diff --git a/_data/community_events.json b/_data/community_events.json index 22a85d8e2f..9f3b8a3954 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -20,14 +20,14 @@ "description": "This presentation delves into the current state of secure coding practices, focusing on technical aspects and the challenges faced by developers and security professionals. We will highlight prevalent issues such as the increasing complexity of software systems, the evolving nature of cyber threats, and the persistent gap between development and security teams. Emphasizing the importance of integrating security into the software development lifecycle, the discussion covers best practices, common vulnerabilities, and the need for continuous education and collaboration to build a robust approach to secure coding across the industry.\n\nThe presentation will be followed by a Secure Coding Tournament for any interested members." }, { - "group": "Belgium", - "repo": "www-chapter-belgium", - "name": "OWASP BE Chapter Meeting (03/10/2024, Diegem)", - "date": "2024-10-03", - "time": "18:00+02:00", - "link": "https://www.meetup.com/belgium-owasp-meetup-group/events/303275104", - "timezone": "Europe/Brussels", - "description": "On October 3rd, we organize our next OWASP Belgium chapter meeting at EY in Diegem.\n\n**Agenda**:\n\n* 18h00-18h30: Welcome and refreshments\n* 18h30-18h40: OWASP Update\n* 18h40-19h30: **JWT security and exploitation** (by Louis Nyffenegger, founder of PentesterLab)\n* 19:45-20h45: **Breaking and securing OAuth 2.0 in frontends** (by Dr. Philippe De Ryck, Founder of Pragmatic Web Security)\n\nMore info can be found on the Belgium OWASP chapter page at [https://owasp.org/www-chapter-belgium/#div-meetings](https://owasp.org/www-chapter-belgium/#div-meetings) .\n\nOur chapter meetings are open for everyone, and attendance is free of charge. We ask you to register on Meetup in order to provide you with last-minute updates, if needed." + "group": "Bay Area", + "repo": "www-chapter-bay-area", + "name": "OWASP Bay Area October Meetup with Pacific Hackers", + "date": "2024-10-23", + "time": "17:30-07:00", + "link": "https://www.meetup.com/bay-area-owasp/events/303802220", + "timezone": "America/Los_Angeles", + "description": "We're excited to announce our upcoming October meetup in conjunction with **Pacific Hackers**, which will be hosted by the awesome **Backslash** team at **Hacker Dojo in Sunnyvale**. Get ready for insightful discussions and the chance to network with some of the brightest minds in the industry.\n**Agenda:**\n5:30 - 6:00: Doors open, networking and food\n6:00 - 6:45: Panel discussion: **AppSec vs AppSec: Compliance-Driven Security vs. Real World Risk-Focused Innovation**\n6:45 - 7:30: **From Flat 2D to Full-Dimensional 3D: The Journey of AppSec**\n7:30-8:00: **Why JavaScript Security is the Need of the Hour**\n\n**Panel Discussion:** In today\u2019s rapidly evolving digital landscape, application security (AppSec) professionals are often torn between meeting compliance requirements and implementing security practices that genuinely reduce risk and foster innovation. This panel will explore the tension between two competing approaches: compliance-oriented AppSec, which focuses on ticking regulatory boxes, and real-world AppSec, which prioritizes proactive risk management and innovation to address dynamic threats.\nThrough lively discussion and real-world case studies, experts from diverse backgrounds will examine the impact of compliance-heavy frameworks on security outcomes. Does compliance help or hinder organizations in effectively mitigating risk? How can security teams balance the need to meet regulatory demands while adopting cutting-edge practices that drive meaningful security improvements? Join us to gain insight into how organizations can navigate these two competing forces, ensuring that both security and innovation thrive in the evolving threat landscape.