From aad2b859883c4fc583f648e0c0e756acff4aa1f7 Mon Sep 17 00:00:00 2001 From: OWASP Foundation Date: Thu, 9 Nov 2023 23:04:04 -0600 Subject: [PATCH] remote update file --- _data/community_events.json | 58 +++++++++++++++---------------------- 1 file changed, 24 insertions(+), 34 deletions(-) diff --git a/_data/community_events.json b/_data/community_events.json index e0d9573eca..484d0c5cfa 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -9,16 +9,6 @@ "timezone": "Europe/Copenhagen", "description": "Notice that this is a virtual event running on Zoom. Please reach out if the event gets packed, and I will add room for more people.\n\nOWASP Aarhus will be joined by Simon Bennetts, project-lead for ZAP, and Liz Keogh, who will talk about human nature and behaviour and how that impacts software development.\n\nWe will update this event with more details when we get closer to the event." }, - { - "group": "Atlanta", - "repo": "www-chapter-atlanta", - "name": "Software Supply Chain 101: Understanding Dependencies", - "date": "2023-11-09", - "time": "8:30-05:00", - "link": "https://www.meetup.com/owasp-atlanta/events/297118104", - "timezone": "America/New_York", - "description": "Explore the essential functions of software dependencies, manifest, and lock files, emphasizing their contribution to security. This presentation underscores the significance of managing vulnerabilities using software composition analysis tools, offering insights and practical strategies to enhance the security of your software supply chain.\n\nSpeaker Bio:\nKyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition to this research, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk." - }, { "group": "Bangalore", "repo": "www-chapter-bangalore", @@ -77,7 +67,7 @@ "time": "8:00+10:00", "link": "https://www.meetup.com/brisbane-owasp-meetup-group/events/297107209", "timezone": "Australia/Brisbane", - "description": "Hi all,\nWe have an exciting presentation up-coming.\nThe presentation title, description, etc will be confirmed soon.\nStay tuned for the deets, and hope to see you there.\n\nThis talk will be held in Brisbane City, likely at Exclaim IT (although I need to book this officially :D)" + "description": "Capture the Flag (CTF) competitions are held globally, and are in constant need for new participants to help build them. In this discussion: Explore CTF creation, Aaron Burrows and Jake Dunn will discuss CTF challenge types: services, web apps, binary, video games, and infrastructure, and ideas to get your next challenge written." }, { "group": "Bristol Uk", @@ -139,6 +129,26 @@ "timezone": "America/Chicago", "description": "Please join us for the Houston AppSec Happy Hour from 4-6 PM on Thursday November 30th at Kirby Ice House located at 1015 Gessner Rd, Houston, TX 77055.\n\nThis happy hour event is sponsored by Checkmarx and Orasi Saltworks who will be providing the drinks.\n\nWe hope to see you there." }, + { + "group": "Houston", + "repo": "www-chapter-houston", + "name": " OWASP Houston Chapter API Security Study Group Session 3 - Exploring crAPI ", + "date": "2023-11-20", + "time": "8:30-06:00", + "link": "https://www.meetup.com/owasp-houston-texas-chapter/events/297260466", + "timezone": "America/Chicago", + "description": "Starting with this session, we will begin working with crAPI using the tools we installed in lesson 2.\n\n[completely ridiculous API (crAPI)](https://owasp.org/crAPI/)" + }, + { + "group": "Italy", + "repo": "www-chapter-italy", + "name": "OWASP Italy November 2023 Online Meetup ", + "date": "2023-11-24", + "time": "6:00+01:00", + "link": "https://www.meetup.com/owasp-italy-meetup-group/events/297256302", + "timezone": "Europe/Rome", + "description": "OWASP Italy online Meetup is a 2 hours conference focused on web application and software security, application security testing tools and technologies.