diff --git a/_data/community_events.json b/_data/community_events.json index 01acadeda1..1c8f975e12 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -47,7 +47,17 @@ "time": "7:00-08:00", "link": "https://www.meetup.com/bay-area-owasp/events/298342170", "timezone": "America/Los_Angeles", - "description": "Host(Synopsys) requires full name and email address to pre-register the attendees. Host has assured that this data will not be used for marketing or any other purpose. Kindly use use the below link to register:\n\n**[https://www.eventbrite.com/e/january-meetup-tickets-790684256897?aff=oddtdtcreator](https://www.eventbrite.com/e/january-meetup-tickets-790684256897?aff=oddtdtcreator)**\n\nHappy New year, Please join us at Synopsys HQ in Sunnyvale to Meet-Up and discuss some of the challenges that we face securing software and building TRUST into the products/services that we use daily. Along with informative talks around AppSec, there will also be some awesome food & drinks, as well as access to an outdoor patio for network throughout the event.\n\nBrief agenda below:\n5:00 \u2013 6:00: Networking/Food\n6:00 \u2013 6:25: What is Application Security Posture Management (ASPM)?\n6:30 \u2013 6:55: Coverage - The Missing Link of WebApp/API Security Testing\n6:55 \u2013 7:10 : Short Break\n7:10 \u2013 7:35: TBD\n7:35 \u2013 8:00: Networking\n\n**What is Application Security Posture Management (ASPM)?**\nCompanies adopt many application security testing (AST) tools to pinpoint critical software issues and keep compliant with OWASP standards. Yet despite this AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM).\nIn this session, we\u2019ll dive into:\n\\- What is ASPM\\, and capabilities that a comprehensive solution should have\n\\- Best practices on using ASPM to accelerate AppSec transformation and consolidate data\\, workflows\\, and visibility\n\\- How ASPM is central to helping your teams keep up with OWASP compliance and mitigate software risk at scale\\.\n\n**Speaker:-** Natasha is a Senior Product Marketing Manager at Synopsys, driving go-to-market strategy for Software Risk Manager, an ASPM solution. She has worked for ten years in the cybersecurity and enterprise networking space. Prior to Synopsys, Natasha was with ServiceNow, where she managed product marketing initiatives for ServiceNow Security Operations, a SOAR platform for incident and vulnerability management. She has also held roles in product marketing and software product management at Imperva and A10 Networks.\nTalk#2: **Coverage - The Missing Link of WebApp/API Security Testing**\nMost DAST tools will boast about how many hundreds of thousands of attacks/checkers/vulns they scan for. But most still have a hard time automatically finding all of the pages/endpoints/actions in modern applications (e.g. SPAs) and APIs. Not to mention figuring out how to test everything they find in both a meaningful way and a reasonable amount of time. After all these years and entire markets built on web scraping, why is crawling for security testing still so hard? Why isn't an OpenAPI/Swagger spec enough to properly test an API? And what are we doing about it? In this session we'll dive in to those missing links and explore how we can actually feel confident in our automated testing coverage.\n\n**Speaker2**: Steve Chappell, SW Manager & API Security Evangelist\nSteve has done a little bit of everything in his 10 years at Synopsys (R&D, Sales, and yes, he even got suckered into Marketing for a while), but currently loves his role as a SW Engineering Manager, leading a team developing novel dynamic testing engines targeting webapps and APIs. When he's not evangelizing Application/API security, you might find him playing or creating word/puzzle games at the top of a multi-pitch climb drinking a craft or Belgian beer... or coaching youth sports.\n\n**Talk3#** TBD" + "description": "Host(Synopsys) requires full name and email address to pre-register the attendees. Host has assured that this data will not be used for marketing or any other purpose. Kindly use use the below link to register:\n\n**[https://www.eventbrite.com/e/january-meetup-tickets-790684256897?aff=oddtdtcreator](https://www.eventbrite.com/e/january-meetup-tickets-790684256897?aff=oddtdtcreator)**\n\nHappy New year, Please join us at Synopsys HQ in Sunnyvale to Meet-Up and discuss some of the challenges that we face securing software and building TRUST into the products/services that we use daily. Along with informative talks around AppSec, there will also be some awesome food & drinks, as well as access to an outdoor patio for network throughout the event.