remote update file

OWASP · Oct 16, 2024 · ea118ea · ea118ea
1 parent 0b7fbc0
commit ea118ea
Showing 1 changed file with 19 additions and 19 deletions.
diff --git a/_data/community_events.json b/_data/community_events.json
@@ -27,7 +27,7 @@
         "time": "19:00+02:00",
         "link": "https://www.meetup.com/owasp-augsburg-chapter/events/304002943",
         "timezone": "Europe/Berlin",
-        "description": "**!WANTED! --> Women in IT Security <-- !WANTED!**\n\n**Speaker Christoph Niehoff** wird uns etwas erz\u00e4hlen! Der genaue Plot folgt noch (Trommelwirbel ;))\n\n\u00dcber Christoph \\(Senior Consultant \\| TNG Technology Consulting\\):\n\nIn seiner Rolle als Senior Consultant bei TNG Technology Consulting entwickelt Christoph Niehoff tagt\u00e4glich Softwareprodukte f\u00fcr seine Kunden. Als Fullstack-Entwickler l(i)ebt er DevOps und betreut alle Schritte des Entwicklungszyklus: angefangen bei Konzeptionierung und Architektur, \u00fcber die konkrete Implementierung bis zum automatisierten Cloud-Deployment mittels CI/CD. Dabei ist ihm insbesondere die Sicherheit der Produkte eine Herzensangelegenheit. Er ist Project Lead des Threat Modeling Kartenspiels OWASP Cumulus.\n**Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben.\n\nDu hast eine Idee oder willst einen Talk halten? Melde dich einfach!\nWichtiges f\u00fcr Talks in aller K\u00fcrze:\n\n* Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung\n* Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo\n* Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten k\u00f6nntest\n* Vertriebler, die eine Verkaufsveranstaltung durchf\u00fchren wollen, werden ausgebuht und m\u00fcssen diverse Runden Bier ausgeben"
+        "description": "**!WANTED! --> Women in IT Security <-- !WANTED!**\n\n**Speaker Christoph Niehoff** wird uns etwas erz\u00e4hlen!\n\n\u00dcber Christoph \\(Senior Consultant \\| TNG Technology Consulting\\):\n\nIn seiner Rolle als Senior Consultant bei TNG Technology Consulting entwickelt Christoph Niehoff tagt\u00e4glich Softwareprodukte f\u00fcr seine Kunden. Als Fullstack-Entwickler l(i)ebt er DevOps und betreut alle Schritte des Entwicklungszyklus: angefangen bei Konzeptionierung und Architektur, \u00fcber die konkrete Implementierung bis zum automatisierten Cloud-Deployment mittels CI/CD. Dabei ist ihm insbesondere die Sicherheit der Produkte eine Herzensangelegenheit. Er ist Project Lead des Threat Modeling Kartenspiels OWASP Cumulus.\n\n**Vortrag: Threat Modeling the Clouds**\n\nIn diesem Vortrag geben wir eine Einf\u00fchrung ins Threat Modeling als proaktive Security-Ma\u00dfnahme:\n\n* Was ist es?\n* Wie macht man es?\n* Warum m\u00f6chte man es machen?\n* Was sind Patterns und Antipatterns?\n\nAm Ende betrachten wir, wie man Threat Modeling speziell in agile DevOps Prozesse einbinden kann. Dabei zeigen wir einen Gamification-Ansatz, den wir am Beispiel von OWASP Cumulus erl\u00e4utern.\n\n**Bitte gebt Bescheid**, wenn ihr kommt und ggf. wie viele Leute ihr mitbringt, damit wir auch genug Platz haben.\n\nDu hast eine Idee oder willst einen Talk halten? Melde dich einfach!\nWichtiges f\u00fcr Talks in aller K\u00fcrze:\n\n* Verwende einen neutralen Foliensatz - ohne Logo, ohne Werbung\n* Auf einer Folie kannst du dich und deinen Arbeitgeber vorstellen - hier auch mit Logo\n* Gib kurz Bescheid, ob du den Vortrag auch auf Englisch halten k\u00f6nntest\n* Vertriebler, die eine Verkaufsveranstaltung durchf\u00fchren wollen, werden ausgebuht und m\u00fcssen diverse Runden Bier ausgeben"
     },
     {
         "group": "Bay Area",
@@ -39,6 +39,16 @@
         "timezone": "America/Los_Angeles",
         "description": "We're excited to announce our upcoming October meetup in conjunction with **Pacific Hackers**, which will be hosted by the awesome **Backslash** team at **Hacker Dojo in Sunnyvale**. Get ready for insightful discussions and the chance to network with some of the brightest minds in the industry.\n**Agenda:**\n5:30 - 6:00: Doors open, networking and food\n6:00 - 6:45: Panel discussion: **AppSec vs AppSec: Compliance-Driven Security vs. Real World Risk-Focused Innovation**\n6:45 - 7:30: **From Flat 2D to Full-Dimensional 3D: The Journey of AppSec**\n7:30-8:00: **Payment Page Security & Compliance 101**\n\n**Panel Discussion:** In today\u2019s rapidly evolving digital landscape, application security (AppSec) professionals are often torn between meeting compliance requirements and implementing security practices that genuinely reduce risk and foster innovation. This panel will explore the tension between two competing approaches: compliance-oriented AppSec, which focuses on ticking regulatory boxes, and real-world AppSec, which prioritizes proactive risk management and innovation to address dynamic threats.