\n\nNext 24th November we will 2 exceptional speakers:\n\n* **Luca Compagna** \\- Senior Scientist / Research Architect at SAP Security Research\n* **Claudio Merloni** \\- Security Research Manager at Semgrep\n\nLuca will talk about: \"Testability Patterns for Web Applications \u2013 an OWASP project\"\n\nClaudio will focus on: \"Scaling your AppSec program with secure defaults\"\n\nThis Meetup provided a unique opportunity to learn about application security topics and to network with application security professionals/managers, software engineers, software quality engineers/testers and computer science students.\n\nSecure now your spot for the upcoming online event!\n\nMore information and the Agenda at the following URL:\nhttps://owasp.org/www-chapter-italy/events/owaspit-24112023" + }, { "group": "Jacksonville", "repo": "www-chapter-jacksonville", @@ -159,25 +169,15 @@ "timezone": "Europe/Lisbon", "description": "Join us for an evening of celebration and preparation as OWASP Lisbon marks its one-year anniversary! As we reflect on the past year's achievements, we're excited to kick off a series of meetups that will lead us into the highly anticipated OWASP Global AppSec Lisbon Event. This first meetup of the series will set the stage for an incredible journey towards building more secure applications and connecting with fellow appsec enthusiasts.\n\nThe meetup takes place on November 15th, 2023, at 18:00, at the OLX office, and is **sponsored by OLX and AP2SI**.\n\nThe schedule is the following:\n18:00 - **The Cake** by the OWASP Lisboa chapter leadership team\n18:15 - **Seeing What\u2019s Wrong Just Right** by Jasvir Nagra\n19:10 - **Why everyone in your cyber security team needs to be an AI expert** by Dinis Cruz\n20:00 - **Drinks & Dinner** by OLX\n\n\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\n**Talks**:\n\nTitle: **Seeing What\u2019s Wrong Just Right**\n\nSpeaker: **Jasvir Nagra**\n\nAbstract:\nWriting web applications is hard. Debugging them is harder. Security bugs are even harder because not only does an application have to work, it has to stop working when the input is malicious. One approach web developers have taken to managing the complexity of writing large web programs is to make it harder to write incorrect programs. Static type checkers, linters, tests and testing frameworks have all made it easier to write correct code. Nevertheless, incorrect and vulnerable programs still exist. In fact, the very success of these tools in avoiding common errors has meant developers spend increasing amounts of time debugging only subtle bugs. In distributed systems, the challenge is even harder because debugging tools give you glimpses into the program state\u2014some on the server, some on the client\u2014without giving you a coherent view of the entire system. Not only are web programs inherently distributed between the server and the client, any one web page in the browser is itself made up of different iframes, events and event handlers, and sometimes service workers all communicating asynchronously. In this talk, I will share a few painful distributed web app debugging anecdotes and an alternate approach to get a holistic view of a program to track down elusive bugs. This approach uses virtualization to create complete traces of just those aspects of the program we suspect are buggy without having to model all program state. Virtualization allows us to momentarily ignore incidental bugs discovered while hunting the core one without it getting in the way, and visualization of the collected traces to build up causal diagrams to inform our intuition when our mental models deviate from reality. I will demonstrate how to recognize and tackle debugging problems with this approach and cover pitfalls you may run into with virtualization.\n\nBio:\nJasvir Nagra is widely recognized as a thought leader in software protection. He is co-author of Surreptitious Software, the definitive textbook on software protection, and an early researcher in obfuscation, software watermarking, and fingerprinting. With more than 12 years of experience, his professional path includes companies such as Instart, Dropbox and Google - where he led the Caja project. As an advisor to Jscrambler, he is helping cybersecurity startups address key technological challenges.