diff --git a/_data/community_events.json b/_data/community_events.json index 96cfee21cd..b4593a7ec3 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -39,31 +39,21 @@ "timezone": "America/Chicago", "description": "30 minutes of meet-and-greet and Chapter information, then the Presentation!\n\n**Presentation: API Security flaws that are commonly exploited.**\nAs more and more development focusses on APIs to make things faster and easier, security needs to be pushed more toward the front. Mistakes that have been corrected in web application security have now returned as APIs aren\u2019t offered the same protections as they are usually out of the normal flow via security tooling such as WAFs. This means identifying and fixing flaws prior to production is important. This discussion will be around lessons learned from testing and breach data with an eye for prevention. This attendees will learn:\nApplication and API stacks are full of dangerous over-powered methods. These lurking menaces are built into libraries, frameworks, appservers, and runtime platforms. They do crazy things (from a security perspective) like start native processes, parse XML documents, evaluate expressions, and deserialize objects. And they are totally unprotected. Developers can use them without restriction, and attackers can target these binary Bambis without being detected or stopped. Unfortunately, the security of the entire digital ecosystem is entirely reliant on getting developers to take the right steps to use these methods safely\u2026 but it\u2019s way too hard.\n\n**Speaker:**\nJason Kent -- jason.kent@cequence.ai\n\nRSVP:\nhttps://owasp-austin-2024-february.eventbrite.com -- Eventbrite(in-person)" }, - { - "group": "Bangalore", - "repo": "www-chapter-bangalore", - "name": "OWASP Bangalore Meet 17 February 2024 ", - "date": "2024-02-17", - "time": "09:30+05:30", - "link": "https://www.meetup.com/owasp-bangalore-chapter/events/299149652", - "timezone": "Asia/Kolkata", - "description": "Bangalore Meet 17 February 2024 Null/OWASP Combined Meet\n\nOWASP meets are free for anyone to attend. There are absolutely no fees. Just come with an open mind and willingness to share and learn.\n\n#### Proposed sessions for this event:\n\n* Anatomy of Cyber Attack by **Raghav Gupta**\n* Preparation for OSCP and other RedTeaming Certifications by **SATHIYANARAYANA S**\n* Secure Coding by **Aditya Gupta**\n* Mindset of a Purple Team by **Edwin Christy**\n* CIS hardening for Ubuntu by **Ashok Rachapudi**\n\nNote: The session details, including schedule are available below.\n\n### Cloudsek New Office\n\n16/1, Cambridge Rd, Halasuru,\nCambridge Layout, Jogupalya,\nBengaluru, Karnataka 560008" - }, { "group": "Bay Area", "repo": "www-chapter-bay-area", - "name": "February Meetup", - "date": "2024-02-15", + "name": "Hacker Days workshop:-Vulnerability reachability analysis using OSS tools", + "date": "2024-02-29", "time": "17:00-08:00", - "link": "https://www.meetup.com/bay-area-owasp/events/298887422", + "link": "https://www.meetup.com/bay-area-owasp/events/299241868", "timezone": "America/Los_Angeles", - "description": "Thrilled to share the news about our upcoming February meetup scheduled for the 15th! . Make sure you seize the chance to acquire valuable insights directly from the stage through engaging talks by Jit and Semgrep.\n\nJoin us for an educational experience, networking, delicious food, expertly crafted cocktails, and, of course, the chance to snag some cool swag and participate in exciting raffles Courtesy our awesome hosts.\n\n**Talk #1 Tackling Vulnerabilities in Third-party Packages**\n\n**Title**: Tackling vulnerabilities in third-party packages\nDependency scanners often overwhelm developers with non-critical issues, reducing development efficiency. This session will introduce strategies for effective software dependency management, aimed at realistic security goals. We'll cover how to identify and prioritize key vulnerabilities using tools like code-scanning reachability analysis, ensuring a smoother remediation process.\n**Speaker**: Kyle Kelly - Security Research at semgrep\nKyle Kelly is a Security Researcher on the Supply Chain Team at Semgrep, a fast, open source static analysis tool for finding bugs, detecting vulnerabilities in third-party dependencies, and enforcing code standards. In addition, Kyle is the Founder of CramHacks, a Supply Chain Security Newsletter, where he tries to convince people coffee is a supply chain risk.\n\n**Talk#2 Velocity + Safety - Security Metrics All Engineers Should Care About**\nMeasuring security remains difficult - but in order to level up as an industry we need to be more transparent about how we measure and optimize our security practices. This talk will unpack a novel and measurable way to quantify security progress, the same way we measure other engineering disciplines.