diff --git a/_data/community_events.json b/_data/community_events.json index 6f3f5b6c77..601203811c 100644 --- a/_data/community_events.json +++ b/_data/community_events.json @@ -89,6 +89,16 @@ "timezone": "Australia/Brisbane", "description": "The software supply chain is under increasing threat. New attacks and threats have popped up that we couldn't have imagined even two years ago. Total attacks on the software supply chain are increasing by more than 730% year on year since 2019. One way for organizations to combat this growing threat is to empower their red teams to test the software supply chains for that organization. But many red teams are ill-prepared to tackle this new attack surface.\n\nThis talk will have three distinct parts:\n\n1\\. I will describe how security teams\\, red teams\\, or security researchers can quickly identify the multiple components in a particular applications software supply chain\\, and then how to find soft targets to focus on\\.\n2\\. I will describe my VBP framework \\(value\\, behaviour and patterns\\) which is an applied threat modelling framework for software supply chains\\.\n3\\. Finally\\, I will visually describe one of my red team operations on an open\\-source project and the tools that I use \\(or have written\\) to make that possible\\." }, + { + "group": "Cairo", + "repo": "www-chapter-cairo", + "name": "Secure by Design: Empowering Enterprise Security through Application Governance", + "date": "2024-07-27", + "time": "10:00+03:00", + "link": "https://www.meetup.com/owasp-cairo-chapter/events/302273299", + "timezone": "Africa/Cairo", + "description": "In today's rapidly evolving digital landscape, securing applications is a critical concern for enterprises. This joint event, organized by the OWASP Cairo Chapter and ISACA Egypt Chapter, aims to equip security professionals, developers, and IT leaders with the knowledge and tools necessary to integrate security throughout the application development lifecycle.\n\nThe event will feature two key sessions:\n[10:00 AM - 10:45 AM]\u2060 \u2060Integrating Security into the Development Lifecycle: Governance Frameworks and Best Practices [Speaker: Mohamed Alfateh]\n\\- Discover strategies for embedding security within Agile\\, Waterfall\\, and DevSecOps methodologies\n\\- Explore the security manager's role in fostering collaboration\\, driving security awareness\\, and measuring the effectiveness of security initiatives\n\n[10:45 AM - 11:30 AM]\u2060 \u2060Secure Coding Practices for Web Applications [Speaker: Mohammed Sherif]\n\\- Explore secure coding principles and techniques to mitigate common application vulnerabilities\n\\- Learn about secure coding standards\\, code review best practices\\, and automated security testing\n\nThrough a combination of expert presentations, interactive discussions, and real-world case studies, attendees will gain a comprehensive understanding of secure application development and the essential role of security governance in empowering enterprises to build secure, resilient, and compliant software solutions." + }, { "group": "Chennai", "repo": "www-chapter-chennai", @@ -167,17 +177,7 @@ "time": "18:00+02:00", "link": "https://www.meetup.com/owasp-hamburg-stammtisch/events/302138351", "timezone": "Europe/Berlin", - "description": "Moin in die Runde,\n\nwe'll have a series of short talks in German.\n\n# **Eckpunkte**\n\nWir pr\u00e4sentieren eine Reihe kurzweiliger Vortr\u00e4ge am Dienstag, den 23.7.2024:\n\n* Bj\u00f6rn Kimminich + Jannik Hollenbach: **Brick your Juice Shop in 319 easy steps**\n*In this session, you will learn about a literal hands-on endeavor of OWASP Juice Shop for its 10th anniversary: The official branded LEGO case for your MultiJuicer cluster on 4 Raspberry PIs!