Gabriel enjoys cycling, photography, and building drones as hands-on hobbies.\n\n**Tanya Janca**, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security\u2019 and \u2018Cards Against AppSec'. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently leads education and community for Semgrep." }, + { + "group": "Peterborough", + "repo": "www-chapter-peterborough", + "name": "End of year meal", + "date": "2024-12-12", + "time": "19:00Z", + "link": "https://www.meetup.com/owasp-peterborough/events/303804635", + "timezone": "Europe/London", + "description": "Invite only meal, please submit attendance though group comms channel" + }, { "group": "Peterborough", "repo": "www-chapter-peterborough", @@ -319,6 +289,16 @@ "timezone": "America/Los_Angeles", "description": "At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation.\n\nSuggest topics you\u2019d like to see breakout rooms for and let us know if you\u2019d like to sign up to lead one.\n\nSlack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack)\n\nseattle-chapter@owasp.org (https://groups.google.com/a/owasp.org/g/seattle-chapter)" }, + { + "group": "Stockholm", + "repo": "www-chapter-stockholm", + "name": "Hack The Box Workshop Crate CTF with OWASP and W4C", + "date": "2024-11-16", + "time": "14:00+01:00", + "link": "https://www.meetup.com/owasp-stockholm/events/304521794", + "timezone": "Europe/Stockholm", + "description": "## Details - Note the adress says FOI but the places is the FRO ([Frivilliga Radioorganisationen](https://www.fro.se/))\n\nOne of the goals of the Hack The Box workshops we in OWASP help run alongside W4C is to practice, learn from each other, hack together and take part in CTFs as the team. One such upcoming CTF that we have anticipated is Crate CTF 2024. Crate CTF is an annual Capture The Flag (CTF) competition organised by FOI that will take place between 14:00-22:00 on November 16. This time, HTB Stockholm organisers managed to get a venue at FOI itself.\n\n**CTF team name**: FRO\n**Venue**: FRO, Norrvikenleden 10, F\u00f6rsvarsg\u00e5rden\n**Time**: between 14:00-22:00 on November 16\n**Communication during CTF**: we will not use our HTB Stockholm's Discord server, but a server provided by FRO. You will get access during the event.\n**Language**: The CTF will be in Swedish, but you can ask other attendees to help you translate.\n\n**Important**! You will need to sign up using this [form](https://forms.gle/xn93mG3CoTCxVsgP9), otherwise you will not be able to enter the venue. This is needed as per for venue's requirements. Hurry up, **limited seats** available!" + }, { "group": "Stuttgart", "repo": "www-chapter-stuttgart", @@ -368,15 +348,5 @@ "link": "https://www.meetup.com/owasp-frankfurt/events/303263383", "timezone": "Europe/Berlin", "description": "Hello everyone, we're excited to invite you to our OWASP Chapter meeting #69! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event.\n\n*What are we going to talk about?*\n\n**DSOMM and AppSec Program:** We are excited to welcome Timo Pagel, Cloud and Web Security Architect at PagelShield, a core member of the OWASP Germany Chapter, and contributor to various OWASP projects. Timo will discuss the DevSecOps Maturity Model (DSOMM) and how it can help kick-start your application security program. We will also have another speaker joining us for this event\u2014details to be announced soon!\n\n**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.\n\n*Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward.\n\n*When?* Our Meetup takes place on **27.11.2024** from **18.00 to 22.00** o'clock CEST.\n\n*Where?* The event will be held at CHECK24 AG, located at Speicherstra\u00dfe 55, 60327 Frankfurt am Main.\n\n*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)\n\n*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.\n\n*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!" - }, - { - "group": "Wrongsecrets", - "repo": "www-project-wrongsecrets", - "name": "German OWASP Day 2024", - "date": "2024-11-12", - "time": "09:00+01:00", - "link": "https://www.meetup.com/owasp-frankfurt/events/304040492", - "timezone": "Europe/Berlin", - "description": "**\\*\\*This is a paid event\\*\\***\n\nDear all,\n\nWe're proud to present a cool lineup of talks for the German OWASP Day in Leipzig on November 13th! The program committee got a solid amount of high quality submissions and thus the agony of choice.\n\n\\* Frederik Braun will present \"Modern solutions against Cross-Site Leaks (xs-leaks) and CSRF\u201c\n\\* Thomas Barber will give us insights into the project Foxhound, a taint tracking project using a patched Firefox\n\\* Malte Wessels will display results of his research on SSRF\n\\* Shubham Agarwal will raise his voice against \"Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike\"\n\\* Bj\u00f6rn Kimminich is celebrating the \"OWASP Juice Shop 10th anniversary\"\n\\* While Dr. Daniel Fett will be talking about \"How (Not) to Use OAuth in 2024\u201c,\n\\* Kristina Yasuda will tell you \"The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems\" (EUDI Wallet)\n\\* Tim Philipp Sch\u00e4fers will demystify NIS2 and hopefully NIS2UmsuCG\n\\* Diana Calder\u00f3n will explore strategies for creating and implementing Security Champion programs in organisations\n\\* Hanno B\u00f6ck will tell not-so-good stories about private keys\n\\* Stephan Pinto Spindler will share his experiences wrt \"Network Fingerprinting for Securing User Accounts\"\n\\* Behnaz Karimi will give us an overview of the OWASP AI Exchange project\n\\* Niklas Bunzel and Raphael Antonius Frick will explore the security challenges and opportunities posed by GenAI\n\\* Clemens H\u00fcbner will amend that showing how GenAI can help identifying threats\n\\* Florian Hantke and Sebastian Roth will show how to scan for Vulnerabilities Without Getting Into Trouble\n\\* Nicolas Schickert, Ole Wagner and Matthias G\u00f6hring will tackle most companies problem child \"SAP from an Attacker\u2019s Perspective \u2013 Common Vulnerabilities and Pitfalls\"\n\nThe full program is on the web site [https://god.owasp.de/](https://god.owasp.de/) .\n\n**Registration is open. [Reserve your spot](https://god.owasp.de/2024/#tickets)! \\*\\*This is a paid event\\*\\***\n\nOn the 12th of November we also offer three trainings \u2014 those have to be booked separately:\n\\* OWASP Juice Shop: Advanced Demos & For-fun CTF by Bj\u00f6rn Kimminich + Jannik Hollenbach\n\\* Getting started for establishing your Security Champions Program by Juliane Reimann + Michael Bernhardt\n\\* Building Secure Software: A Hands-On OWASP SAMM Training by Daniel Kefer.\n\nAs usual on the evening before the conference day (November 12th) there\u2019s a get-together with food and drinks.\n\n**\\*\\*THIS IS A PAID EVENT\\*\\***" } ] \ No newline at end of file