\n\n**Speaker:** Aviram Shmueli, Chief Research Officer\nAs the Chief Research & Innovation Officer and Co-Founder of Jit, the Continuous Security Platform for Developers, Aviram combines his passion for creating innovative products with deep expertise in security. With over 20 years of hands-on experience, he has held senior roles in research, engineering and product management at industry-leading organizations such as CyberArk & SentinelOne. A strong advocate for the transformative power of OSS, he believes in giving back to the community\u2014a principle central to Jit\u2019s ethos. Aviram holds a B.Sc & M.Sc in Computer Engineering, an MBA, and an MA in Law" + "description": "Are you ready to dive into the world of vulnerability analysis? Join us for an exciting Hacker Days, where we'll explore \"Vulnerability Reachability Analysis using OSS Tools\"!. **Workshop is sponsored by [Deepfactor.io](https://www.deepfactor.io/)**.\nDon't miss this opportunity to expand your cybersecurity knowledge, enjoy fantastic food and drinks, and network with industry professionals!\n\nThis event is co-hosted with our partnering community [pacifichackers.org](https://www.meetup.com/pacifichackers/).\n\nDoors open at 5PM and workshop will be from 6 to 7.30PM\n\n## Abstract:\n\nNew vulnerabilities are disclosed every day in dependencies that you or your team may be using. But how do you know if you are actually using the vulnerable code? This talk will show you how to use two different types of tools to analyze reachability - deciding if the vulnerability needs to be prioritized based on your own code usage.\n\n## Speaker Bio:\n\nMike Larkin is CTO and co-founder of Deepfactor, Inc. Mike is also a contributor to OpenBSD, working on hypervisors, low-level platform code, and security. Mike is also an adjunct faculty member at San Jose State University, where he teaches application security technologies and virtualization.\n\n## Workshop Overview:\n\nThe workshop will be broken into several modules; introductory modules will cover the workshop organization and administrative matters (installing and configuring the tools used in the workshop). Subsequent modules will give an outline of what vulnerability reachability is and why it is important and compare/contrast the two main ways of understanding reachability (static call graphs and runtime analysis).\n\nNext, the workshop will present two short exercises, intended for the attendees to gain hands-on experience using both types of tools against real applications with real vulnerabilities. Interpreted languages (Java) and compiled languages (C/C++/Go) will be covered. Subsequently, the following module will walk through how to interpret the results obtained from the exercises and draw conclusions. The languages chosen are merely representative; the skills learned in the workshop are equally applicable to other languages.\n\nThe workshop will conclude with two modules which will present a short overview of commercial tools and a conclusion/wrap-up/Q&A session.\n\n## Workshop Outline:\n\nI. Overview (10 minutes)\nA. Workshop organization\nB. About the tools and sample applications\n1. What are the tools and applications we are going to use?\nC. Obtaining/installing the tools and sample applications\n1. Cloning from the github repo\nD. Goals of the workshop (what you will learn)\n1. Be able to understand the importance of vulnerability\nreachability and how it helps prioritize remediation strategy\n2. Become familiar with some of the tools available to help with\nvulnerability reachability\n3. Learn where you can reach out to for more help in these areas\nafter the completion of the workshop\nII. Types of reachability analysis (10 minutes)\nA. Static analysis / call graphs\n1. What is a call graph?\n2. What information does a call graph provide to you\nB. Runtime analysis\nC. Language and environment considerations\n1. Things to consider when choosing a reachability analysis\nsolution\na. Types of applications being analyzed (COTS vs self-written)\nb. Availability of source code\nc. Robustness of test environment\nIII. Static call graph analysis exercise (20 minutes)\nA. Using static call graph analysis in IntelliJ/Eclipse to analyze a\nJava application\nB. Using Go callgraph to analyze a Go application\nC. How to correlate a call graph with an SBOM\nIV. Dynamic/runtime analysis exercise (20 minutes)\nA. Using a Java agent to analyze runtime reachability in a running\nJava application\nB. Using valgrind/KCacheGrind to analyze a running C/C++ application\nC. How to correlate runtime analysis with an SBOM\n\nV. Results comparison (10 minutes)\nA. Using the results of each exercise to determine if vulnerable\ncode was used\n1. How to use the output of each tool to understand what\nvulnerabilities need to be prioritized\nB. Benefits and limitations of each approach\n\nVI. Conclusion & Q&A (20 minutes)" }, { "group": "Bhopal", "repo": "www-chapter-bhopal", "name": "Introduction and overview to OWASP", - "date": "2024-02-16", + "date": "2024-02-21", "time": "11:00+05:30", "link": "https://www.meetup.com/owasp-bhopal-chapter/events/298658258", "timezone": "Asia/Kolkata", @@ -79,6 +69,16 @@ "timezone": "Australia/Brisbane", "description": "With a limited supply of potential hires and an already maxed security budget, how do we begin to tackle Application Security (AppSec)?