*\n* Timo Pagel: **Relevante AppSec Metriken erfassen und analysieren**\n*Auf dem Weg zum ausgereiften Application Security Program ist die Erfassung von Aktivit\u00e4t-Metriken ein wichtiger, jedoch oft \u00fcbersehener Schritt. Dieser Kurzvortrag erl\u00e4utert die Kunst und Wissenschaft der Definition, Sammlung und Analyse von Aktivit\u00e4t-Metriken, um bedeutende Verbesserungen im AppSec-Programm voranzutreiben. Timo pr\u00e4sentiert Metriken anhand der Open-Source-Anwendung Metric Collector and Analyser (metricCA). Weiterhin erl\u00e4utert er kurz die Architektur von metricCA .*\n* Matthias Marx: **Hide and Seek - \u00fcber Biometrie-Ger\u00e4te des US-Milit\u00e4rs**\n*Das US-Milit\u00e4r hat massenhaft Ger\u00e4te zur biometrischen Erfassung von Menschen in Afghanistan genutzt, wovon einige beim hastigen Abzug der NATO-Truppen zur\u00fcckgelassen wurden und in die H\u00e4nde der Taliban gelangten. Medien berichteten dar\u00fcber, der Chaos Computer Club fing an zu recherchieren. Dieser konnte gleich mehrere Ger\u00e4te ersteigern. Eine Analyse f\u00f6rderte gro\u00dfe Mengen biometrischer und weiterer personenbezogener Daten zu Tage. In den falschen H\u00e4nden bedeutet dies Lebensgefahr f\u00fcr Menschen in Afghanistan und Irak. Matthias hat die CCC-Forschungsgruppe geleitet. Ein Ger\u00e4t bringt Matthias mit*.\n\nZu Gast sind wir wieder zentral bei Check24, am Anfang der Au\u00dfenalster (N\u00e4he Hotel Atlantic) In Fu\u00dfmarschentfernung vom Hauptbahnhof.\nAus planungstechnischen Gr\u00fcnden unseres Hosts (Verpflegung) sag mir bitte per Mail oder hier bei Meetup Bescheid, wenn du dazusto\u00dfen m\u00f6chtest.\n\n# **Generelles zum OWASP-Stammtisch**\n\nBei unseren offenen Treffen geht es um Software und deren Sicherheit im Internet und/oder IT-Security allgemein. Hier treffen sich Menschen, die sich beruflich oder privat mit IT-Sicherheit besch\u00e4ftigen: Entwickler, Manager, \u201ePentester\u201c und alle an (Web)sicherheit interessierte. Die Atmosph\u00e4re ist offen und locker. Uns geht's um den Erfahrungsaustausch, Technikschnack und um's Netzwerken. Wer Produkte oder Dienstleistungen verkaufen will, ist hier falsch. Ihr seid herzlich willkommen, euren Kollegen oder Bekannten einen Hinweis auf unsere Treffen weiterzuleiten. Alle Treffen sind frei, f\u00fcr jeden offen und kostenlos.\n\nSch\u00f6nen Gru\u00df, Bj\u00f6rn / Dirk" - }, - { - "group": "Israel", - "repo": "www-chapter-israel", - "name": "OWASP IL July 2024 - Special Workshop!", - "date": "2024-07-16", - "time": "17:30+03:00", - "link": "https://www.meetup.com/owasp-israel/events/302035464", - "timezone": "Asia/Jerusalem", - "description": "This one is different from our usual meetups - **a special, one-time, hands-on workshop!**\n\nThis will be a smaller session, with strict interactivity limits, so please **ONLY SIGN UP IF YOU WILL PARTICIPATE IN THE TRAINING** :-)\n\nIn this workshop, Michal Kamensky from Bounce Security will share a small piece of her upcoming Black Hat training: **\"Accurate and Scalable: Application Bug Hunting\"**.\n\nThe interesting, important, and hard-to-find bugs are not generic. They often stem from the unique business logic of the product, so they require familiarity with it.\n\nYou will learn how to use customizable scanning tools in order to discover those sneaky vulnerabilities, at scale.\nYou will be challenged to complete exercises yourself, using a couple of open-source scanning tools, such as Semgrep and Nuclei.\nYou will see how to customize the rules in these tools so that you can find interesting patterns, while keeping it specific and omitting false positives.\nAnd while you will be using 2 specific tools, the techniques and methodology you will learn are applicable for any customizable scanner, not just these two.\n\nSo make sure to come ready to hack, scan, and most importantly - to learn valuable skills you can start applying tomorrow!