\nModerator: Trupti Shiralkar\nPanelists: Kunal Bhattacharya , Sara A, Prashant KV\n\n**Talk1: From Flat 2D to Full-Dimensional 3D: The Journey of AppSec**\nRemember when AppSec was all about flagging everything? Back in the 90s, it was like looking at security in 2D\u2014find a vulnerability, flag it, and move on. But as applications grew more complex and moved to the cloud, this \u201cflag everything\u201d mindset became more of a hassle than a help. Modern apps are built differently, and with AI now writing code, there\u2019s more of it than ever before\u2014bringing new vulnerabilities along for the ride.\nToday, we need a 3D approach to AppSec. It\u2019s no longer just about spotting issues but understanding their context, reachability, and real impact. Modern architecture, cloud environments, open-source software (OSS), and the rise of AI-generated code have changed the game. We need smarter tools to handle this complexity. In this talk, we\u2019ll explore how AppSec has evolved from its humble beginnings to a dynamic, AI-aware discipline and the implications for security teams.\n**About the speaker:**\nWith a deep background in cybersecurity and cloud security, Eric Gold serves as Head AppSec Evangelist at Backslash Security. He played a pivotal role in building the evangelism efforts at Orca Security and Aqua Security. Eric has also advised startups like Panoply.io and ScyllaDB, and held executive sales roles at Couchbase, Aerospike, and DeviceScape.He began his career at Oracle and Sun Microsystems and holds a B.S. in Information and Decision Systems from Carnegie Mellon University.\n\nTalk2: **Why JavaScript Security is the Need of the Hour**\nTBD" }, { "group": "Belo Horizonte", @@ -177,7 +177,7 @@ "time": "09:00-07:00", "link": "https://www.meetup.com/owasp-los-angeles/events/303611800", "timezone": "America/Los_Angeles", - "description": "**OWASP LA** has organized an exceptional opportunity for our meetup membership to participate in ***2024 California Technology Summit*** on October 9th in Anaheim, CA. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals.\n\n[Register](https://technologysummit.net/register.html) now using code **CTS24OWASP** for your **complimentary** pass! Check the full schedule at [2024 California Technology Summit Agenda](https://technologysummit.net/california.html#agenda)\n\n**Conference Highlights:**\n\n* **Opening Keynote: Robin Gordon**, Global Chief Data & Analytics Officer - MetLife\n* Investing in AI & Cybersecurity - Moderated By: **David Hsiao**, Senior VP & CIO \u2013 BioMed Realty\n* AI Driven Deepfake Hacks - **Lyndon Brown**, VP of Global Technology - Zo Skin Health, Inc.\n* CIO Forum: Leveraging Today's Tools to Do More with Less - **David Williamson**, CIO - Abzena\n* Panel Discussion: Accomplishing Strategic Objectives with Limited Resources \u2013 Panelists: **Mike Baron**, CIO \u2013 Electro Rent, & **Fred Donatucci**, Executive Leadership & Technology Consultant\n* Specialty Theaters for IT Professionals including specific Security, Technology, & Executive Sessions\n* CPE Credits\n* Delicious Lunch Included\n* Cocktail Reception\n* Sponsor Giveaways\n* Win a Trip for 2 to a Destination of Your Choice (value up to $1,500)\n* Exhibit Hall with 30+ Sponsors\n\nAnd finally **don't forget** to visit us at the OWASP Los Angeles booth!" + "description": "**OWASP LA** has organized an exceptional offer for our meetup membership to participate in ***2024 California Technology Summit*** on October 9th in Anaheim, CA. Join us for deep insight in new tools and technology, training, and take advantage of this great opportunity to network with industry professionals.\n\n[Register](https://technologysummit.net/register.html) now using code **CTS24OWASP** for your **complimentary** pass! Check the full schedule at [2024 California Technology Summit Agenda](https://technologysummit.net/california.html#agenda)\n\n**Conference Highlights:**\n\n* **Opening Keynote: Robin Gordon**, Global Chief Data & Analytics Officer - MetLife\n* Investing in AI & Cybersecurity - Moderated By: **David Hsiao**, Senior VP & CIO \u2013 BioMed Realty\n* AI Driven Deepfake Hacks - **Lyndon Brown**, VP of Global Technology - Zo Skin Health, Inc.