\n\nThis talk will attempt to help provide some direction when it comes to solving this problem. It is aimed at security folks and developers of all skill levels who are interested in getting their feet wet with AppSec.\n\nDuring the talk we will first explore an industry framework that can help guide the first few steps in our journey. Then, we will dive into a demo and highlight some of the fantastic free and open-source tools that we can use to demonstrate value and rack up a few easy and impactful wins." }, + { + "group": "Bristol Uk", + "repo": "www-chapter-bristol-uk", + "name": "March Meetup - Threat Dragon", + "date": "2024-03-05", + "time": "18:00Z", + "link": "https://www.meetup.com/owasp-bristol/events/299254390", + "timezone": "Europe/London", + "description": "Jon Gadsden is going to start with a talk on **Threat Dragon**, as Project leader and contributor for the OWASP Threat Dragon tool, he knows a thing or two about what it does, and how it can be used.\n\nAfter the break, we will have a semi-structured **discussion** on **The Effects of our Decisions**; the intention is to draw on the experiences of everyone in the room to learn more about the subject. While the example will be about bcrypt cost, it's more about how security professionals must properly consider the decisions they make, and the effects those decisions have (see also changing passwords every 90 days).\n\n\\-\\-\\-\n\n**OWASP Threat Dragon**\n\nThreat Modeling is becoming more and more prominent in the security community; it is recognised as an important part of compliance, pipelines and software development.\n\nThis talk provides the reasons for doing threat modeling, what to look for in threat modeling, and how to threat model using the OWASP Threat Dragon tool.\n\nIt will introduce the various features of Threat Dragon and show how to use them to create a complete threat model.\n\nThe talk will include illustrations of Threat Dragon as it goes along, and if time permits then a demonstration can be given of creating a complete threat model using Threat Dragon.\n\n**Jon** is a software security engineer with Ping Identity, a company that provides Identity and Access Management services.\n\nHe is also a Co-Leader for the OWASP chapter in Bristol.\n\nJon splits his time between security engineering and software development; he says that he likes it this way because it reminds him that developers are always under time pressure and that product security engineers require a whole load of tact.\n\nJon has been involved with the open source software community since Linux 2.0.28, and he is a leader of the OWASP Threat Dragon project and also the OWASP Developer Guide." + }, { "group": "Colorado Springs", "repo": "www-chapter-colorado-springs", @@ -117,7 +117,17 @@ "time": "17:30-07:00", "link": "https://www.meetup.com/denver-owasp/events/299166209", "timezone": "America/Denver", - "description": "**Everyone is welcome! Bring a friend...**\n\nJoin us on in the new year on February 21st for food, drinks, networking and an exciting presentation. More details shorly. Networking with your peers starts at 5 - food is served at 5:30 and the presentation starts at 6." + "description": "**Everyone is welcome! Bring a friend...**\n\nJoin us on in the new year on February 21st for food, drinks, networking and an exciting presentation. More details shorly. Networking with your peers starts at 5:00 - food is served at 5:30 and the presentation starts at 6:00.\n\n**Presentation:** The Rise of AI-Powered Social Engineering - How AI has significantly impacted the efficacy of malicious social engineering campaigns, especially in email. Further, that it is vital to have an AI enhanced based defensive strategy to properly defend against this evolution." + }, + { + "group": "Dublin", + "repo": "www-chapter-dublin", + "name": "OWASP Dublin - February Meetup", + "date": "2024-02-26", + "time": "17:30Z", + "link": "https://www.meetup.com/owasp-dublin/events/299233018", + "timezone": "Europe/Dublin", + "description": "OWASP Dublin are delighted to announce KPMG will be sponsoring & hosting the next OWASP Dublin chapter meetup.\n\nWe will have some great talks from industry experts, details can be found below:\n\nSpeaker 1: **Conor McShea** is a consultant in the KPMG Cyber Defence team in Belfast. He has 3 years of experience working across both the defence and response streams before committing to the defence team for over a year. His focus is now web application, API and infrastructure penetration testing of large financial companies.\n\nConor\u2019s talk will cover OWASP top 10 in large financial company\u2019s web applications. He will leverage his experience to deliver this talk touching on trends and vulnerabilities he has seen whilst testing these applications which deal with sensitive user data.\n\nSpeaker 2: **Archit Aggarwal** is a senior consultant in the KPMG Cyber Defence and Response team. He has a total experience of 7 years in the offensive security domain. His main focus areas are web application security, active directory security, and infrastructure security.