\n\n**Since this is a hands-on training, we must keep it much smaller than usual, so only so please ONLY SIGN UP IF YOU WILL PARTICIPATE IN THE TRAINING.** We will be vetting registrations to keep the group small and focused on those that will be actively participating and taking part in the exercises.\n\nMake sure to bring your laptop, and ensure you can install and run the security tools we will be using." + "description": "Moin in die Runde,\n\nwe'll have a series of short talks in German.\n\n# **Eckpunkte**\n\nLokation: An der Alster 64 , Hamburg\nDatum: 23.7.2024\nStart: Einlass ist ab 17:30 . Um 18:00 Uhr starten wir mit den Vortr\u00e4gen\nAnmeldung: kurz mit oder ohne Klarnamen \"Bescheid\" sagen\nThemen: s.u.\n\n# **Vortr\u00e4ge**\n\n* Bj\u00f6rn Kimminich + Jannik Hollenbach: **Brick your Juice Shop in 319 easy steps**\n*In this session, you will learn about a literal hands-on endeavor of OWASP Juice Shop for its 10th anniversary: The official branded LEGO case for your MultiJuicer cluster on 4 Raspberry PIs!*\n* Timo Pagel: **Relevante AppSec Metriken erfassen und analysieren**\n*Auf dem Weg zum ausgereiften Application Security Program ist die Erfassung von Aktivit\u00e4t-Metriken ein wichtiger, jedoch oft \u00fcbersehener Schritt. Dieser Kurzvortrag erl\u00e4utert die Kunst und Wissenschaft der Definition, Sammlung und Analyse von Aktivit\u00e4t-Metriken, um bedeutende Verbesserungen im AppSec-Programm voranzutreiben. Timo pr\u00e4sentiert Metriken anhand der Open-Source-Anwendung Metric Collector and Analyser (metricCA). Weiterhin erl\u00e4utert er kurz die Architektur von metricCA .*\n* Matthias Marx: **Hide and Seek - \u00fcber Biometrie-Ger\u00e4te des US-Milit\u00e4rs**\n*Das US-Milit\u00e4r hat massenhaft Ger\u00e4te zur biometrischen Erfassung von Menschen in Afghanistan genutzt, wovon einige beim hastigen Abzug der NATO-Truppen zur\u00fcckgelassen wurden und in die H\u00e4nde der Taliban gelangten. Medien berichteten dar\u00fcber, der Chaos Computer Club fing an zu recherchieren. Dieser konnte gleich mehrere Ger\u00e4te ersteigern. Eine Analyse f\u00f6rderte gro\u00dfe Mengen biometrischer und weiterer personenbezogener Daten zu Tage. In den falschen H\u00e4nden bedeutet dies Lebensgefahr f\u00fcr Menschen in Afghanistan und Irak. Matthias hat die CCC-Forschungsgruppe geleitet. Ein Ger\u00e4t bringt Matthias mit*.\n\nZu Gast sind wir wieder zentral bei Check24, am Anfang der Au\u00dfenalster (N\u00e4he Hotel Atlantic) In Fu\u00dfmarschentfernung vom Hauptbahnhof.\nAus planungstechnischen Gr\u00fcnden unseres Hosts (Verpflegung) sag mir bitte per Mail oder hier bei Meetup Bescheid, wenn du dazusto\u00dfen m\u00f6chtest.\n\n# **Generelles zum OWASP-Stammtisch**\n\nBei unseren offenen Treffen geht es um Software und deren Sicherheit im Internet und/oder IT-Security allgemein. Hier treffen sich Menschen, die sich beruflich oder privat mit IT-Sicherheit besch\u00e4ftigen: Entwickler, Manager, \u201ePentester\u201c und alle an (Web)sicherheit interessierte. Die Atmosph\u00e4re ist offen und locker. Uns geht's um den Erfahrungsaustausch, Technikschnack und um's Netzwerken. Wer Produkte oder Dienstleistungen verkaufen will, ist hier falsch. Ihr seid herzlich willkommen, euren Kollegen oder Bekannten einen Hinweis auf unsere Treffen weiterzuleiten. Alle Treffen sind frei, f\u00fcr jeden offen und kostenlos.\n\nSch\u00f6nen Gru\u00df, Dirk" }, { "group": "Los Angeles", @@ -229,16 +229,6 @@ "timezone": "America/Chicago", "description": "Security tooling will identify application security risks and multiple tools will deluge security folks and application developers with signal \u2013 to the degree that no human or group of humans can hope to tackle these with anything approaching sanity. In this talk, we\u2019ll discuss a better way to operationalize reducing risk, some stories from the trenches and what both bad and good look like." }, - { - "group": "New Zealand", - "repo": "www-chapter-new-zealand", - "name": "OWASP New Zealand - Auckland Meetup", - "date": "2024-07-16", - "time": "18:30+12:00", - "link": "https://www.meetup.com/owasp-new-zealand-chapter-auckland/events/297786381", - "timezone": "Pacific/Auckland", - "description": "We're picking up our regular Meetup schedule in 2024, starting in March.