remote update file

OWASP · Jan 30, 2025 · 13ffc97 · 13ffc97
1 parent 06cfeca
commit 13ffc97
Showing 1 changed file with 0 additions and 30 deletions.
diff --git a/_data/community_events.json b/_data/community_events.json
@@ -109,16 +109,6 @@
         "timezone": "America/Los_Angeles",
         "description": "**TOPIC**: Hands-on Web Security Code Review Workshop\nHello AppSec teams and tech enthusiasts! We're thrilled to roll out an exceptional Web Security Code Review Workshop in collaboration with **OWASP LA** and offered by OWASP.\n\n**Abstract:** Learn how to identify vulnerabilities through effective manual security code reviews. In this workshop, we\u2019ll analyze real-world code examples, uncover common flaws like injections and authentication issues, and explore how to leverage built-in security features. You\u2019ll gain practical skills to complement automated tools and confidently tackle security challenges in real codebases. Ideal for developers, AppSec engineers, and code reviewers, this session focuses on practical techniques and real-world impact.\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\nhttps://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy"
     },
-    {
-        "group": "Los Angeles",
-        "repo": "www-chapter-los-angeles",
-        "name": "OWASP LA Monthly In-Person Meeting - JAN 29, 2025",
-        "date": "2025-01-29",
-        "time": "17:30-08:00",
-        "link": "https://www.meetup.com/owasp-los-angeles/events/305489048",
-        "timezone": "America/Los_Angeles",
-        "description": "**/\\*\\* Updated Meeting Date \\*\\*/**\n**TOPIC**: Adding API Security to your DevSecOps Toolbelt\nJoin us for great networking, dinner and drinks, and see a presentation by **Scott Bly**, Director, Security Technologies, Systems Integration Solutions\n\n**ABSTRACT**:\nHow do you integrate API Security into your DevSecOps processes? You have DevOps tooling and CI/CD pipelines for your product release cycle. Your Dev & Ops teams work well together. You started a DevSecOps transformation to Shift Left and test code security in pipelines.\nBut how do you integrate the Security teams into DevOps to achieve true DevSecOps? Then, how do you integrate APIs, as they are behavior-based? Traditional AppSec can\u2019t identify vulnerabilities in API consumption.\nLearn how to integrate API testing into Shift Left DevSecOps pipelines to eliminate vulnerabilities. Learn how to bring Dev, Sec, Ops teams together to improve Mean Time To Remediation, and keep your teams happy!\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)"
-    },
     {
         "group": "Minneapolis St Paul",
         "repo": "www-chapter-minneapolis-st-paul",
@@ -149,16 +139,6 @@
         "timezone": "America/New_York",
         "description": "**Mastering Reachability Analysis: Redefining Product security, bridging Application Security and Cloud Vulnerability Management**\n\nReachability analysis is complex and involves 5 types of reachability analysis. but which one of them is actually useful and applicable to you?\n\nAs appsec and operational security merge into prodsec we seen appsec becoming more complex with containerized environments, and intricate architectures, traditional vulnerability management/ application security has reached its limits. Security teams are often overwhelmed by alerts, many of which pose no real threat. Enter reachability analysis\u2014a transformative approach to vulnerability prioritization that filters out noise and highlights exploitable vulnerabilities.\n\nThis talk demystifies reachability analysis and its five key types, explaining how this methodology helps streamline vulnerability management in modern software ecosystems.\n\nWe\u2019ll address the confusion around reachability techniques and explore how they interact to deliver a more focused, actionable security strategy.\n\nKey Discussion Points:\n\n1\\. What Is Reachability Analysis in ASPM?\n\u2022 Understanding the concept of reachability: determining whether vulnerabilities are actually exploitable in runtime environments.\n\u2022 The role of reachability in Application Security Posture Management (ASPM): filtering irrelevant issues and reducing vulnerability overload.\n\n2\\. The Five Types of Reachability Analysis:\n\u2022 Code Reachability Analysis: Identifying if vulnerable code paths are executed during runtime.\n\u2022 Library Reachability Analysis: Assessing whether third-party libraries\u2019 vulnerabilities are actively used in application execution.\n\u2022 Container Reachability Analysis: Determining whether vulnerable packages in containerized environments are executed during runtime.\n\u2022 Static Reachability Analysis: Analyzing vulnerabilities in the codebase and loaded libraries without runtime execution.