\n\nIn this talk, Archit will share how exploiting basic password flaws in an internal web application paved the way for the compromise of an organisation's internal network. He will discuss the main vulnerabilities discovered, the approach taken during the assessment, and key security insights to safeguard networks.\n\nSpeaker 3: **Mackenzie Jackson** is a developer and security advocate with a passion for DevOps and application security. As the co-founder and former CTO of the health tech company Conpago, he learned first-hand how critical it is to build secure applications with robust developer operations.\n\nToday Mackenzie continues his passion for security by working with the GitGuardian research team to uncover the latest trends malicious actors are using. Mackenzie is also the host of The Security Repo podcast, an established security writer, an experienced global speaker, and appeared as an expert in documentaries and television broadcasts.\n\nTalk: The attacker's guide to exploiting secrets\nElevator pitch\n\nExposed secrets like API keys are regularly exploited by attackers. We will outline various methods used to discover and exploit these secrets, including, abusing git repos, exploiting misconfigurations, decompiling containers & reverse engineering mobile applications to expose the secrets within.\n\nThis will be an exciting evening, so please ensure you register early.\n\nRefreshments will be available and plenty of opportunity to speak with others in the Secuirty Community.\n\nA big thanks to our hosts for the evening KPMG." }, { "group": "France", @@ -140,14 +150,14 @@ "description": "Hello everyone, we're excited to invite you to kick off our first OWASP Chapter meeting in 2024! Our Chapter serves central Germany particular within the Rhine-Main (Hesse) region as a platform to discuss and share topics all around information and application security. Anyone with an interested and enthusiastic about application security is welcome. All meetings are free and open. You do not have to be an OWASP member.\n\nThere will also be plenty of time to socialize before and after the event.\n\n_What's going to happen?\nWe look forward to welcoming you to our OWASP Frankfurt Meetup - talks and location are to be announced!\n\n_What are we going to talk about?\n\n**1\\. Talk:** **The Role of Data-Centricity in Application and Cloud Security**\n\n*Prof. Dr. Igor Podebrad - Director, Office of the CISO, Google Cloud and former Group CISO at Commzerbank*\n\nIn this talk, Igor explores the journey towards a data-centric security culture. He will delve into the challenges and strategies of embedding data-centricity in cloud and application security initiatives. Drawing from his experience, Igor also shares his experience how this approach transforms organizational security culture.\n\n2\\. Talk **SecOps Evolution: Navigating Security Risks and Operational Changes in the Era of Cloud**\n\n*Esra Yildiz - Security Cloud Solution Architect, Microsoft*\n\nEsra from Microsoft addresses the complex SecOps challenges in the cloud transformation era. Drawing from her experience, Esra will provide her insights on how to identify risks and managing operational changes into creating effective security strategies for evolving cloud environments.\n\n_Afterwards?\nWe will pre- and conclude the evening with the possibility of **socializing** at the venue with **free food and cold & hot drinks**.\n\n_When?\nOur Meetup takes place on 28.02.2024 from 18.00 to 21.30 o'clock CEST.\n\n_Where?\nDZ Bank, Platz d. Republik, 60325 Frankfurt am Main (Meet at the main Entrance and follow the OWASP signs to guide you)\n\n_Interested in **giving a talk** yourself?\nSubmit your talk here: https://www.papercall.io/owasp-chapter-frankfurt\n\n_And now?\nSave the date, **spread the word,** and bring your friends and colleagues along to our event.\n\n_Follow Us!\nAlso, follow us on and refer to our [OWASP Frankfurt site](https://owasp.org/www-chapter-germany/stammtische/frankfurt/) for information including slides and recordings of previous presentations\n\nWe're looking forward to seeing you at our event!" }, { - "group": "Gla University Mathura", - "repo": "www-chapter-gla-university-mathura", - "name": "Open Source Technologies: Collaborative Development\u00a0in\u00a0Action", - "date": "2024-02-17", - "time": "10:00+05:30", - "link": "https://www.meetup.com/owasp-gla-university-mathura-student-chapter/events/299149460", - "timezone": "Asia/Kolkata", - "description": "Led by Mr. Rahul Shandilya the session on open source technologies will explore their principles, benefits, and real-world applications. Attendees will gain valuable insights into the latest trends and best practices in open source development, empowering them to leverage these technologies effectively in their own projects .