remote update file

OWASP · Jan 28, 2025 · 23803ac · 23803ac
1 parent c3f8d3a
commit 23803ac
Showing 1 changed file with 40 additions and 10 deletions.
diff --git a/_data/community_events.json b/_data/community_events.json
@@ -89,6 +89,16 @@
         "timezone": "America/New_York",
         "description": "Welcome to 2025! Both the speaker and I are off at CodeMash in January, so we are going to start our EVERY MONTH transition in February!\n\nWe'll start off with a few highlights related to what is new in the world of appsec, and have a good-of-the-order style chat about the year, and then ... Have you ever searched for \"how to authenticate an API call\" and been confused by the dizzying array of techniques, terminology, jargon, and acronyms that come back?\n\nThis session is designed for anyone that's struggling to make sense of modern authentication options. You'll learn the differences between OAuth, API Keys, HMAC, JSON Web Tokens (JWT), SAML, OpenID Connect, and passkeys using Webauthn. Each technique will be explained in a clear, practical, easy-to-understand way.\n\nThis session focuses on core concepts, not code, and is accessible to anyone that works with technology."
     },
+    {
+        "group": "Frankfurt",
+        "repo": "www-chapter-frankfurt",
+        "name": "OWASP Frankfurt Chapter #70 - OWASP meets Legal & Regulations",
+        "date": "2025-02-26",
+        "time": "18:00+01:00",
+        "link": "https://www.meetup.com/owasp-frankfurt/events/305522192",
+        "timezone": "Europe/Berlin",
+        "description": "Hello everyone, we're excited to invite you to our OWASP Chapter meeting #70! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event.\n\n*What are we going to talk about?*\n\n* **Rechtssicher durch den Cybervorfall:** We are excited to welcome **Olga Stepanova** and **Dirk Koch** \\- both partners at ByteLaw \\- who will guide you through the rough waters on how you can protect your company from the legal consequences of a cyber incident\\. Experts explain current threats such as ransomware and business email compromise and provide practical tips on how to deal with perpetrators\\, authorities and insurance companies in a legally secure manner\\.\n* **Regulatory Affairs for Hackers:** It's not just since the GDPR that we've known what a resounding impact legal changes can have, but what else can we possibly expect when regulation gets really strict?\n**Leon Holub**, product owner of the Regulatory Radar platform at Johner Institute GmbH tries to give an insight into the world of legal requirements for medical devices, from a perspective of a software developer who has immersed himself in the details of the world's regulatory systems not too long ago.\n\n**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.\n\n*Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward.\n\n*When?* Our Meetup takes place on **26.02.2024** from **18.00 to 22.00** o'clock CEST.\n\n*Where?* The event will be held at CHECK24 , located at Speicherstra\u00dfe 55, 60327 Frankfurt am Main.\n\n*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)\n\n*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.\n\n*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!"
+    },
     {
         "group": "Jacksonville",
         "repo": "www-chapter-jacksonville",
@@ -109,16 +119,6 @@
         "timezone": "America/New_York",
         "description": "Join us for a high-level introduction to the Open Web Application Security Project (OWASP) foundation. We\u2019ll explore its most notable resources\u2014like the OWASP Top 10, Zed Attack Proxy (ZAP), and the Application Security Verification Standard (ASVS)\u2014and discuss practical ways to use them in everyday development and security workflows. This session is perfect for those new to OWASP or looking to brush up on core concepts.\n\nPresented by Francois Fried."
     },
-    {
-        "group": "Joao Pessoa",
-        "repo": "www-chapter-joao-pessoa",
-        "name": "Um hacker no seu bolso",
-        "date": "2025-01-29",
-        "time": "19:30-03:00",
-        "link": "https://www.meetup.com/owasp-joao-pessoa-chapter/events/305527548",
-        "timezone": "America/Fortaleza",
-        "description": "Marcos Tulio e Anderson Peixoto ir\u00e3o apresentar uma an\u00e1lise detalhada do OWASP Top 10 Mobile, explorando os principais riscos associados a aplica\u00e7\u00f5es m\u00f3veis. Durante a exposi\u00e7\u00e3o, far\u00e3o uma abordagem mais aprofundada em t\u00f3picos espec\u00edficos, destacando os cen\u00e1rios mais cr\u00edticos. Ao final, realizar\u00e3o uma demonstra\u00e7\u00e3o pr\u00e1tica de an\u00e1lise de seguran\u00e7a em aplica\u00e7\u00f5es m\u00f3veis, ilustrando como atacantes exploram vulnerabilidades para obter privil\u00e9gios na aplica\u00e7\u00e3o e at\u00e9 mesmo no sistema operacional. Por fim, compartilhar\u00e3o as melhores pr\u00e1ticas e recomenda\u00e7\u00f5es para mitigar as vulnerabilidades identificadas, promovendo a seguran\u00e7a no desenvolvimento de aplicativos m\u00f3veis."