\nThrough lively discussion and real-world case studies, experts from diverse backgrounds will examine the impact of compliance-heavy frameworks on security outcomes. Does compliance help or hinder organizations in effectively mitigating risk? How can security teams balance the need to meet regulatory demands while adopting cutting-edge practices that drive meaningful security improvements? Join us to gain insight into how organizations can navigate these two competing forces, ensuring that both security and innovation thrive in the evolving threat landscape.\nModerator: Trupti Shiralkar\nPanelists: Kunal Bhattacharya , Sara A, Prashant KV\n\n**Talk1: From Flat 2D to Full-Dimensional 3D: The Journey of AppSec**\nRemember when AppSec was all about flagging everything? Back in the 90s, it was like looking at security in 2D\u2014find a vulnerability, flag it, and move on. But as applications grew more complex and moved to the cloud, this \u201cflag everything\u201d mindset became more of a hassle than a help. Modern apps are built differently, and with AI now writing code, there\u2019s more of it than ever before\u2014bringing new vulnerabilities along for the ride.\nToday, we need a 3D approach to AppSec. It\u2019s no longer just about spotting issues but understanding their context, reachability, and real impact. Modern architecture, cloud environments, open-source software (OSS), and the rise of AI-generated code have changed the game. We need smarter tools to handle this complexity. In this talk, we\u2019ll explore how AppSec has evolved from its humble beginnings to a dynamic, AI-aware discipline and the implications for security teams.\n**About the speaker:**\nWith a deep background in cybersecurity and cloud security, Eric Gold serves as Head AppSec Evangelist at Backslash Security. He played a pivotal role in building the evangelism efforts at Orca Security and Aqua Security. Eric has also advised startups like Panoply.io and ScyllaDB, and held executive sales roles at Couchbase, Aerospike, and DeviceScape.He began his career at Oracle and Sun Microsystems and holds a B.S. in Information and Decision Systems from Carnegie Mellon University.\n\nTalk2: **Payment Page Security & Compliance 101**\n**Abstract:** PCI DSS 4.0.1 has introduced new requirements\u20146.4.3 and 11.6.1\u2014to address concerns about card skimming activities on payment pages. This has become a hot topic, with experts debating the best approach to tackle these issues. In this talk, I'll guide you through all the technical approaches you can use to address these requirements. We'll explore the pros and cons of each method.\n\n**Speaker:** Sukesh is the Co-founder of Domdog.io. He specializes in data security and privacy for web pages. Prior to Domdog, most of his work focused on web application security research and building tools in this space."
     },
+    {
+        "group": "Belgium",
+        "repo": "www-chapter-belgium",
+        "name": "OWASP BE chapter meeting (14/11/2024, Mechelen)",
+        "date": "2024-11-14",
+        "time": "19:00+01:00",
+        "link": "https://www.meetup.com/belgium-owasp-meetup-group/events/303275189",
+        "timezone": "Europe/Brussels",
+        "description": "On November 14th, we organize our next OWASP Belgium chapter meeting in Lamot (Mechelen).\n\nThis event is co-located with the [CyberSecurity event \"Strategic Research and Industry Impact\"](https://cybersecurity-bites.be/cybersecurity-strategic-research-industry-impact-2nd-edition/).\n\n**Agenda**:\n\n* 17h30-19h: networking drink\n* 19h-19h10: **OWASP update**\n* 19u10-19h50: **TBD**\n* 19h50-20h30: **TBD**\n\nMore info can be found on the Belgium OWASP chapter page at [https://owasp.org/www-chapter-belgium/#div-meetings](https://owasp.org/www-chapter-belgium/#div-meetings) .\n\nOur chapter meetings are open for everyone, and attendance is free of charge. We ask you to register on Meetup in order to provide you with last-minute updates, if needed."