\n\n**Date:** 17 February 2024\n**Time:** 10:00 AM (IST)\n**Venue:** Room No 402 , AB-1 , GLA University, Mathura" + "group": "Jacksonville", + "repo": "www-chapter-jacksonville", + "name": "OWASP Monthly meeting ", + "date": "2024-03-18", + "time": "18:45-04:00", + "link": "https://www.meetup.com/owasp-jacksonville-chapter/events/298995347", + "timezone": "America/New_York", + "description": "The OWASP Foundation came online on December 1st, 2001 it was established as a not-for-profit charitable organization in the United States on April 21, 2004, to ensure the ongoing availability and support for our work at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. We can be found at www.owasp.org." }, { "group": "Jacksonville", @@ -189,6 +199,16 @@ "timezone": "America/Los_Angeles", "description": "**TOPIC**: Navigating the Maze: Making Sense of Vulnerability Risk Indicators\nJoin us for great networking, dinner and drinks, and see a presentation by **Raffi Erganian** co-founder and CTO at VULNERA\n\n**ABSTRACT**: There is no shortage of risk indicators for vulnerabilities in cybersecurity, between the different versions of CVSS, CWE's, CISA KEV, proprietary vendor risk metrics (Tenable VPR, Qualys TruRisk) and the widely popularized EPSS, developers, security engineers, and stakeholders are left confused and wondering \u2013 \"How do we make sense of these numbers/metrics to prioritize patching?\". Turns out, reducing vulnerability risk to a single score or generic category removes much-needed context, these metrics are meant to guide, not be the end-all in the prioritization process. Join us in this presentation as we explore practical strategies on how to effectively use the variety of risk indicators for swift and accurate vulnerability prioritization.\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)" }, + { + "group": "Minneapolis St Paul", + "repo": "www-chapter-minneapolis-st-paul", + "name": "March meetup: The Monsters in your Software Supply Chain", + "date": "2024-03-06", + "time": "17:30-06:00", + "link": "https://www.meetup.com/owasp-msp-meetup/events/298803400", + "timezone": "America/Chicago", + "description": "**The Monsters in your Software Supply Chain that traditional App Sec tools can't find**\n**Matt Rose, Field CISO at ReversingLabs, Security Practitioner**\n\nThe Solar Winds, 3CX and CircleCI software supply chain attacks exposed gaps in the current application and software supply chain security paradigm, highlighting the need for orgs to zero in on issues unique to software supply chain attacks. Join Field CISO Matt Rose as he unpacks recent attacks, the need to better prioritize secrets, malware, tampering, SBOMs, and application/software behaviors. You will learn some simple steps that application security and third party risk management teams can take to level up their Software Supply Chain Security Initiatives.\n\nApproximate agenda (U.S. Central Time):\n5:30 - Doors open; socializing/connecting, food, OWASP announcements\n6:00 - Presentation\n6:30 - Q&A\n\nPlease remember to register and keep your registration up to date so we know how many to expect." + }, { "group": "Mumbai", "repo": "www-chapter-mumbai", @@ -209,16 +229,6 @@ "timezone": "America/Chicago", "description": "Let's leap forward in container security on leap day! Join us for [a bite to eat from Joyland](https://www.eatjoyland.com/) and to talk with OWASP Kubernetes Top 10 lead Jimmy Mesta, CTO of KSOC.\n\nThe meeting will be catered by Joyland, celebrity chef Sean Brock's nod to nostalgic fast food joints serving up kitchy comfort food with southern flair, like biscuits, smash burgers, and fried chicken on a stick. Brock has been featured on Netflix's Chef's Table and PBS's The Mind of a Chef, owns several award winning restaurants throughout the Southeast, and has been named the best chef in the Southeast by the James Beard Foundation. Join us for some tasty food and rich networking after Jimmy's presentation on the Kubernetes OWASP Top 10.\n\nGiven the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released [Top Ten for Kubernetes](https://owasp.org/www-project-kubernetes-top-ten/). This OSS project is a community-curated list of the most common Kubernetes risks backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how you can get involved." }, - { - "group": "Netherlands", - "repo": "www-chapter-netherlands", - "name": "February 2024 OWASP Chapter Netherlands Meetup", - "date": "2024-02-15", - "time": "19:00+01:00", - "link": "https://www.meetup.com/owasp-chapter-netherlands-meetup/events/298627782", - "timezone": "Europe/Amsterdam", - "description": "This is an online meeting and will be streamed on [YouTube](https://youtu.be/G_av5tQDa_Y). The meeting will start at 19:00.\n\nSee [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter.\n\n19:00 - 19:10 - **Welcome and OWASP updates**\n19:10 - 19:55 - **OWASP ModSecurity: A Few Plot Twists and What Feels Like a Happy End** by **Christian Folini**\n19:55 - 20:05 - **Questions and Break**\n20:05 - 20:50 - **OWASP Dependency-Track** by **Niklas D\u00fcster**\n\n**OWASP ModSecurity: A Few Plot Twists and What Feels Like a Happy End**\n*Abstract:*\nModSecurity is an open-source, cross-platform web application firewall (WAF) engine. Originally written by Ivan Risti\u0107, it was acquired by Trustwave and then developed for over 10 years by Trustwave\u2019s SpiderLabs.