\n\nOur approximate agenda for the evening:\n\n* 6:00 p.m. - Gather and networking\n* 6:30 p.m. - Introductions, Top 10 Topic\n* 7:15 p.m. - Pizza and more networking\n* 7:45 p.m. - Technical Topic\n\nWe restarted our introductory coverage of the OWASP Top 10 (2021 edition) with A01:2021 in March, covering a new item each meeting.\n\nOur Top 10 topic for July will be **A03:2021 - Injection**.\n\n**Technical Topic Speaker:** TBC\n**Talk Title:** TBC\n\nWe're always looking for presenters and topics for future meetings - contact John (john.dileo@owasp.org) if you have an idea for a topic, or a presentation you'd like to make. That way, it won't always be John talking about what he's been working on recently.\n\nThe Auckland-area OWASP Meetup usually takes place on the third Tuesdays of March, May, July, September, and November. There is no Meetup in January, as our members enjoy their holidays." - }, { "group": "Orange County", "repo": "www-chapter-orange-county", @@ -269,6 +259,16 @@ "timezone": "Europe/London", "description": "Thirsty Thursdays.\n\nSame time. Same day each month. Differing places. Good chat.\n\n**What?**\n\n* Casual conversation over food & drinks\n\n**Where?**\n\n* It may differ each month, bars, restaurant and eateries around Peterborough\n\n**When?**\n\n* \\~ The last Thursday of each month\n\nEverybody welcome, the next event details will be chosen from the last (and so on!)." }, + { + "group": "Poland", + "repo": "www-chapter-poland", + "name": "OWASP Meeting in Krakow - Bezpiecze\u0144stwo API + Kariera w bran\u017cy IT security?", + "date": "2024-07-30", + "time": "18:00+02:00", + "link": "https://www.meetup.com/owasp-poland/events/302269188", + "timezone": "Europe/Warsaw", + "description": "Przed nami kolejne spotkanie naszej grupy. Mamy dla Was wyk\u0142ad Ma\u0107ka Kofela o bezpiecze\u0144stwie API a w drugiej cz\u0119\u015bci proponujemy dyskusj\u0119 o karierze w IT security.\n\n* **Bezpiecze\u0144stwo API (Maciej Kofel)**\nPodczas tworzenia i testowania API cz\u0119sto priorytetem s\u0105 wydajno\u015b\u0107 i funkcjonalno\u015b\u0107. Ale co z bezpiecze\u0144stwem? Czy wiesz, \u017ce hakerzy mog\u0105 wykorzysta\u0107 API do wyci\u0105gni\u0119cia cennych informacji z Twojej aplikacji lub uzyskania dost\u0119pu do Twojego serwera, co umo\u017cliwia im dalsze eksplorowanie zasob\u00f3w Twojej firmy? Na nadchodz\u0105cym spotkaniu OWASP zaprezentuj\u0119 takie przyk\u0142ady.\nW mojej prezentacji dowiesz si\u0119 o lukach z listy OWASP API Top10, kt\u00f3re mog\u0105 wyst\u0105pi\u0107 w API, poznasz narz\u0119dzia i techniki testowania bezpiecze\u0144stwa API oraz dowiesz si\u0119, gdzie szuka\u0107 pomocy lub rekomendacji dotycz\u0105cych \u0142atania tych luk.\nTa sesja b\u0119dzie pe\u0142na praktycznych przyk\u0142ad\u00f3w. Po tej prezentacji, ju\u017c nigdy nie spojrzysz na API w ten sam spos\u00f3b.\n*\n* **Kariera w bran\u017cy IT security (dyskusja)**\nW drugiej cz\u0119\u015bci naszego spotkania porozmawiamy o tym jak wej\u015b\u0107 do bran\u017cy IT security i jak planowa\u0107 swoj\u0105 karier\u0119. Zapraszamy zar\u00f3wno tych kt\u00f3rzy dopiero planuj\u0105 rozpocz\u0119cie pracy, tych kt\u00f3rzy maj\u0105 ju\u017c kilka lat do\u015bwiadczenia, jak i manager\u00f3w prowadz\u0105cych rekrutacj\u0119. Porozmawiamy o tym co dzia\u0142a a co nie, jaki jest obecny stan rynku pracy, jakie specjalno\u015bci s\u0105 dzisiaj a jakie b\u0119d\u0105 w przysz\u0142o\u015bci, na co warto zwraca\u0107 uwag\u0119 planuj\u0105c swoj\u0105 