\n* CIO Forum: Leveraging Today's Tools to Do More with Less - **David Williamson**, CIO - Abzena\n* Panel Discussion: Accomplishing Strategic Objectives with Limited Resources \u2013 Panelists: **Mike Baron**, CIO \u2013 Electro Rent, & **Fred Donatucci**, Executive Leadership & Technology Consultant\n* Specialty Theaters for IT Professionals including specific Security, Technology, & Executive Sessions\n* CPE Credits\n* Delicious Lunch Included\n* Cocktail Reception\n* Sponsor Giveaways\n* Win a Trip for 2 to a Destination of Your Choice (value up to $1,500)\n* Exhibit Hall with 30+ Sponsors\n\nAnd finally **don't forget** to visit us at the OWASP Los Angeles booth!" }, { "group": "Manchester", @@ -229,6 +229,16 @@ "timezone": "America/New_York", "description": "An OWASP NYC Chapter Meetup - On-Site\n\nThursday, October 17th, 2024.\n\nWestCap\nLocation: 40 10th Avenue, New York,\nNY 10014 (Entrance on 13\u00b0\" Street)\n\nSpeaker Alex Olea, DevSecOps Engineer at Starburst\n\nDay 1 DevSecOps \\| Building a Program and Your Credibility\nStarting a DevSecOps function is an exciting opportunity to not just run a program, but build one. But whether you\u2019re at a large enterprise or a startup, Day 1 is never total greenfield. Even if the organization doesn\u2019t have serious technical and security debt, you\u2019re still going to run into stuff that was spun up and abandoned or tools that aren\u2019t what you might have chosen. So how do you get started?\n\nIn this session, Alex will share his experiences with building DevSecOps programs at startups, including:\n\n* What is DevSecOps?\n* Building trust with developers\n* Improving developer productivity and measuring success\n* Redefining an AppSec program case study: replacing an SCA tool" }, + { + "group": "Orange County", + "repo": "www-chapter-orange-county", + "name": "The Problem with Shifting Left...and why context matters in modern development", + "date": "2024-10-17", + "time": "18:00-07:00", + "link": "https://www.meetup.com/owasp-oc/events/303816292", + "timezone": "America/Los_Angeles", + "description": "**NOTE: The following will be in effect and mandatory for this meeting venue.**\n\n* **RSVPs will close at 11:59 PM PT on Monday, October 14th, so kindly submit your RSVP by then. Walk-ins will not be permitted.**\n* **Google Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.**\n* If your first and last name do not appear in our admin view, we will contact you.\n* Alternatively, feel free to reach out directly or email us at orange-county-leaders@owasp.org to provide that information.\n\n**Parking**\nPark in the public garage structure next to the building. We will be providing paid tickets for exiting the garage.\n\n**Live Stream**\nStream us live on Twitch: http://twitch.tv/owaspoc\n*Please change your RSVP to \"No\" if you can't make it and/or will join via livestream instead.*\n\n**Abstract**\nIn the 1980s, a famous study by IBM formed the basis for modern ideas around shifting security further to the left. Join Oligo for this talk where we'll dig into why it made sense then and explore whether this still rings true today in the modern world of DevOps, Agile methodologies, and cloud-native applications." + }, { "group": "Oslo", "repo": "www-chapter-oslo", @@ -245,7 +255,7 @@ "name": "Monthly Networking Social", "date": "2024-10-31", "time": "19:00Z", - "link": "https://www.meetup.com/owasp-peterborough/events/302453495", + "link": "https://www.meetup.com/owasp-peterborough/events/303804732", "timezone": "Europe/London", "description": "Thirsty Thursdays.\n\nSame time. Same day each month. Differing places. Good chat.\n\n**What?**\n\n* Casual conversation over food & drinks\n\n**Where?**\n\n* It may differ each month, bars, restaurant and eateries around Peterborough\n\n**When?**\n\n* \\~ The last Thursday of each month\n\nEverybody welcome, the next event details will be chosen from the last (and so on!)." }, @@ -267,7 +277,7 @@ "time": "11:00-05:00", "link": "https://www.meetup.com/owasp-sanantonio/events/303511552", "timezone": "America/Chicago", - "description": "**Container Security-A discussion**\n**Details**\nTopics- See abstracts below\n\n* Containers 101- Optiv\n* Security challenges and opportunities in containerization- Palo Alto\n* From Reactive to Effective: Building Application Security that Works-Mend IO\n* ***Protecting AI: The ultimate Game of Cat and Mouse Panel***-Brandon Pinson-Moderator: Jonathan Brown, Chris Lindsey, Joseph Gregorio.