From 3a6e734ad582cf41fa0b0a19d53ca88434520671 Mon Sep 17 00:00:00 2001 From: OWASP Foundation Date: Wed, 7 Feb 2024 23:04:03 -0600 Subject: [PATCH] remote update file --- _data/community_events.json | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/_data/community_events.json b/_data/community_events.json index e4aac0c28d..5355eb98de 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -47,7 +47,7 @@ "time": "17:00-08:00", "link": "https://www.meetup.com/bay-area-owasp/events/298887422", "timezone": "America/Los_Angeles", - "description": "Thrilled to share the news about our upcoming February meetup scheduled for the 15th! . Make sure you seize the chance to acquire valuable insights directly from the stage through engaging talks by Jit and Semgrep.\n\nJoin us for an educational experience, networking, delicious food, expertly crafted cocktails, and, of course, the chance to snag some cool swag and participate in exciting raffles Courtesy our awesome hosts.\n\n**Talk #1 Tackling Vulnerabilities in Third-party Packages**\n\n**Title**: Tackling vulnerabilities in third-party packages\nDependency scanners often overwhelm developers with non-critical issues, reducing development efficiency. This session will introduce strategies for effective software dependency management, aimed at realistic security goals. We'll cover how to identify and prioritize key vulnerabilities using tools like code-scanning reachability analysis, ensuring a smoother remediation process.\n**Speaker**: Kyle Kelly - Security Research at semgrep\nKyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk.\n\n**Talk#2 Velocity + Safety - Security Metrics All Engineers Should Care About**\nMeasuring security remains difficult - but in order to level up as an industry we need to be more transparent about how we measure and optimize our security practices. This talk will unpack a novel and measurable way to quantify security progress, the same way we measure other engineering disciplines.\n**Speaker:** Raz Probstein - Solution Engineer at Jit\nRaz Probstein comes with years of experience in both leadership and technology, having served not only as Young Ambassador to the state of Israel, as well as headhunted and selected as Young Researcher at the prestigious Weizmann Institute for multi-disciplinary scientific research. Today she serves as a Solution Engineer at Jit, coming to the role with years of experience as a FullStack Engineer and years of experience in a diversity of programming languages from Python, to Javascript and C/C#, from the elite IDF unit 81 - where she was not only one of a handful of women serving in a cybersecurity role, she also mentored women to help drive more gender diversity in the unit. Today she is studying Biotechnology at the Open University, and is passionate about building cloud native security tooling developers will love." + "description": "Thrilled to share the news about our upcoming February meetup scheduled for the 15th! . Make sure you seize the chance to acquire valuable insights directly from the stage through engaging talks by Jit and Semgrep.\n\nJoin us for an educational experience, networking, delicious food, expertly crafted cocktails, and, of course, the chance to snag some cool swag and participate in exciting raffles Courtesy our awesome hosts.\n\n**Talk #1 Tackling Vulnerabilities in Third-party Packages**\n\n**Title**: Tackling vulnerabilities in third-party packages\nDependency scanners often overwhelm developers with non-critical issues, reducing development efficiency. This session will introduce strategies for effective software dependency management, aimed at realistic security goals. We'll cover how to identify and prioritize key vulnerabilities using tools like code-scanning reachability analysis, ensuring a smoother remediation process.\n**Speaker**: Kyle Kelly - Security Research at semgrep\nKyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk.\n\n**Talk#2 Velocity + Safety - Security Metrics All Engineers Should Care About**\nMeasuring security remains difficult - but in order to level up as an industry we need to be more transparent about how we measure and optimize our security practices. This talk will unpack a novel and measurable way to quantify security progress, the same way we measure other engineering disciplines.\n\n**Speaker:** Aviram Shmueli, Chief Research Officer\nAs the Chief Research & Innovation Officer and Co-Founder of Jit, the Continuous Security Platform for Developers, Aviram combines his passion for creating innovative products with deep expertise in security. With over 20 years of hands-on experience, he has held senior roles in research, engineering and product management at industry-leading organizations such as CyberArk & SentinelOne. A strong advocate for the transformative power of OSS, he believes in giving back to the community\u2014a principle central to Jit\u2019s ethos. Aviram holds a B.Sc & M.Sc in Computer Engineering, an MBA, and an MA in Law" }, { "group": "Bhopal", @@ -59,16 +59,6 @@ "timezone": "Asia/Kolkata", "description": "Join us for the OWASP Bhopal Chapter meetup where we will discuss the latest trends and best practices in web application security. Our guest speakers will share their expertise on topics such as computer security, application security, open source technologies, and network security.