+    },
     {
         "group": "Bogota",
         "repo": "www-chapter-bogota",
@@ -220,14 +230,14 @@
         "description": "An OWASP NYC Chapter Meetup - On-Site\n\nThursday, October 17th, 2024.\n\nWestCap\nLocation: 40 10th Avenue, New York,\nNY 10014 (Entrance on 13\u00b0\" Street)\n\nSpeaker Alex Olea, DevSecOps Engineer at Starburst\n\nDay 1 DevSecOps \\| Building a Program and Your Credibility\nStarting a DevSecOps function is an exciting opportunity to not just run a program, but build one. But whether you\u2019re at a large enterprise or a startup, Day 1 is never total greenfield. Even if the organization doesn\u2019t have serious technical and security debt, you\u2019re still going to run into stuff that was spun up and abandoned or tools that aren\u2019t what you might have chosen. So how do you get started?\n\nIn this session, Alex will share his experiences with building DevSecOps programs at startups, including:\n\n* What is DevSecOps?\n* Building trust with developers\n* Improving developer productivity and measuring success\n* Redefining an AppSec program case study: replacing an SCA tool"
     },
     {
-        "group": "New York City",
-        "repo": "www-chapter-new-york-city",
-        "name": "2024 SecureWorld NYC with the OWASP NYC Chapter ",
-        "date": "2024-10-15",
-        "time": "08:00-04:00",
-        "link": "https://www.meetup.com/owasp-new-york-city-chapter/events/304002525",
-        "timezone": "America/New_York",
-        "description": "\u201cIn Honor of Security Awareness Month and the 2024 SecureWorld Event\"\n\nOWASP NYC Chapter is giving out complimentary guest passes\n\nMust signup @ [https://tinyurl.com/OWASPNYC-SecureWorld-SignUp](https://tinyurl.com/OWASPNYC-SecureWorld-SignUp)\nuse code:\n**OWASPSWO2** Open Pass discount - Free open session ballroom pass\n**OWASPSWC2** Conference Pass discount\n**OWASPSWP2** Plus discount\n\nIt's an after-work Happy Hour with our Security Friends\n\nWhen: Tuesday October 15th, 2024 @ 8:00 - 5:00\nWhere: Marriott Marquis @ Times Square & 45th Street\n1535 Broadway, New York, NY 10036\nRegister here: https://events.secureworld.io/agenda/new-york-ny-2024/\n\n[The agenda](https://www.secureworld.io/e3t/Ctc/I2+113/cg5XF04/VVNPhl2wq7r-W1bxcrw4rW_hmW5XFwz15lVx-wN5q1hkn3qgyTW7Y8-PT6lZ3n6W8YnVLp8spdqMN2PB4GY_GyVvF74VWZBqlX_W7S2vF_8WkXmCMT46TFVXjFqN2M66T0YyP0wW3D6xpK2N2kWYW3bRHpG5SDw9nW6P-nV-6c065SW5BnT7476K1BGW2lkLW745gYvvN1fqVY5Kzfl0W5YXKj84vcX_KVWqZKQ6fNGsyN6Mks8C7qV95W88BCTS24JYF1W1DDcJq3Sc9DmW1cHYXF8J1T8dW7rlkqG2B5JXnVBXvn28Dh29TW5dZrCT5LP3K_VgX-pQ8PCVYVW7SBQ7f8JSw-VW913q4d71qFnLW8pxX1j5yZGFhW3qpSnP3qGKTYf1_F4MC04) will offer 15+ informative sessions and the opportunity to earn **6-12 CPE credits.** In addition, SecureWorld is excited to celebrate Cyber Heroes past and present as part of our 2024 theme, \"Legacies Untold: Revealing Cybersecurity's Hidden Figures.\"\n\nDon't forget to stop by our OWASP NYC Chapter Booth"
+        "group": "Noida",
+        "repo": "www-chapter-noida",
+        "name": "OWASP Noida October Meetup",
+        "date": "2024-10-26",
+        "time": "10:00+05:30",
+        "link": "https://www.meetup.com/owasp-noida-chapter/events/304022117",
+        "timezone": "Asia/Kolkata",
+        "description": "Join us for the **OWASP Noida October Meetup**, a community-driven gathering focused on the latest trends in cybersecurity and application security. This event is an excellent opportunity for security enthusiasts, developers, and professionals to come together and share knowledge, best practices, and insights on web and mobile application security.\n**What to Expect:**\n\n* **Expert Talks:** Hear from seasoned security professionals who will share their experiences and discuss the latest techniques in cybersecurity.\n* **Networking:** Meet like-minded individuals from the security community to exchange ideas and expand your professional network.\n* **Q&A Sessions:** Engage with the speakers in interactive Q&A sessions to deepen your understanding of the topics covered.\n\nWhether you are a beginner eager to learn about cybersecurity or an experienced professional looking to stay updated on the latest developments, this meetup is for you.\n**Event Details:**\n\n* **Date:** Saturday, October 26, 2024\n* **Time:** 10 AM to 3 PM\n* **Location:** TBA\n* **Registration:** This event is free, but registration is required.\n* Also Register on: https://lu.ma/zjgb9wwg\n\nDon\u2019t miss out on this opportunity to enhance your cybersecurity knowledge and skills! Register now and be a part of the OWASP community."