\n\nBrief agenda below:\n5:00 \u2013 6:00: Networking/Food\n6:00 \u2013 6:25: What is Application Security Posture Management (ASPM)?\n6:30 \u2013 6:55: Coverage - The Missing Link of WebApp/API Security Testing\n6:55 \u2013 7:10 : Short Break\n7:10 \u2013 7:35: How AI will empower and hurt security\n7:35 \u2013 8:00: Networking\n\n**What is Application Security Posture Management (ASPM)?**\nCompanies adopt many application security testing (AST) tools to pinpoint critical software issues and keep compliant with OWASP standards. Yet despite this AppSec investment, they still fail to get an accurate view of risk, and struggle integrate testing, triage, and remediation within developer workflows. This has driven the evolution of application security posture management (ASPM).\nIn this session, we\u2019ll dive into:\n\\- What is ASPM\\, and capabilities that a comprehensive solution should have\n\\- Best practices on using ASPM to accelerate AppSec transformation and consolidate data\\, workflows\\, and visibility\n\\- How ASPM is central to helping your teams keep up with OWASP compliance and mitigate software risk at scale\\.\n\n**Speaker:-** Natasha is a Senior Product Marketing Manager at Synopsys, driving go-to-market strategy for Software Risk Manager, an ASPM solution. She has worked for ten years in the cybersecurity and enterprise networking space. Prior to Synopsys, Natasha was with ServiceNow, where she managed product marketing initiatives for ServiceNow Security Operations, a SOAR platform for incident and vulnerability management. She has also held roles in product marketing and software product management at Imperva and A10 Networks.\nTalk#2: **Coverage - The Missing Link of WebApp/API Security Testing**\nMost DAST tools will boast about how many hundreds of thousands of attacks/checkers/vulns they scan for. But most still have a hard time automatically finding all of the pages/endpoints/actions in modern applications (e.g. SPAs) and APIs. Not to mention figuring out how to test everything they find in both a meaningful way and a reasonable amount of time. After all these years and entire markets built on web scraping, why is crawling for security testing still so hard? Why isn't an OpenAPI/Swagger spec enough to properly test an API? And what are we doing about it? In this session we'll dive in to those missing links and explore how we can actually feel confident in our automated testing coverage.\n\n**Speaker2**: Steve Chappell, SW Manager & API Security Evangelist\nSteve has done a little bit of everything in his 10 years at Synopsys (R&D, Sales, and yes, he even got suckered into Marketing for a while), but currently loves his role as a SW Engineering Manager, leading a team developing novel dynamic testing engines targeting webapps and APIs. When he's not evangelizing Application/API security, you might find him playing or creating word/puzzle games at the top of a multi-pitch climb drinking a craft or Belgian beer... or coaching youth sports.\n\n**Talk3#** How AI will empower and hurt security\n\n* How AI will help security teams:\n* Things we've seen work such as cross team collaboration, empowering security teams to remediate, freeing up engineering etc.\n* Thing we've seen not work in the market and might take a long time to mature for example complex log analysis\n\nHow adversaries will use AI to breach systems\n* rewriting malware signatures\n* more complex supply chain attacks that are harder to detect\n* more advanced social engineering and spoofing\n* more advanced phishing\n* more sophisticated penetration and reconnaissance\n\n**Speaker**: Ahmad Sadeddin is a 3x founder (1x exit). He lead various products at Coupa for over 6 years after they acquired his last startup (Riskopy). Corgea was born from his frustration at the manual and inefficient processes that companies take around data protection." + }, + { + "group": "Belem", + "repo": "www-chapter-belem", + "name": "Owasp Bel\u00e9m Cesupa", + "date": "2024-02-03", + "time": "9:00-04:00", + "link": "https://www.meetup.com/owasp-belem/events/298368815", + "timezone": "America/Boa_Vista", + "description": "No dia 03 de fevereiro, a OWASP Bel\u00e9m realizar\u00e1 um Meetup presencial ( \\m/ ) com apresenta\u00e7\u00f5es de extrema relev\u00e2ncia no contexto do mercado de trabalho e de seguran\u00e7a da informa\u00e7\u00e3o. Diariamente nos deparamos com not\u00edcias sobre vazamentos de dados. Por isso, a dissemina\u00e7\u00e3o do conhecimento resultar\u00e1 em softwares, sistemas e procedimentos mais seguros, minimizando assim essa crise.