\n\n**Lunch Provided**\nScuzzi\u2019s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257\nZOOM link provided for remote attendees\n\nWe encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!\nPlease feel free to pass this information on to your peers and team members.+\n\nPlease reply **\u201cONSITE\u201d** if you plan on attending in person so we can finalize headcount for food and room attendance \n\nSocial Hour after\n\n**Presentations will include:**\n***I. Containers 101-Optiv***\nContainer Security Best Practices and Tooling-Optiv\n\n***II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto***\nThis presentation explores the security challenges and opportunities in containerization, emphasizing a defense-in-depth approach. We begin by discussing the widespread adoption of containers and the emerging trends driving innovation, such as serverless computing and hybrid/multi-cloud environments. We then examine key security concerns, including container sprawl, misconfigurations, and supply chain vulnerabilities. A defense-in-depth strategy, starting with shifting security left during development, followed by securing images at rest and implementing runtime protection, ensures comprehensive container security. By integrating cloud workload protection platforms (CWPP) with broader CNAPP strategies, organizations can safeguard containers throughout their entire lifecycle, from code to production\n\n***III. From Reactive to Effective: Building Application Security that Works-Mend IO***\n\nIn 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -\u2013 while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how?\nThe key is to move from a compliance-based approach to managing application risk." + "description": "**Container Security-A discussion**\n**Details**\nTopics- See abstracts below\n\n* Containers 101- Optiv\n* Security challenges and opportunities in containerization- Palo Alto\n* From Reactive to Effective: Building Application Security that Works-Mend IO\n* ***Protecting AI: The ultimate Game of Cat and Mouse Panel***-Brandon Pinson-Moderator: Jonathan Brown, Chris Lindsey, Joseph Gregorio.\n\n**Lunch Provided**\nScuzzi\u2019s Italian Restaurant - 4035 N Loop 1604 W #102, San Antonio, TX 78257\nZOOM link provided for remote attendees\n\n**https://optiv.zoom.us/j/93311548515?pwd=8LlhRjVy4bmPCXRheXtLMe4EQ9KAJ2.1&from=addon**\n\nWe encourage everyone to attend in person. We will have door prizes and excellent food for all to enjoy, as you take advantage of this excellent networking opportunity!\nPlease feel free to pass this information on to your peers and team members.+\n\nPlease reply **\u201cONSITE\u201d** if you plan on attending in person so we can finalize headcount for food and room attendance \n\nSocial Hour after\n\n**Presentations will include:**\n***I. Containers 101-Optiv***\nContainer Security Best Practices and Tooling-Optiv\n\n***II. Securing APIs in the Cloud: Insights and Best Practices- Palo Alto***\nThis presentation explores the security challenges and opportunities in containerization, emphasizing a defense-in-depth approach. We begin by discussing the widespread adoption of containers and the emerging trends driving innovation, such as serverless computing and hybrid/multi-cloud environments. We then examine key security concerns, including container sprawl, misconfigurations, and supply chain vulnerabilities. A defense-in-depth strategy, starting with shifting security left during development, followed by securing images at rest and implementing runtime protection, ensures comprehensive container security. By integrating cloud workload protection platforms (CWPP) with broader CNAPP strategies, organizations can safeguard containers throughout their entire lifecycle, from code to production\n\n***III. From Reactive to Effective: Building Application Security that Works-Mend IO***\n\nIn 2023, 71% of enterprises admitted their AppSec programs were reactive, playing catch-up with vulnerability alerts -\u2013 while at the same time, applications remain the top target for threat actors. That adds up to increased business risk for a lot of companies and fuels an urgent need to improve application security strategies. But how?