     },
     {
         "group": "Orange County",
@@ -249,16 +259,6 @@
         "timezone": "America/New_York",
         "description": "This is an In-Person OWASP Orlando Chapter Meeting\n\nFood to be provided (Typically pizza or sandwiches)\n\nIntroductions\n\nMore details to be provided soon!\n\nSpeaker 1: **TBD**\nTopic: TBD\n\nSpeaker 2: **TBD**\nTopic: TBD"
     },
-    {
-        "group": "Oslo",
-        "repo": "www-chapter-oslo",
-        "name": "Gamification of Threat modeling",
-        "date": "2024-10-15",
-        "time": "17:00+02:00",
-        "link": "https://www.meetup.com/owasp-oslo/events/303410666",
-        "timezone": "Europe/Oslo",
-        "description": "**Place**: OSL-SKO-3-Auditorium, 3. etg, Karenslyst All\u00e9 56, Sk\u00f8yen\n\n* **17:00-1730 - Food serving**\n* **17:30-18:15 - Gamification of Threat Modeling for Machine Learning, Elias Brattli S\u00f8rensen**\n* **18:15-19:00 - Let\u2019s play OWASP Cornucopia! Johan Sydseter**\n\n**Gamification of Threat Modeling for Machine Learning**\nArtificial Intelligence (AI) has established itself as an important part of our lives, with machine learning spearheading the most notable innovations in the last two decades. Publications about prompt injection and similar attacks get a lot of attention. However, these are far from the only security issues with machine learning systems. We also have to think about challenges like poisoned data, recursive data pollution and all the personally identifiable information the models have memorized, as well as other inherent weaknesses with stochastic systems. Too much focus is directed towards operational security in the OPS part of of MLOps, while the shift-left idea of building systems \"secure by design\" during planning and development does not get enough emphasis. Threat modeling and risk analysis will likely play an important role in the future of machine learning security. I introduce Elevation of MLsec, which is an extension of Shostack's threat modeling card game Elevation of Privilege, and based on the risk framework published by the Berryville Institute of Machine Learning (BIML). In this talk, we will demystify how machine learning systems actually work and explore how the threat modeling game can help us engineer more secure machine learning systems.\n\n**Let\u2019s play OWASP Cornucopia!**\nOWASP Cornucopia is a card game to assist software development teams identify security requirements in agile software development processes. It is language, platform, and technology agnostic.\n\nIn this session we will learn to play the game in a different way from what we usually do. Johan Sydseter, OWASP Cornucopia co-lead and game master will take you through a provocative scenario. Confronted with the grumpy old senior developer that refuses to shift-left due to too many hours working overtime on his incredible sophisticated pet projects, what will you do? Will you be able to teach him a lesson about why security is important, or will he be laughing all the way to his developer cave? Only true passionate application security engineers will succeed. Expect confetti, swags, (yes, you read right, swag, valued just below the corruption limit) and illegal bribes as you venture into the unknown of OWASP Cornucopia.\n\n**Speakers**\n\n**Elias Brattli S\u00f8rensen** is a software engineer & security champion at Kantega SSO, engineering digital identity standards for secure authentication to the Atlassian ecosystem while facilitating and promoting secure software development practices. M. Sc. in Computer Science at NTNU, researching usage of static analysis tools like Spotbugs to find vulnerabilities in OpenID Connect client implementations.\n\n**Johan Sydseter** is co-leader for OWASP\u00ae Cornucopia and Co-creator of the OWASP\u00ae Cornucopia Mobile App Edition. The man with the long hair, not the long beard. Fresh meat in App Sec and OWASP but has 15 years' experience building and designing backend and frontend solutions as a designer, developer and architect. He has held several presentations on appsec at various international conferences, loves confetti and funny glasses.\n\n**About OWASP and OWASP Chapter meetings**\nOWASP is an online community that produces freely available articles, methods, documentation, tools, and technologies in IoT, system software, and web application security.\nOWASP Chapters exist to build a community of application security professionals worldwide. Our Oslo OWASP Chapter's meetings are free and open to everyone to attend, so both members and non-members are always welcome. Local meetings include:\n\n* Training to improve your skills\n* Lectures that are relevant to your work\n* Networking capabilities"
-    },
     {
         "group": "Ottawa",
         "repo": "www-chapter-ottawa",