\n\nAt this event, you will have the opportunity to learn about new technologies and tools aimed at improving software security and protecting sensitive information. Whether you are a beginner or an experienced professional in the field of cybersecurity, this meetup will provide valuable insights and a chance to network with like-minded individuals.\n\nDon't miss out on this opportunity to enhance your knowledge and skills in the ever-evolving field of web security. Join us for an engaging evening filled with informative talks, discussions, and networking opportunities. RSVP now for our OWASP Bhopal Chapter meetup and stay ahead in the world of web application security!" }, - { - "group": "Brisbane", - "repo": "www-chapter-brisbane", - "name": "API Security Breach Analysis & Empowering Devs to Make Secure APIs ", - "date": "2024-02-07", - "time": "18:00+10:00", - "link": "https://www.meetup.com/brisbane-owasp-meetup-group/events/297749441", - "timezone": "Australia/Brisbane", - "description": "This talk is a comprehensive exploration of API security, high-profile breach analysis, and strategies to help developers create secure APIs. This presentation will underscore the critical role that APIs play in modern applications and the urgency of implementing robust security measures. It highlights the significance of collaboration between developers, security teams, and operations for an integrated approach to API security.\n\nTopics covered in this talk include: API breach analysis from a decade of data, top common security risks, multi-vector breaches, real-world examples, API security strategies (starting with visibility), the need to empower developers, the DevSecOps approach, security assessment process and the future of API security, which includes even more risks and threats." - }, { "group": "Cairo", "repo": "www-chapter-cairo", @@ -119,16 +109,6 @@ "timezone": "Europe/Berlin", "description": "Hello everyone, we're excited to invite you to kick off our first OWASP Chapter meeting in 2024! Our Chapter serves central Germany particular within the Rhine-Main (Hesse) region as a platform to discuss and share topics all around information and application security. Anyone with an interested and enthusiastic about application security is welcome. All meetings are free and open. You do not have to be an OWASP member.\n\nThere will also be plenty of time to socialize before and after the event.\n\n_What's going to happen?\nWe look forward to welcoming you to our OWASP Frankfurt Meetup - talks and location are to be announced!\n\n_What are we going to talk about?\n\n**1\\. Talk:** **The Role of Data-Centricity in Application and Cloud Security**\n\n*Prof. Dr. Igor Podebrad - Director, Office of the CISO, Google Cloud and former Group CISO at Commzerbank*\n\nIn this talk, Igor explores the journey towards a data-centric security culture. He will delve into the challenges and strategies of embedding data-centricity in cloud and application security initiatives. Drawing from his experience, Igor also shares his experience how this approach transforms organizational security culture.\n\n2\\. Talk **SecOps Evolution: Navigating Security Risks and Operational Changes in the Era of Cloud**\n\n*Esra Yildiz - Security Cloud Solution Architect, Microsoft*\n\nEsra from Microsoft addresses the complex SecOps challenges in the cloud transformation era. Drawing from her experience, Esra will provide her insights on how to identify risks and managing operational changes into creating effective security strategies for evolving cloud environments.\n\n_Afterwards?\nWe will pre- and conclude the evening with the possibility of **socializing** at the venue with **free food and cold & hot drinks**.\n\n_When?\nOur Meetup takes place on 28.02.2024 from 18.00 to 21.30 o'clock CEST.\n\n_Where?\nDZ Bank, Platz d. Republik, 60325 Frankfurt am Main (Meet at the main Entrance and follow the OWASP signs to guide you)\n\n_Interested in **giving a talk** yourself?\nSubmit your talk here: https://www.papercall.io/owasp-chapter-frankfurt\n\n_And now?\nSave the date, **spread the word,** and bring your friends and colleagues along to our event.\n\n_Follow Us!\nAlso, follow us on and refer to our [OWASP Frankfurt site](https://owasp.org/www-chapter-germany/stammtische/frankfurt/) for information including slides and recordings of previous presentations\n\nWe're looking forward to seeing you at our event!" }, - { - "group": "Germany", - "repo": "www-chapter-germany", - "name": "Beginner's guide to SSO (mis)configuration | Omnipresent Biometric Surveillance", - "date": "2024-02-07", - "time": "18:30+01:00", - "link": "https://www.meetup.com/owasp-hamburg-stammtisch/events/298504203", - "timezone": "Europe/Berlin", - "description": "Dear folks,\n\nlate happy new year!\n\nWe'll present another event, taking place @ New Work (formerly known as XING).\n\nWe present two talks; Adina will talk about intricacies of SSO and IdPs. Matthias will present useful insights on his research and privacy implications on several aspects of facial recognition. Both talks will be held in English.\n\nDoors are open on 18:00 CEST on and we will begin with the presentations at 18:30 CEST!