\n\nModSecurity exists as a module for the Apache HTTP Server, Nginx, and IIS (v2) and it has also been released as standalone daemon for NGINX (v3), accessible via an API and a webserver specific connector module. It is able to inspect HTTP requests and HTTP responses and it configured via rules in a rather cumbersome config language called \u201cSecLang\u201d. OWASP CRS is the dominant rules project used by most ModSecurity users.\n\nIn 2021, Trustwave announced the end of support and the plan to hand over ModSecurity into the hands of the community by Summer 2024. OWASP tried to convince Trustwave to hand it over to the foundation several times, but only succeeded in November 2023. A plan was thus drawn and a new project was prepared from December 2023. The main repository was transferred on January 25 and OWASP ModSecurity was declared a \u201cproduction level\u201d OWASP project by the OWASP project committee.\n\nThe new project operates with a preliminary leader team, the first release is already out and the community is growing, all in line with the 3-6 month project plan drawn up in December 2023.\n\nThis talk gives an overview of this dynamics at play, how OWASP operates on projects like this and the perspectives are for ModSecurity and OWASP as a whole.\n\n*Bio:*\nDr. Christian Folini is a Swiss security engineer and open source enthusiast. He brings 15 years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the 2nd edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the \u201cSwiss Cyber Storm\u201d conference.\n\n**OWASP Dependency-Track**\n*Abstract:*\nSince its inception over a decade ago, OWASP Dependency-Track has pioneered many concepts in the realm of software supply chain security, and software bill of materials (SBOM).\n\nWith increasingly more governments, regulators and organizations asking for SBOMs, the project is more relevant than ever. On the other hand, a non-negligible portion of folks is still puzzled as to what to even do with SBOMs once they have them.\n\nIn this talk, we\u2019ll explore what Dependency-Track is, how it can help organizations in identifying and reducing risk in their software supply chain, and give an outlook into what\u2019s next!\n\n*Bio:*\nAfter years as Security Engineer for a large European payment service provider, Niklas currently works as Cloud Native Engineer for ControlPlane. He is passionate about AppSec, DevSecOps and Open Source. He co-leads the OWASP Dependency-Track project and is a contributor to the OWASP CycloneDX Bill of Materials standard, for which he maintains the official Go tooling." - }, { "group": "New Zealand", "repo": "www-chapter-new-zealand", @@ -229,16 +239,6 @@ "timezone": "Pacific/Auckland", "description": "We're picking up our regular Meetup schedule in 2024, starting in March.\n\nOur approximate agenda for the evening:\n\n* 6:00 p.m. - Gather and networking\n* 6:30 p.m. - Introductions, Top 10 Topic\n* 7:15 p.m. - Pizza and more networking\n* 7:45 p.m. - Technical Topic\n\nWe'll be restarting our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting.\n\nOur Top 10 topic for March will be **A01:2021 - Broken Access Control**.\n\n**Technical Topic Speaker:** TBC\n**Talk Title:** TBC\n\nWe're always looking for presenters and topics for future meetings - contact John (john.dileo@owasp.org) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be John talking about what he's been working on recently.\n\nThe Auckland-area OWASP Meetup usually takes place on the second Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays." }, - { - "group": "Northern Virginia", - "repo": "www-chapter-northern-virginia", - "name": "Developing LLM Application Using Private Data", - "date": "2024-02-15", - "time": "18:30-05:00", - "link": "https://www.meetup.com/owasp-northern-virginia-chapter/events/298951512", - "timezone": "America/New_York", - "description": "Large language models (LLMs) have opened up new possibilities for a range of downstream applications leveraging natural language generation, understanding, and reasoning. This talk provides an introduction to LLMs, then explores their potential downstream enterprise use cases with enterprise private data . We will overview popular architecture patterns that make LLMs amenable for downstream tasks, as well as tech stacks that enable easier integration. Additionally, we compare open source versus closed source LLMs in the context of customizability, transparency and security - important considerations for downstream applications. The talk also dives into LLMOps - best practices around monitoring, maintenance and updates to preserve integrity and performance in downstream production applications. Overall, the goal is to equip the audience with an understanding of how LLMs can drive value through customized downstream enterprise applications while also considering practical implications of security, operations and responsible AI." - }, { "group": "Orange County", "repo": "www-chapter-orange-county", @@ -270,14 +270,24 @@ "description": "Thirsty Thursdays.\n\nSame time. Same day each month. Differing places. Good chat.\n\n**What?