\n\n\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\n\nTitle: **Why everyone in your cyber security team needs to be an AI expert**\n\nSpeaker: **Dinis Cruz**\n\nAbstract:\nSimilar to how electricity revolutionised our lives and is now ubiquitous, Gen AI is poised to become an integral part of everything Cyber Security teams do everyday. Therefore, there is an increasing need to deepen our understanding and expertise in this transformative technology. It's time to embrace the opportunities AI presents and equip ourselves with the knowledge to thrive in this rapidly evolving landscape.\n\nBio:\nDinis Cruz is the Chief Scientist of Glasswall and the CISO of Holland & Barrett, who brings a unique blend of Security and Engineering expertise with 20+ years experience in Cyber Security and Software Development. Dinis is focused on creating Gen AI powered teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productisation and commercialisation of advanced technologies." }, - { - "group": "Ljubljana", - "repo": "www-chapter-ljubljana", - "name": "OWASP Ljubljana Virtual Meetup", - "date": "2023-11-09", - "time": "6:30+01:00", - "link": "https://www.meetup.com/owasp-ljubljana-chapter/events/296853307", - "timezone": "Europe/Belgrade", - "description": "Lepo pozdravljeni in dobrodo\u0161li na prvem sre\u010danju OWASP Ljubljana, ki ga bomo izvedli virtualno.\n\nNa za\u010detku sre\u010danja bomo kratko predstavili organizacijo OWASP in OWASP Ljubljana (Bo\u0161tjan \u0160pehonja in Mitja Trampu\u017e), v nadaljevanju pa bomo predstavili postkvantno kriptografijo (dr. Nastja Cepak).\n\nOpis predavanja:\n**Postkvantna kriptografija**\nKriptografija je u\u010dinkovit na\u010din za za\u0161\u010dito zaupnosti in celovitosti informacij ter za\u0161\u010dito informacijskih sistemov pred kibernetskimi gro\u017enjami. Kvantno ra\u010dunalni\u0161tvo grozi, da bo razbilo ve\u010dino dana\u0161nje kriptografske za\u0161\u010dite. \u010ceprav \u017ee prihajajo poro\u010dila o prvih poskusih zloma uveljavljenih kriptografskih algoritmov, kvantni ra\u010dunalniki, ki so na voljo ta trenutek, v splo\u0161nem \u0161e niso dovolj zmogljivi, da bi jih razbili. Vendar bo v prihodnosti mo\u017eno izkoristiti dovolj zmogljiv kvantni ra\u010dunalnik za de\u0161ifriranje, branje ali dostop do ob\u010dutljivih informacij.\nSpreminjanje miselnosti in na\u010dina dela, ki ga zahtevajo kvantni ra\u010dunalniki in algoritmi, je dolgotrajno in zahtevno, saj gre za popolnoma druga\u010den pristop od klasi\u010dnih ra\u010dunalnikov in algoritmov. Prehodi na nove kriptografske algoritme so dragi, motijo poslovanje in obi\u010dajno trajajo veliko dlje od predvidenega. Prav zdaj je pred nami eden najpomembnej\u0161ih kriptografskih prehodov: od klasi\u010dne kriptografije z javnim klju\u010dem do kvantno varne, post-kvantne kriptografije (PQC \u2013 post quantum cryptography). Pri PQC gre za oblikovanje kriptografskih re\u0161itev, ki jih lahko uporabljajo dana\u0161nji nekvantni ra\u010dunalniki in za katere smo prepri\u010dani, da so odporne tako na klasi\u010dno kot na prihodnjo kvantno kriptoanalizo." - }, { "group": "London", "repo": "www-chapter-london", - "name": "OWASP London Chapter Meetup [IN-PERSON]", + "name": "OWASP London Chapter Meetup [IN-PERSON] at TikTok London HQ", "date": "2023-11-16", "time": "8:00Z", "link": "https://www.meetup.com/owasp-london/events/297245227", "timezone": "Europe/London", - "description": "**This event is kindly sponsored and hosted by TikTok London HQ. There is limited seating available for in-person attendees. Registration required.**\n\n**Venue Location:** Kaleidoscope, 4 Lindsey Street, Barbican, London ,EC1A 9PL\n**Nearest Tubes:** Farringdon Elizabeth Line (1 min walk); Barbican (3 min walk)\n**Doors Open** at 6pm for registration, food, drinks and networking. The talks start at 6:30pm (we start on time).