\n\n**In a nutshell**\nLocation: Strandkai 1, 20457 Hamburg\nStart: Doors open @ 6:00 CEST, February 7th. 6:30 pm sharp start the talks\nTitle: *A beginner's guide to SSO (mis)configuration* by Adina Bogert-O'Brien\nTitle: *Omnipresent Biometric Surveillance* by Matthias Marx\nNetworking: Stay there or depending on our mood we'll have an after-talk beer somewhere in the vicinity of the venue\n\n**Abstract: A beginner's guide to SSO (mis)configuration**\nSSO is sold as a way to\n\n* centralize managing your organization\u2019s users,\n* make life easier for your colleagues, and\n* enforce consistent security standards.\n\nBut SSO protocols are just ways for an identity provider to share information about an authenticated identity with another service. Me having a way to tell my vendor \u201cyeah, that\u2019s Bob\u201d doesn\u2019t tell me what the vendor does with this information, or if the vendor always asks me who\u2019s coming in the door.\nA bad SSO implementation can make you think you\u2019re safer, while hiding all the new and fun things that have gone wrong.\nTo get the most out of implementing SSO, I need to know what I\u2019m trying to accomplish and what steps I need to follow to get there. To illustrate why SSO needs to be set up carefully, for each of the things you need to do right, I\u2019ll give you some fun examples of creative ways you and your vendor can do this wrong. We all learn from failure, right???\nI\u2019m sharing this info because this year I got deeply involved in the SSO setup for several vendors at work. It turns out that I\u2019m good at asking weird questions, and it\u2019s an extremely valuable thing to do. If you know how things should be, then you know where they could be broken, and you can ask your vendors (and your colleagues!) \u201cweird questions\u201d before an adversary does.\nI'm especially interested in what the OWASP Hamburg group has to say about these misconfigurations: how does OWASP documentation cover things like this?\n\n**Abstract: Omnipresent Biometric Surveillance**\nBiometric surveillance is ever-present in Germany and many of us have not realized this. Facial recognition search engines like Clearview AI and Pimeyes feed our faces to their gigantic search indexes without our explicit consent. Matthias shares his experiences attempting to uphold privacy through GDPR, shedding light on the associated challenges.\n\n**Our OWASP \"Stammtisch\"**\nOur meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about information security: developers, managers, pen testers and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information. Feel free to forward our meetup URL to your colleagues or friends. They are welcome, too. Participation is free and open -- as the O in OWASP.\n\nCheers, Dirk & Bj\u00f6rn" - }, { "group": "Hyderabad", "repo": "www-chapter-hyderabad", @@ -169,6 +149,16 @@ "timezone": "Europe/Lisbon", "description": "Join us for the first event of the year, with two great speakers!\n\nThe OWASP Lisboa chapter meetup will be held on Mar 5th, 2024, at 18:00, **and is** **supported by [Celfocus](https://www.celfocus.com/) and [AP2SI](https://ap2si.org/).**\n\nThe schedule is the following:\n**18:00** - **Welcome notes** by the OWASP Lisboa chapter leadership team\n**18:15** - **LLM Security: The OWASP Top 10 Journey** by Jorge Pinto\n**19:10** - **SBOM, SBOM, you're an SBOM** by Diogo Sousa\n**20:00** - **Drinks & Dinner** by Celfocus\n\n\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\n**Talks**:\n\nTitle: **LLM Security: The OWASP Top 10 Journey**\n\nSpeaker: **Jorge Pinto**\n\nAbstract:\nJoin me for a journey into the development of the OWASP Top 10 for Large Language Model Applications. In this presentation, we will uncover the background, challenges, and collaborative efforts that led to the creation of this resource for the cybersecurity community.\n\nThe presentation will be around 20\\~30 minutes incl. Q&A and will have the following structure:\n\n(1) Introduction\n\nIntroduce the audience to Large Language Models (LLMs) and their significance.\nExplain why creating an OWASP Top 10 for LLMs was necessary to address LLM security concerns.\n\n(2) Project Development\n\nDescribe the inception of the OWASP Top 10 for LLMs project and key contributors.\nHighlight any challenges faced during its development and how they were overcome.\n\n(3) Top 10 LLM Security Risks and Mitigation\n\nPresent the identified top security risks associated with Large Language Models.\nOffer practical recommendations and mitigation strategies to address these risks.\n\n(4) Conclusion and Future Outlook (2-3 minutes)\n\nSummarize the main takeaways from the presentation.\nDiscuss the ongoing relevance and future of LLM security and the OWASP Top 10 for LLMs.\n\nBio:\nWith more than 25 years of experience, Jorge Pinto is a professional in the area of information security in Portugal. With a degree in Computer Engineering from the University of Lisbon, he is a Senior Engineer and has several certifications such as CISSP, CISA, CISM and CRISC. Throughout his career he has played several roles, contributing to the effective response of various entities to security, privacy and business continuity challenges. Founder and president of AP2SI, co-organizer of BSidesLisbon and active member of several associations, including OWASP, he is a committed professional dedicated to promoting good practices and knowledge of information security in Portuguese society.