\n\u2022 Runtime Reachability Analysis: Focusing on vulnerabilities actively being executed in the live environment\n\n3\\. Challenges in Implementing Reachability Analysis:\n\u2022 Complexity in integrating reachability across diverse environments.\n\u2022 Lack of visibility into dynamic and containerized deployments.\n\u2022 Overcoming the limitations of traditional CWE classifications and addressing their practical gaps.\n\n4\\. Leveraging Context and AI for Effective Vulnerability Management:\n\u2022 Using contextual deduplication to reduce noise by merging duplicate vulnerabilities across code, containers, and environments.\n\u2022 Incorporating cyber threat intelligence to prioritize exploitable vulnerabilities in real-world scenarios.\n\u2022 How AI-driven analysis identifies patterns and generates actionable insights for remediation. Takeaways for Attendees:\n\u2022 Gain a clear understanding of reachability analysis and its role in reducing vulnerability overload.\n\u2022 Learn how to implement and prioritize vulnerabilities using contextual deduplication and threat intelligence.\n\u2022 Explore how static and runtime reachability analysis complement each other for a comprehensive approach.\n\u2022 Discover practical applications of reachability analysis in modern ASPM solutions to improve security team efficiency.\n\nThis talk offers a roadmap for security teams looking to harness the power of reachability analysis to focus on what truly matters. By bridging the gap between overwhelming alerts and actionable insights, you can redefine your vulnerability management strategy and build a stronger, more resilient security posture."
     },
-    {
-        "group": "New York City",
-        "repo": "www-chapter-new-york-city",
-        "name": "Happy 2025 New Year Event join our Working Cyber Incident Workshop Happy Hour\"",
-        "date": "2025-01-29",
-        "time": "17:30-05:00",
-        "link": "https://www.meetup.com/owasp-new-york-city-chapter/events/305785153",
-        "timezone": "America/New_York",
-        "description": "Come have some fun with our OWASP Members and Cyber Fireside NJ: Join in hands-on learning with a few Rockstars sharing and teaching.\n\n#### **Workshop Purpose**\n\nThe purpose of this workshop is to enhance the organization\u2019s resilience against threats stemming from fake or malicious applications. By simulating an attack scenario involving a counterfeit app, participants will gain practical experience in identifying, preventing, and responding to such incidents.\n\nThis hands-on exercise is designed to strengthen cross-functional collaboration, reinforce secure app and API design principles, and ensure compliance with relevant regulatory frameworks.\n\n**Exercise Objectives**\n\n1\\. Detection and Prevention of Fake Applications\n\n* Implement methods to identify and validate app integrity and authenticity using advanced runtime checks and mobile attestation solutions.\n* Develop strategies to monitor and promptly remove counterfeit apps from app stores.\n\n2\\. Securing API Communication\n\n* Strengthen API security with app-specific integrity checks, token validation, and certificate pinning to prevent unauthorized interactions.\n* Explore rate limiting and role-based access control (RBAC) as critical safeguards.\n\n3\\. Harden Server\\-Side Security\n\n* Enforce robust input validation and access controls to mitigate server-side vulnerabilities.\n* Simulate threat scenarios to test server-side resilience against credential stuffing and brute-force attacks.\n\n4\\. Incident Monitoring and Response\n\n* Enhance log analysis and telemetry used to detect and investigate rogue app activity.\n* Design and implement a clear incident response playbook that includes user notification, regulatory compliance, and mitigation strategies."
-    },
     {
         "group": "Newcastle Uk",
         "repo": "www-chapter-newcastle-uk",
@@ -269,16 +249,6 @@
         "timezone": "America/Vancouver",
         "description": "TBD"
     },
-    {
-        "group": "Yerevan",
-        "repo": "www-chapter-yerevan",
-        "name": "OWASP Yerevan January meetup - Ruben Muradyan",
-        "date": "2025-01-29",
-        "time": "19:00+04:00",
-        "link": "https://www.meetup.com/owasp-yerevan/events/305848739",
-        "timezone": "Asia/Yerevan",
-        "description": "OWASP Yerevan January meetup agenda:\n\n1. Community, ethics, attribution - Invitation for public discussion - Ruben Muradyan\n\nLocation: American University of Armenia\nRoom number 314W in Paramaz Avedisian building (PAB, second/new building)."
-    },
     {
         "group": "Samm",
         "repo": "www-project-samm",