**\n\n* Casual conversation over food & drinks\n\n**Where?**\n\n* It may differ each month, bars, restaurant and eateries around Peterborough\n\n**When?**\n\n* \\~ The last Thursday of each month\n\nEverybody welcome, the next event details will be chosen from the last (and so on!)." }, { - "group": "Portland", - "repo": "www-chapter-portland", - "name": "Hacking a SaaS: A Practical Guide to Understanding Attack and Defense", - "date": "2024-02-15", - "time": "17:30-08:00", - "link": "https://www.meetup.com/owasp-portland-chapter/events/298661513", - "timezone": "America/Los_Angeles", - "description": "*Hacking a SaaS: A Practical Guide to Understanding Attackers and Defending Against Them*\n\nIn this talk, we will delve into the mindset of an attacker and explore the vulnerabilities they exploit in SaaS systems. We will cover the following topics:\n\n* What motivates hackers to target SaaS systems (5%)\n* How hackers conduct reconnaissance on SaaS systems (50%)\n* The anatomy of exploit chains (40%)\n* Strategies for defending against attacks (5%)\n\nOur goal is to provide a practical guide to understanding attackers and defending against them. We will share lots of hacker tips and tricks, and provide plenty of quiz moments to train your intuition. Our focus will be on vulnerabilities that hackers actually care about, rather than theoretical ones. All of our examples will be based on real-world exploit chains, and we will explore multiple vulnerabilities chained together to create media-news-headline-worthy outcomes. By the end of this talk, you will have a better understanding of how attackers think and operate, and you will be better equipped to defend against their attacks.\n\nOur February host and sponsor is Solutional Inc, and the talk will take place in their Portland office at 301 SE 2nd Ave.\n\nPlease RSVP here if you are planning to attend.\n\nThis is a monthly event of OWASP's Portland chapter.\n\n*[This was our January event, which was canceled for weather. We have rescheduled it for February.]*" + "group": "Phoenix", + "repo": "www-chapter-phoenix", + "name": "March Meeting", + "date": "2024-03-05", + "time": "20:30-07:00", + "link": "https://www.meetup.com/owasp-phoenix-chapter/events/299251813", + "timezone": "America/Phoenix", + "description": "OWASP is a non-profit dedicated to application security. Our meetings are free to attend and you do not need to be a member, nor have any experience with application security. All are welcome!\n\nFor our March meeting, we will be discussing OWASP SAMM (Software Assurance Security Model), which you can use to assess your application security program for gaps, identify opportunities for your future roadmap, and understand how mature your appsec program really is. You can read more about OWASP SAMM here: https://owasp.org/www-project-samm/\n\nFree Parking:\n1 N Macdonald St, Mesa, AZ 85201\nhttps://downtownmesa.com/parking/green-lot\nNote that the parking lot is across the street from HeatSync Labs" + }, + { + "group": "Recife", + "repo": "www-chapter-recife", + "name": "Detec\u00e7\u00e3o de Vulnerabilidades em C\u00f3digo-Fonte com I.A", + "date": "2024-02-28", + "time": "20:00-03:00", + "link": "https://www.meetup.com/owasp-recife-meetup-group/events/298972631", + "timezone": "America/Recife", + "description": "**[O que vai rolar?]**\nO pr\u00f3ximo meeting do OWASP Recife ocorrer\u00e1 no dia 28/02/2024 \u00e0s 20:00 com o t\u00edtulo: \"Detec\u00e7\u00e3o de Vulnerabilidades em C\u00f3digo-Fonte com I.A\" conduzida por Maria Fernanda Rodrigues, da Tempest Security Intelligence.\n\nA palestrante demonstrar\u00e1 uma forma de detec\u00e7\u00e3o de vulnerabilidades em c\u00f3digo-fonte, utilizando o modelo n\u00e3o supervisionado de aprendizado de m\u00e1quina FICS (Functionally-similar yet Inconsistent Code). O primeiro detector de bugs 'machine learning-based' que identifica e aponta inconsist\u00eancias no c\u00f3digo como indicadores de poss\u00edveis vulnerabilidades de seguran\u00e7a.\n\n**[Formato do encontro]**\nPalestra online\n\n**[Shortbio de Maria]**\nMaria Fernanda Rodrigues\nEstagi\u00e1ria em Pesquisa e Desenvolvimento\nTempest Security Intelligence" }, { "group": "Seattle", @@ -299,16 +309,6 @@ "timezone": "America/Los_Angeles", "description": "*Do you know where your secrets are?*\n\n*Do you know what Uber, CircleCI, and Toyota all have in common? They had hardcoded credentials in plaintext somewhere in their environments, leading to either a public leak or enabling an attacker to expand their footprint during a breach.*\n\n*Understanding the problem with hardcoding secrets is simple, but how widespread is this problem? How fast is it growing? How does it keep happening? Moreover, what can you do to address it?*" }, - { - "group": "Seattle", - "repo": "www-chapter-seattle", - "name": "Security Social Lunch Hours", - "date": "2024-02-14", - "time": "12:00-08:00", - "link": "https://www.meetup.com/owasp-seattle-chapter/events/297834962", - "timezone": "America/Los_Angeles", - "description": "At noon on the 2nd Wednesday of every month we host a social meeting on Zoom with mini talks and breakout rooms. The main room will always be open for social time but we plan to have 1-2 topic breakouts you can join. If the breakout session topic interests you, join that discussion. Feeling more like a casual chat and exploring other topics? Visit the main room to strike up a conversation.