|
9 | 9 | "timezone": "Europe/Copenhagen", |
10 | 10 | "description": "**19:00 \u2013 19:10** \\- Welcome and Introduction by Cloud\\-Native and OWASP Aarhus\n\n**19:10 \u2013 19:55** \\- \"Securing the DevOps Pipeline: CI/CD Flaws and Supply Chain Threats\" by Mike Larsen\n\n\u201cThe software supply chain is under siege by sophisticated adversaries. High-profile breaches, such as 3CX's compromised CI/CD pipeline\u2014where the North Korean Lazarus Group injected malicious code into widely used apps\u2014the JetBrains TeamCity exploit, where Russian state-sponsored actors gained unauthorized admin control without user interaction, and Sisense's exposure of critical credentials through unsecured GitLab repositories, highlight alarming vulnerabilities in development workflows.\nWe'll explore how these threat actors exploit flaws in CI/CD processes. Drawing on CloudNative's experience, we'll provide strategies to strengthen your DevOps pipeline without sacrificing agility.\u201d\n\n**19:55 \u2013 20:10** \\- Network break with coffee\\, tea\\, water and snacks\\.\n\n**20:10 \u2013 20:55** \\- \"Bring diversity and inclusion to tech\" by Lise Lystlund\n\n\"The tech community excels at knowledge sharing and supporting one another. Without hesitation, people from across the globe dedicate time to help others solve coding problems. To me, this reflects a welcoming and collaborative community that anyone would want to be a part of. Tech is also an appealing field, offering numerous workplace benefits and opportunities for growth. Yet, despite these advantages, the industry continues to struggle with attracting women. How is it that a group representing 50% of the population remains so underrepresented in tech\u2014and, more importantly, what can we do to change this?\"\n\n**20:55 \u2013 21:00** \\- Closing Remarks by OWASP Aarhus and Cloud Native" |
11 | 11 | }, |
12 | | - { |
13 | | - "group": "Baku", |
14 | | - "repo": "www-chapter-baku", |
15 | | - "name": "Application Security seminar", |
16 | | - "date": "2024-10-27", |
17 | | - "time": "12:00+04:00", |
18 | | - "link": "https://www.meetup.com/owasp-baku-chapter/events/304222531", |
19 | | - "timezone": "Asia/Baku", |
20 | | - "description": "Join our online seminar to learn how to keep applications secure. We'll cover common security risks, safe coding tips, and tools to help protect against attacks. This seminar is great for developers, security beginners, and anyone interested in making apps safer" |
21 | | - }, |
22 | | - { |
23 | | - "group": "Baku", |
24 | | - "repo": "www-chapter-baku", |
25 | | - "name": "Application Security seminar", |
26 | | - "date": "2024-10-27", |
27 | | - "time": "12:00+04:00", |
28 | | - "link": "https://www.meetup.com/owasp-baku-chapter/events/304214272", |
29 | | - "timezone": "Asia/Baku", |
30 | | - "description": "Join our online seminar to learn how to keep applications secure. We'll cover common security risks, safe coding tips, and tools to help protect against attacks. This seminar is great for developers, security beginners, and anyone interested in making apps safer" |
31 | | - }, |
32 | 12 | { |
33 | 13 | "group": "Belgium", |
34 | 14 | "repo": "www-chapter-belgium", |
|
137 | 117 | "time": "18:00Z", |
138 | 118 | "link": "https://www.meetup.com/owasp-london/events/304059146", |
139 | 119 | "timezone": "Europe/London", |
140 | | - "description": "**This event is kindly hosted by Civo Tech Junction and sponsored by Apiiro. There is limited seating available for in-person attendees. Registration required.**\n\n**This event will be live-streamed on YouTube.**\n\n**Recordings will be available on the OWASP London YouTube channel.**\n\n**Venue Location**: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW\n**Nearest Tube:** Old Street (Northern Line), Cowper Street exit - 1 min walk\n**Doors Open at 6pm** for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).\n\n**TALKS:**\n\n**OWASP Introduction, Welcome and News** \\- Sam Stepanyan\\, Andra Lezza\\, Sherif Mansour \\- OWASP London Chapter Leaders\n\n**\"AI and AppSec: Are We Finally on the Verge of the Big Breakthrough?\"** - **Petra Vukmirovi\u0107**\n\nIn cybersecurity, AI has made significant advances, especially in threat detection, risk quantification, and remediation automation. However, in Application Security (AppSec), it hasn\u2019t fully reached its potential\u2014yet.\nThis talk will explore why the next big breakthrough in AI is poised to revolutionize threat modeling and security reviews, areas traditionally plagued by manual processes, high complexity, and slow adoption in fast-moving development environments.\nWe are at the tipping point where AI can understand code deeply enough to automate threat modeling, shifting it left and removing bottlenecks in the security review process. By using AI to derive data flows, identify threats and controls, and continuously update threat models, we can potentially integrate security into the development lifecycle more effectively.\nJoin this session to discuss and discover how AI could potentially take threat modeling as code (and from code!) to the next level.\n\n\"**Proactive Risk Detection at the Design Stage\" - Ella Bor**\n\nSecurity risks can be costly when discovered late in development, and the \u201cshift left\u201d movement seeks to address this. This talk explores strategies for identifying potential risks during the design phase, even before coding begins. By analyzing ticketing systems with AI, development teams can identify potential risks such as insecure data handling or problematic third party integrations early on\u2014without slowing development velocity. The discussion will highlight methods to uncover design-phase risks while using AI to propose security review questions and automatically generate threat stories on a large scale. This approach not only simplifies the design review process but also helps prevent the creation of insecure code.\n\n**Guest Talk - Speaker TBC**\n\n**RAFFLE - win a prize kindly donated by our sponsors!