\n\n**TALKS:**\n**OWASP Introduction, Welcome and News - Sam Stepanyan**\nWelcome and a brief update on OWASP Projects & Conferences\n\n**Introduction to OWASP depscan - the SCA tool that is built to forget - Prabhu Subramanian**\n\nSoftware composition analysis tools, both commercial and open source, have some problems. They are too noisy, constantly distracting developers and AppSec with needless pull requests and non-actionable alerts. In this talk, we introduce OWASP depscan, the SCA tool that is purpose-built to cut the noise, make security actionable, and help dev teams forget the tool even exists in their CI pipeline.\n\n**Cloud Security Talk (details TBC) - Ashish Rajan**\nAbstract TBC\n\n**SPEAKERS:**\n\n**Prabhu Subramanian (@_prbh)**\nPrabhu Subramanian is the author and OWASP leader behind projects such as CycloneDX Generator (cdxgen) and depscan. He specializes in Supply Chain Security and offers consultancy to global clients via his company, AppThreat Ltd.\n\n**Ashish Rajan (@hashishrajan)**\nAshish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, CyberSecurity Influencer, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps.\nHe is a frequent contributor on topics related to public cloud transformation, DevSecOps, Future Tech and the associated security challenges for practitioners and CISOs.\n\n**TICKETS:**\nThis event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security.\n\n**CODE OF CONDUCT:**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously.\nOWASP aims to provide a harassment-free experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, age, or religion. We do not tolerate harassment of event participants in any form.\nAdditionally, participating in OWASP events means you shall also adhere to the OWASP Code of Conduct which you can find here: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)" + "description": "**This event is kindly sponsored and hosted by TikTok London HQ. There is limited seating available for in-person attendees. Registration required.**\n\n**Venue Location:** TikTok London HQ, Kaleidoscope, 4 Lindsey Street, Barbican, London , EC1A 9PL\n**Nearest Tubes:** Farringdon Elizabeth Line (1 min walk); Barbican (4 min walk)\n**Doors Open** at 6pm for registration, food, drinks and networking. The talks start at 6:30pm (we start on time).\n\n**TALKS:**\n\n**OWASP Introduction, Welcome and News - Sam Stepanyan**\nWelcome and a brief update on OWASP Projects & Conferences\n\n**\"Introduction to OWASP depscan - the SCA tool that is built to forget\" - Prabhu Subramanian**\n\nSoftware composition analysis tools, both commercial and open source, have some problems. They are too noisy, constantly distracting developers and AppSec with needless pull requests and non-actionable alerts. In this talk, we introduce OWASP depscan, the SCA tool that is purpose-built to cut the noise, make security actionable, and help dev teams forget the tool even exists in their CI pipeline.\n\n**\"ChatGPT Tutorial for Developers - 10X your AWS Security Skills\" - Ashish Rajan**\n\nThis talk will go through the foundational cloud security components of deploying AWS with security at scale traditionally. Then we will attempt the same with ChatGPT for those who are perhaps new to AWS but would like the new way of learning cloud security\n\n**SPEAKERS:**\n\n**Prabhu Subramanian (@_prbh)**\n\nPrabhu Subramanian is the author and OWASP leader behind projects such as CycloneDX Generator (cdxgen) and depscan. He specializes in Supply Chain Security and offers consultancy to global clients via his company, AppThreat Ltd.\n\n**Ashish Rajan (@hashishrajan)**\n\nAshish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, CyberSecurity Influencer, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps.\nHe is a frequent contributor on topics related to public cloud transformation, DevSecOps, Future Tech and the associated security challenges for practitioners and CISOs.\n\n**TICKETS:**\n\nThis event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you must RSVP - your name will be checked by the TikTok building security against the guest list.\n\n**CODE OF CONDUCT:**\n\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously.\nOWASP aims to provide a harassment-free experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, age, or religion. We do not tolerate harassment of event participants in any form.