\n\nSuggest topics you\u2019d like to see breakout rooms for and let us know if you\u2019d like to sign up to lead one.\n\nSlack @ #chapter-seattle (https://bit.ly/owasp-seattle-slack)\n\nseattle-chapter@owasp.org (https://groups.google.com/a/owasp.org/g/seattle-chapter)" - }, { "group": "Singapore", "repo": "www-chapter-singapore", @@ -339,16 +339,6 @@ "timezone": "America/New_York", "description": "**Welcome to our OWASP Tampa 2024Q1 Lunch and Learn!**\n\nWe invite you to join us and members of our local Tampa Bay community to hear from industry experts in cybersecurity. This lunch and learn will bring topics that influence discussion among your peers and provide a venue to meet others that share your passions.\n\n**Agenda:**\n\n* 11:30am - Registration and Lunch\n* 12:00pm - Speaker - Chris Hatter - Appsec in an AI-powered world\n* 1:00pm - Depart\n\n**Speaker:**\nChris Hatter is an Operating Partner at NumberOneAI where he provides technical leadership to portfolio companies within the incubator. Additionally, Chris serves as the COO/CISO of Qwiet.AI, an AI-powered AppSec platform.\n\nHe has over a decade of experience in cybersecurity strategies, managing threats and vulnerabilities, risk assessment, cyber resilience, legal and compliance issues, and crisis management. Prior to his current roles at N1AI and Qwiet, Chris served as the Global CISO for Nielsen, at the time, a global technology and data company that operated in over 150 countries with 80,000+ employees.\n\nChris holds a Bachelor of Business Administration in Management Information Systems from the University of South Florida and sits on the university\u2019s advisory board of cybersecurity for executives.\n\n**Abstract**:\nIn this bold new age of artificial intelligence, software is evolving at a blistering pace. From AI-generated code to automated devops to ingenious new AI applications, innovation is accelerating. Businesses across every industry stand to gain enormously in productivity and efficiency. However, with such great power comes great risk. As AI accelerates the pace of software innovation, it also increases the prevalence of vulnerabilities and exploits.\n\nGiven that application security teams are often under-resourced and equipped with weak technologies... What can they do to manage the inevitable complexity introduced by AI? This interactive talk will lay out the escalating challenges for application security and engineering teams while offering some practical solutions.\n\n**Location:**\nGuidePoint Security\n3030 N Rocky Point Drive W\nSte 600\nTampa, FL\n\n**Sponsors:**\n[Qwiet.AI](https://qwiet.ai/)" }, - { - "group": "Toronto", - "repo": "www-chapter-toronto", - "name": "OWASP Toronto | Psychology of phishing attacks", - "date": "2024-02-15", - "time": "18:30-05:00", - "link": "https://www.meetup.com/owasp-toronto/events/298936718", - "timezone": "America/Toronto", - "description": "TALK\n\nPsychology of phishing attacks\n\nSummary:\n\nThis presentation will discuss the psychology behind phishing attacks. We will examine why people are susceptible to such attacks. In this talk, you will learn about persuasion cues, factors of persuasion, and common phishing indicators. The goal is to provide you with a framework that helps identify phishing attacks. We will further touch on strategies to detect phishing attacks, existing gaps, and approaches to improve detection capabilities.\n\nPresenter:\n\nHassan Anees\n\nHassan is a recent master's graduate of the Cybersecurity and Threat Intelligence program at the University of Guelph and holds dual undergraduate degrees in psychology and computer science. He has a background as a software engineer and security analyst. He has worked within the financial industry creating phishing simulations and mitigating insider risk. Hassan is currently preparing to embark on a PhD focused on phishing research at the University of Waterloo." - }, { "group": "Wrongsecrets", "repo": "www-project-wrongsecrets", diff --git a/pages/initiatives/gsoc/gsoc2024ideas.md b/pages/initiatives/gsoc/gsoc2024ideas.md index 9909986e38..a2c5a5b3b5 100644 --- a/pages/initiatives/gsoc/gsoc2024ideas.md +++ b/pages/initiatives/gsoc/gsoc2024ideas.md @@ -71,9 +71,10 @@ Reach out to us on Slack to discuss further on the scope, changes required, _or * Some knowledge of UI designing for design related ideas. ##### Mentors -* Donnie on slack (lead mentor) -* Swapnil Shinde (@AtmegaBuzz) on slack (django and blockchain mentor) -* We are looking for mentors, reach out to us on slack +* Donnie (@DonnieBLT on Slack) -- lead mentor +* Swapnil Shinde (@AtmegaBuzz on Slack) -- Django and blockchain mentor +* Arkadii Yakovets (@arkid15r on Slack) -- Python/Django mentor +* We are looking for mentors, reach out to us on Slack ### [OWASP Maryam](https://owasp.org/www-project-maryam/)