\n\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\n\nTitle: **SBOM, SBOM, you're an SBOM**\n\nSpeaker: **Diogo Sousa**\n\nAbstract:\nSoftware Bill of Materials (SBOM) is a concept that recently has been making waves in SDLC spaces but it isn't entirely new. Most mature languages have a (sometimes) mature package management system, either built-in (e.g., Rust's cargo) or de facto (e.g., Maven) that allows developers to define dependencies, resolve conflicts and do composition analysis.\n\nSBOMs, however, allow you to take this one step further, making it language-agnostic and allowing components from different ecosystems to use a common language for comparisons and analysis. However, we don't get those features out of the box. For example, consider common libraries in different package repositories - are all OpenSSL packages created equally and equivalent?\n\nOWASP is playing a part in this via its support for projects like CycloneDX which aims to provide a full-stack BOM standard to cover specific scopes such as the CBOM (Cryptography) and HBOM (Hardware) among others.\n\nThis shift towards software being more transparent and traceable is not without its detractors, as entire business models are predicated on customers using purely opaque boxes.\n\nIn the spirit of the topic, here is a Talk Bill of Topics:\n\n\\- Are BOM requirements burdensome?\n\\- Are we revealing too much of the \"secret sauce\"?\n\\- Does having an SBOM instantly make a piece of software more secure?\n\\- If we take a piece of software and replace every entry in its BOM with fully equivalent packages\\, one by one\\, is it still the same software in the end?\n\nThis talk targets a beginner to intermediate audience and will provide an overview of (S)BOMs, their ongoing challenges, and what they can bring to the table in terms of security.\n\nBio:\nAn opinionated individual with an interest in cryptography and its intersection with secure software development.\n\nLinkedIn: [https://www.linkedin.com/in/0xdsousa/](https://www.linkedin.com/in/0xdsousa/)" }, + { + "group": "London", + "repo": "www-chapter-london", + "name": "20th Anniversary OWASP London (Follow external page to sign up)", + "date": "2024-02-22", + "time": "17:00Z", + "link": "https://www.meetup.com/owasp-london/events/299058348", + "timezone": "Europe/London", + "description": "DO NOT RSVP on Meetup, use Google RSVP system here:\nhttps://rsvp.withgoogle.com/events/20th-anniversary-owasp-london-google\n\n**[20 years of OWASP London](https://rsvp.withgoogle.com/events/20th-anniversary-owasp-london-google)**\n\nJoin us as we celebrate a remarkable milestone - the 20th anniversary of OWASP in London! This special event will reflect on the evolution of application security, celebrate our community's achievements, and look ahead to the challenges and opportunities of the future.\n\n**Date:** Thu Feb 22 2024\n**Time:** 5pm-9pm\n**Location:** Google London - 6 Pancras Square\n\nAt this milestone event, we'll delve into the latest trends, challenges, and innovations in the ever-evolving world of cybersecurity. Renowned experts will share their insights through engaging talks and interactive sessions.\n\nWhether you're a seasoned professional or just starting your cybersecurity journey, this event offers a unique opportunity to expand your knowledge and connect with industry leaders.\n\nTo secure your spot, please follow the **[external page](https://rsvp.withgoogle.com/events/20th-anniversary-owasp-london-google)** for registration details. Hurry, as spaces are limited!\n\nWe look forward to seeing you there!" + }, { "group": "Los Angeles", "repo": "www-chapter-los-angeles", @@ -297,7 +287,7 @@ "time": "18:00+01:00", "link": "https://www.meetup.com/owaspswitzerland/events/298549900", "timezone": "Europe/Zurich", - "description": "In this talk Petar will provide us insights in the state of quantum computing and its impact on cryptography.\n\nMore Details to come... stay tuned." + "description": "In this talk, we will delve into the complex world of quantum computing and explore the basics of **how these machines operate**.\nWe will discuss the **fundamental concepts of quantum states**, including their properties and measurement, as well as the phenomenon of entanglement.\n\nAdditionally, we will cover **how to implement functions on a quantum computer** and provide an overview of popular **quantum algorithms** such as the Deutsch-Jozsa algorithm, Grover's algorithm, and Shor's algorithm.\nWe will also explore the **practical implications of quantum computing**, including an overview of the current state of quantum computers and their potential **impact on cryptography**.\n\nThe talk will conclude with an examination of the popular cryptosystems that are under threat and the efforts by organizations, such as NIST, to address these challenges.\n\nJoin Petar in this OWASP Switzerland event for a comprehensive overview of quantum computing and its real-world implications." }, { "group": "Tampa",