karier\u0119 w IT security." + }, { "group": "Portland", "repo": "www-chapter-portland", @@ -330,14 +330,14 @@ "description": "\\*\\* The talk is hosted on the 3rd floor of 171 John Street \\*\\*\n\n**TALK**\n**\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-\\-**\n\n**SOC Capability Maturity Model (SOC-CMM)**\n\n**Summary:**\n\nIn today's ever-evolving threat landscape, a robust Security Operations Center (SOC) is no longer a luxury, but a necessity. However, building a SOC from the ground up can be a daunting task. This presentation introduces attendees to the SOC Capability Maturity Model (SOC-CMM), a powerful framework designed to guide organizations in establishing and maturing their SOC capabilities.\n\nThrough practical examples and real-world scenarios, attendees will learn how to leverage the SOC-CMM to:\n\n* Define clear business objectives for their SOC.\n* Develop a comprehensive staffing strategy with the right skill sets.\n* Establish efficient and repeatable security processes.\n* Select and implement the most suitable security technologies.\n* Integrate seamlessly with existing IT infrastructure and security services.\n\n**Presenters**\n\nIvan Salles ([https://www.linkedin.com/in/ivansalles/](https://www.linkedin.com/in/ivansalles/))\n\nA SecOps professional with extensive global consulting experience, specializing in strategic guidance for topics including SOC, MDR, EDR, XDR, SIEM, and Vulnerability Management. Ivan collaborates as an Advisory Board member at Mente Binaria and a staff at SOC Brazil; he currently serves as the Director of Strategic Initiatives - SOC at Trend Micro Canada. Additionally, he shares his expertise as a Professor for Networking & Security at Fanshawe College. Based in London, Ontario, he enjoys spending time with his family." }, { - "group": "Uruguay", - "repo": "www-chapter-uruguay", - "name": "OWASP Meetup - Julio", - "date": "2024-07-16", - "time": "19:00-03:00", - "link": "https://www.meetup.com/owasp-uruguay-chapter/events/302007575", - "timezone": "America/Montevideo", - "description": "**\u00a1OWASP UY te invita a su pr\u00f3ximo Meetup!**\n\nLas exposiciones ser\u00e1n las siguientes:\n\n**Maximiliano Alonzo: Security by design**\n*El objetivo de esta charla es concientizar sobre la importancia de integrar la seguridad en todas las etapas del desarrollo de software. Se explorar\u00e1n los desaf\u00edos que enfrentan los equipos de desarrollo al considerar aspectos de seguridad, las consecuencias de no implementar dise\u00f1os seguros, y los principios fundamentales de seguridad. Adem\u00e1s, se presentar\u00e1 el modelado de amenazas como una herramienta crucial para identificar riesgos y establecer requisitos de seguridad. Esta exposici\u00f3n proporcionar\u00e1 estrategias pr\u00e1cticas para construir software robusto y seguro desde sus bases.*\n\n**Sebasti\u00e1n Passaro: Bug bounty 101**\n*Vamos a tocar diversos aspectos del bug bounty hunting:*\n\n* *\u00bfQu\u00e9 es?*\n* *\u00bfC\u00f3mo y d\u00f3nde se hace?*\n* *\u00bf$$$?*\n* *Programas privados, programas p\u00fablicos y eventos especiales.*\n* *\u00bfC\u00f3mo aporta a la industria?*\n* *Aportes de los presentes sobre experiencias propias.*\n\n**\u00bfCu\u00e1ndo?** Martes 16/7, 19:00.\n**\u00bfD\u00f3nde?** Howdy House, Francisco Garc\u00eda Cortinas 2357, piso 3.\n**\u00bfC\u00f3mo participar?** Simplemente te registras al evento. Los cupos son limitados por capacidad del lugar. Si est\u00e1s en lista de espera ser\u00e1s notificado cuando se liberen lugares.\n\n**\u00a1Te esperamos!**" + "group": "Vancouver", + "repo": "www-chapter-vancouver", + "name": "OWASP Vancouver Monthly Meetup", + "date": "2024-08-15", + "time": "18:00-07:00", + "link": "https://www.meetup.com/owasp-vancouver-chapter/events/298516374", + "timezone": "America/Vancouver", + "description": "TBD" }, { "group": "Vancouver",