\nAdditionally, participating in OWASP events means you shall also adhere to the OWASP Code of Conduct which you can find here: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)" }, { "group": "Los Angeles", @@ -249,16 +249,6 @@ "timezone": "Pacific/Auckland", "description": "We're pleased to announce that we'll be holding an OWASP Training Day event in Dunedin, on Saturday, 11th November.\n\nClasses will run 8:45 a.m. - 5:30 p.m. Tea breaks and lunch will be provided.\n\nRegistration Fee: $99 per attendee (plus GST and booking fees)\n\nWe're in the process of confirming our classes and trainers, so we'll update this description with registration information as soon as those are confirmed." }, - { - "group": "Northern Virginia", - "repo": "www-chapter-northern-virginia", - "name": "Hacking the Cloud", - "date": "2023-11-09", - "time": "8:30-05:00", - "link": "https://www.meetup.com/owasp-northern-virginia-chapter/events/297090103", - "timezone": "America/New_York", - "description": "Cloud Penetration Testing helps answer the following question: \"What's the worst that can happen if my cloud-hosted application is compromised?\" In short, you don\u2019t have to wait until someone discovers an RCE or SSRF in your application to learn about the potential impact. You can conduct objective-based, assumed breach cloud penetration tests in your cloud environment beforehand. This allows you to identify and rectify the most exploitable attack paths long before your application is ever compromised. In fact, it\u2019s an ideal complement to Application Penetration Testing for cloud-hosted applications.\n\nIn this talk, Seth will walk through the art of cloud penetration using two open-source tools developed by Bishop Fox: CloudFox and CloudFoxable. CloudFox assists penetration testers and security professionals in identifying exploitable attack paths in cloud infrastructure, while CloudFoxable provides terraform code that lets you deploy intentionally vulnerable resources into your own AWS playground account." - }, { "group": "Orange County", "repo": "www-chapter-orange-county", @@ -267,7 +257,7 @@ "time": "8:00-08:00", "link": "https://www.meetup.com/owasp-oc/events/296965469", "timezone": "America/Los_Angeles", - "description": "Please join us for our first **in-person Cyber Mixer** with Orange County's cybersecurity organizations and groups!\nThe Orange County (OC) cybersecurity organizations and groups that will participate in this event are:\n\n* **OWASP Orange County**\n* **Women's Society of Cyberjutsu SoCal Chapter**\n* **ISACA Orange County**\n* **Cloud Security Alliance Orange County**\n* **ISSA of Orange County**\n* **Irvine Underground**\n\n**Additional details**\nThis is a combined event with other Orange County cybersecurity organizations. It is not a sponsored event and will not be expected to have food and drinks provided. Since this is the first time we're doing this, we will hear from our members what things could be improved or requested for future mixers." + "description": "**UPDATE: We are still accepting RSVPs but please use this URL so we can properly account for cross-group RSVPs**\n[https://www.eventbrite.com/e/orange-county-cybersecurity-mixer-tickets-754427411697](https://www.eventbrite.com/e/orange-county-cybersecurity-mixer-tickets-754427411697)\n\nPlease join us for our first **in-person Cyber Mixer** with Orange County's cybersecurity organizations and groups!\nThe Orange County (OC) cybersecurity organizations and groups that will participate in this event are:\n\n* **OWASP Orange County**\n* **Women's Society of Cyberjutsu SoCal Chapter**\n* **ISACA Orange County**\n* **Cloud Security Alliance Orange County**\n* **ISSA of Orange County**\n* **Irvine Underground**\n\n**Additional details**\nThis is a combined event with other Orange County cybersecurity organizations. It is not a sponsored event and will not be expected to have food and drinks provided. Since this is the first time we're doing this, we will hear from our members what things could be improved or requested for future mixers." }, { "group": "Ottawa",