**\n\n**SPEAKERS:**\n\n**Petra Vukmirovi\u0107 (**[@PetraVuk1311](http://twitter.com/PetraVuk1311))\n\nTechnology enthusiast, leader, public speaker, believer in radical candor, ex-emergency medicine doctor, competitive athlete (volleyball) and ex-sports scholar. Petra started her cyber security career as a security engineer, climbed up the ladder to Director of Cyber Security. Love creating order out of chaos, learning and overcoming any challenges that come along my way. Always leveraging innovation and looking to implement improvements in processes and systems.\n\n**Ella Bor**\n\nElla Bor is an experienced data scientist, honed her skills across diverse industry domains, including legal-tech, e-commerce, and application security. At Apiiro, she harnesses her extensive expertise to drive innovation in application security. Ella specializes in leveraging artificial intelligence to tackle real-world challenges, developing and implementing end-to-end algorithmic solutions that automate complex tasks. Throughout her career, Ella has been dedicated to bridging the gap between theoretical research and practical application, ensuring that AI-driven solutions are both technically sound and aligned with business goals.\n\n**TICKETS:**\n\nOWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.\n\n**CODE OF CONDUCT:**\n\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)\n\n**DRESS CODE:**\n\n Halloween costumes are encouraged, but not required. Feel free to get into the spooky spirit if you'd like, or come as you are!" |
| 120 | + "description": "**This event is kindly hosted by Civo Tech Junction and sponsored by Apiiro. There is limited seating available for in-person attendees. Registration required.**\n\n**This event will be live-streamed on YouTube.**\n\n**Recordings will be available on the OWASP London YouTube channel.**\n\n**Venue Location**: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW\n**Nearest Tube:** Old Street (Northern Line), Cowper Street exit - 1 min walk\n**Doors Open at 6pm** for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).\n\n**TALKS:**\n\n**OWASP Introduction, Welcome and News** \\- Sam Stepanyan\\, Andra Lezza\\, Sherif Mansour \\- OWASP London Chapter Leaders\n\n**\"AI and AppSec: Are We Finally on the Verge of the Big Breakthrough?\"** - **Petra Vukmirovi\u0107**\n\nIn cybersecurity, AI has made significant advances, especially in threat detection, risk quantification, and remediation automation. However, in Application Security (AppSec), it hasn\u2019t fully reached its potential\u2014yet.\nThis talk will explore why the next big breakthrough in AI is poised to revolutionize threat modeling and security reviews, areas traditionally plagued by manual processes, high complexity, and slow adoption in fast-moving development environments.\nWe are at the tipping point where AI can understand code deeply enough to automate threat modeling, shifting it left and removing bottlenecks in the security review process. By using AI to derive data flows, identify threats and controls, and continuously update threat models, we can potentially integrate security into the development lifecycle more effectively.\nJoin this session to discuss and discover how AI could potentially take threat modeling as code (and from code!) to the next level.\n\n\"**Proactive Risk Detection at the Design Stage\" - Ella Bor**\n\nSecurity risks can be costly when discovered late in development, and the \u201cshift left\u201d movement seeks to address this. This talk explores strategies for identifying potential risks during the design phase, even before coding begins. By analyzing ticketing systems with AI, development teams can identify potential risks such as insecure data handling or problematic third party integrations early on\u2014without slowing development velocity. The discussion will highlight methods to uncover design-phase risks while using AI to propose security review questions and automatically generate threat stories on a large scale. This approach not only simplifies the design review process but also helps prevent the creation of insecure code.\n\n**Guest Talk: \"Strengthening AppSec Efforts\" - Jon McCoy**\n\n**RAFFLE - win a prize kindly donated by our sponsors!**\n\n**SPEAKERS:**\n\n**Petra Vukmirovi\u0107 (**[@PetraVuk1311](http://twitter.com/PetraVuk1311))\n\nTechnology enthusiast, leader, public speaker, believer in radical candor, ex-emergency medicine doctor, competitive athlete (volleyball) and ex-sports scholar. Petra started her cyber security career as a security engineer, climbed up the ladder to Director of Cyber Security. Love creating order out of chaos, learning and overcoming any challenges that come along my way. Always leveraging innovation and looking to implement improvements in processes and systems.\n\n**Ella Bor**\n\nElla Bor is an experienced data scientist, honed her skills across diverse industry domains, including legal-tech, e-commerce, and application security. At Apiiro, she harnesses her extensive expertise to drive innovation in application security. Ella specializes in leveraging artificial intelligence to tackle real-world challenges, developing and implementing end-to-end algorithmic solutions that automate complex tasks. Throughout her career, Ella has been dedicated to bridging the gap between theoretical research and practical application, ensuring that AI-driven solutions are both technically sound and aligned with business goals.\n\n**TICKETS:**\n\nOWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.\n\n**CODE OF CONDUCT:**\n\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: [https://owasp.org/www-policy/operational/code-of-conduct](https://owasp.org/www-policy/operational/code-of-conduct)\n\n**DRESS CODE:**\n\n Halloween costumes are encouraged, but not required. Feel free to get into the spooky spirit if you'd like, or come as you are!" |
141 | 121 | }, |
142 | 122 | { |
143 | 123 | "group": "Los Angeles", |
|
0 commit comments