\n\n**Informa\u00e7\u00f5es do Evento**\n\n* **Data:** 03/02/2024\n* **Hor\u00e1rio:** 8h30\n* **Local:** CESUPA ARGO\n* **Endere\u00e7o**: Avenida Alcindo Cacela, 1523\n* **Inscri\u00e7\u00f5es:** Em breve." }, { "group": "Bonita Springs", @@ -229,6 +239,16 @@ "timezone": "Pacific/Auckland", "description": "We're pleased to announce that we'll be holding an OWASP Training Day event in Hamilton, on Saturday, 27th January.\n\nClasses will run 8:45 a.m. - 5:30 p.m. Tea breaks and lunch will be provided. Registration check-in opens at 8:00 a.m.\n\n**Registration Fee:** $99 per attendee (plus GST and booking fees)\n\n**Classes on offer:**\n\n* Threat Modelling: From None to Done (John DiLeo)\n* Like ISO/IEC27001, but Backwards (Stephen Coates)\n\n**To Register:** https://events.humanitix.com/owasp-training-day-hamilton-jan-2024" }, + { + "group": "Orange County", + "repo": "www-chapter-orange-county", + "name": "Learn why every SCA tool is wrong / Leveraging personal effectiveness to build..", + "date": "2024-01-18", + "time": "8:00-08:00", + "link": "https://www.meetup.com/owasp-oc/events/298366758", + "timezone": "America/Los_Angeles", + "description": "**Title**: What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it.\n**Abstract**: With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python\u2019s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.\n\nOf particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.\n\nFor example, in the case of OpenAI's baseline codebase, there is a dependency on tensorflow that is not explicitly declared and is hence a phantom dependency This can cause unexpected behavior and security vulnerabilities. We show how using type-aware program analysis to create call graphs and perform reachability helps us determine the correct dependency set for a codebase irrespective of what is in the manifest.\n\nProgram analysis aims to extract information from software programs to enhance reliability, security, and performance. This session explores program analysis, specifically reachability analysis in Python, and delves into phantom dependencies - often overlooked in Python applications.\n\nPython's dynamic typing and interpreted nature make it a challenging subject for reachability analysis. The lack of type information makes it hard to precisely determine what dependency/features are used in the code.\n\nIn summary, program analysis, including Python's unique challenges, is essential in software development. Phantom dependencies in Python underscore the significance of meticulous dependency management for code reliability and security. Understanding these concepts is vital for Python developers aiming to build robust software. This abstract sheds light on program analysis complexities and the pitfalls of phantom dependencies, offering valuable insights into Python development and software reliability.\n\n\\-\\-\\-\n\n**Title**: Leveraging personal effectiveness to build your life and career.\n**Abstract**: In an age of generative Ai, we no longer rely on our technical prowess or mastery of tools to sustain our careers. Through careful personal growth careers, not only do we maximize our career potential, but likely yield more satisfying and fulling lives. Curtis outlines 3 strategies to maximize personal growth.\n\n\\-\\-\\-\n**Schedule:**\n6:00pm - 6:30pm Networking, Food & Drink\n6:30pm - 6:50pm Leveraging personal effectiveness to build your life and career.\n6:50pm - 8:00pm What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it." + }, { "group": "Peterborough", "repo": "www-chapter-peterborough", @@ -247,7 +267,7 @@ "time": "8:00+01:00", "link": "https://www.meetup.com/owasp-poland/events/298327716", "timezone": "Europe/Warsaw", - "description": "Hi,\n[OWASP](https://owasp.org/) is a worldwide, non-profit organisation focused on application security issues and we are Polish chapter of this initiative.