\nThe key is to move from a compliance-based approach to managing application risk." }, { "group": "Seattle", @@ -319,6 +329,16 @@ "timezone": "Europe/London", "description": "**The talk:** Authentication might seem simple, but implementing it securely comes with several challenges that developers need to address. In this talk I'll highlight the key pitfalls to watch out for and discuss good practices for building a secure authentication system. We'll focus on best practices, you\u2019ll gain insights into how to avoid common mistakes and build a more robust and secure authentication process.\n\n**Speaker:** Wojciech is a software engineer with over 10 years of experience, specialising in defending applications against security threats. His focus on application security (AppSec) has led him to develop and implement secure coding practices that safeguard systems from vulnerabilities. He is passionate about building resilient software, ensuring that security is integrated into every stage of development.\n\nAgenda:\n\n* OWASP Suffolk updates\n* Authentication is easy talk\n* Q&A" }, + { + "group": "Toronto", + "repo": "www-chapter-toronto", + "name": "OWASP Toronto | Inference Servers: new technology, same old security flaws.", + "date": "2024-10-30", + "time": "18:30-04:00", + "link": "https://www.meetup.com/owasp-toronto/events/303805690", + "timezone": "America/Toronto", + "description": "\\*\\* The event is hosted at 111 Peter St Suite 804, Toronto, ON M5V 2H1 \\*\\*\n\n**TALK**\n**\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-**\n\n**Inference Servers: new technology, same old security flaws.**\n\n**Summary:**\n\nAI and LLM based applications are taking the industry by storm. While a lot time is spent on evaluating prompt injection, there is an entire ecosystem of applications that allow models to be run and used. These applications have their own important security considerations that you may not be aware of.\nInference Servers are used to host machine learning models and expose APIs that allow other components to perform inference on those models. These servers often expose additional APIs that allow users to load new models. Often, this can be abused to perform remote code execution. While this technology is new, the baseline security configurations for many of these products are a relic from the past.\nIn this talk we\u2019ll learn about what an inference server is, how they work, and how you can achieve remote code execution in them. This talk is mainly focused on the practical security risks involved in this ecosystem. Finally, I will share details about a couple of CVEs related to TorchServe\n\n**Presenters:**\n\nPratik Amin has been an Application Security practitioner for over 15 years. He currently works as a Principal Security Consultant at Kroll (previously Security Compass Advisory). In this role, he spends most of his time performing AppSec pentests and digging into interesting technology." + }, { "group": "Vancouver", "repo": "www-chapter-vancouver", @@ -327,7 +347,7 @@ "time": "18:00-07:00", "link": "https://www.meetup.com/owasp-vancouver-chapter/events/298516380", "timezone": "America/Vancouver", - "description": "TBD" + "description": "**Most Security Tools are expensive paperweights: How to get your money\u2019s worth?** with Jeevan Singh\n\nMany organizations invest heavily in security tools that end up being costly and not useful. In this talk, we\u2019ll explore why most security tools fail to deliver on their promises, focusing on issues like misalignment with real needs, poor integration, and ineffective utilization.We\u2019ll dissect common pitfalls that lead to wasted resources and reduced security effectiveness, using real-world examples to illustrate these failures. You\u2019ll learn why your current tools might not be working as expected and how to address these challenges.Finally, we\u2019ll provide practical strategies to optimize your security tools, ensuring they integrate well into your existing systems and deliver tangible value. Discover how to turn these investments into powerful components of your security strategy." }, { "group": "Warwick",