\n\n[intro]\n\nAgenda:\n\n1. **Machine learning security (Karol Przystalski)**\nMachine learning (ML) and other terms related to it became buzzwords. Many companies would like to introduce machine learning models, even if there are simpler solutions. In the presentation, we show recent security issues related to machine learning models. Next, we do an overview of possible security issues that can happen during building such models. Finally, we demonstrate how to prevent the most popular security problems related to ML on the examples of applications in e-commerce, fintech, and other sectors.\n2. After the break we will have a discussion.... [TBD]\n3. There will be also a room for **short lightning talks** with discussion (typical format is 5-10 minute talk followed by 5-10 minute discussion). [Please submit your ideas](https://forms.gle/7JFiD3z2tKifogvs5) or just show up.\n4. Job announcements. If you are an employer, there will be a chance to present who you are looking for.\n\nPlease RSVP and save the date!\nIf you have a minute, **please share this** with friends and in social media.\n\nWe would like to thank Codete for enabling us to organise our meetups in their Techie's Space.\n[Codete](https://codete.com/) is a software company based in Poland that specializes in custom software development and IT consulting." + "description": "*Join us for an engaging evening focused on securing web applications. In this meetup, we will dive into the world of application security, exploring the latest trends, best practices, and techniques to protect web applications from potential threats. Our knowledgeable speakers will cover a wide range of topics including....*\n\nOK - AI generated description is probably not working for our meetups Let's do it old fashioned way:\n\nHi,\n[OWASP](https://owasp.org/) is a worldwide, non-profit organisation focused on application security issues and we are a Polish chapter of this initiative.\n\nThis time we want to talk about AI and it's influence on our industry and our work. We have invited Karol Przystalski from Codete, who will share his thoughts about security of ML models. Then we will have a discussion about how wide use of generative AI in coding will influence application security.\n\nAgenda:\n\n1. **Machine learning security (Karol Przystalski)**\nMachine learning (ML) and other terms related to it became buzzwords. Many companies would like to introduce machine learning models, even if there are simpler solutions. In the presentation, we show recent security issues related to machine learning models. Next, we do an overview of possible security issues that can happen during building such models. Finally, we demonstrate how to prevent the most popular security problems related to ML on the examples of applications in e-commerce, fintech, and other sectors.\n2. After the break, we will be hosting a **discussion on how AI and Generative AI impact the security of application code**. Are AI-powerd tools a boon or a potential risk? What risks emerge when software engineers start using GenAI? Is the code produced by GenAI more or less secure? Are tools designed for code, such as GitHub Copilot and AWS CodeWhisperer, superior to GPT? Everyone is welcome and encouraged to participate in the discussion. Share your experiences and thoughts, exchange the latest insights, and learn from each other. Whether you are an experienced software engineer, a newcomer to the world of AI, or simply curious about the influence of Generative AI on code security, your perspective is valuable.\n3. There will be also a room for **short lightning talks** with discussion (typical format is 5-10 minute talk followed by 5-10 minute discussion). [Please submit your ideas](https://forms.gle/7JFiD3z2tKifogvs5) or just show up.\n4. Job announcements. If you are an employer, there will be a chance to present who you are looking for.\n\nPlease RSVP and save the date!\nIf you have a minute, **please share this** with friends and in social media.\n\nWe would like to thank Codete for enabling us to organise our meetups in their Techie's Space.\n[Codete](https://codete.com/) is a software company based in Poland that specializes in custom software development and IT consulting." }, { "group": "Portland",