-    },
     {
         "group": "Los Angeles",
         "repo": "www-chapter-los-angeles",
@@ -149,6 +149,16 @@
         "timezone": "Europe/Amsterdam",
         "description": "See [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter.\n\n18:00 - 18:15 - **Reception of attendees**\n18:15 - 19:00 - **Pizza**\n19:00 - 19:15 - **Welcome and OWASP updates**\n19:15 - 20:00 - **The AI Who Shagged Me!** by **Ali Abdollahi**\n20.00 - 20:15 - **Break with drinks**\n20:15 - 21:00 - **Behind the Breach: Understanding and Preventing Web Vulnerabilities** by **Mitchel Koster**\n\n**The AI Who Shagged Me!**\n*Abstract:*\nIn today\u2019s ever-changing world of cybersecurity, bringing AI into red teaming exercises is an exciting way to boost how we assess our organizational defenses. This approach fits well with frameworks like TIBER, which focus on creating realistic simulations of cyber threats. It\u2019s all about making our defenses stronger and more effective! AI algorithms effectively analyze large datasets to identify emerging threats and tactics, aiding in realistic attack simulations. AI-driven tools help replicate complex attacks, providing red teams with thorough assessments of security measures. Using AI-generated anomalies enhances detection capabilities and strengthens incident response plans. However, the integration of AI into red teaming is not without challenges. This discussion aims to provide a nuanced overview of the application of AI in red teaming exercises, examining its potential benefits and limitations within established frameworks like TIBER. By critically evaluating this integration, we can better understand how to harness AI\u2019s capabilities to strengthen cybersecurity offense and defense.\n*Bio:*\nAli is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events.\n\n**Behind the Breach: Understanding and Preventing Web Vulnerabilities**\n*Abstract:*\n\u201cBehind the Breach: Understanding and Preventing Web Vulnerabilities delves into the transformation of modern web applications and architecture, showcasing how advancements in frameworks and browser technologies have revolutionized security. Yet, even with these innovations, attackers persist in uncovering and exploiting vulnerabilities. Drawing from real-world case studies across industries\u2014from agile startups to global enterprises\u2014this presentation not only demonstrates how a deeper understanding of security can thwart these threats, but also highlights how effectively conveying the potential impact of vulnerabilities is key to prioritizing security efforts.\u201d\n*Bio:*\nMitchel Koster is the Chief Security Researcher at Breachlock, where he leads the development of new security products and conducts research and engagements for high-profile clients. His work includes Red and Purple Team exercises and addressing custom security requirements across diverse sectors, including Aviation and Healthcare. With a background in computer science, embedded systems, and programming, Mitchel bridges the gap between modern software development practices and robust security measures.\n\nFor parking, there\u2019s a (paid) parking space less than 5 minutes away at the Q-Park Hermitage. ([ https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88](https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88) )\n\nAlso a 5 minute walk is the Zaandam station. ([ https://maps.app.goo.gl/3emKrp4ygx41SoN67](https://maps.app.goo.gl/3emKrp4ygx41SoN67) )"
     },
+    {
+        "group": "New York City",
+        "repo": "www-chapter-new-york-city",
+        "name": "Mastering Reachability Analysis",
+        "date": "2025-02-03",
+        "time": "18:00-05:00",
+        "link": "https://www.meetup.com/owasp-new-york-city-chapter/events/305831655",
+        "timezone": "America/New_York",
+        "description": "**Mastering Reachability Analysis: Redefining Product security, bridging Application Security and Cloud Vulnerability Management**\n\nReachability analysis is complex and involves 5 types of reachability analysis. but which one of them is actually useful and applicable to you?\n\nAs appsec and operational security merge into prodsec we seen appsec becoming more complex with containerized environments, and intricate architectures, traditional vulnerability management/ application security has reached its limits. Security teams are often overwhelmed by alerts, many of which pose no real threat. Enter reachability analysis\u2014a transformative approach to vulnerability prioritization that filters out noise and highlights exploitable vulnerabilities.\n\nThis talk demystifies reachability analysis and its five key types, explaining how this methodology helps streamline vulnerability management in modern software ecosystems.\n\nWe\u2019ll address the confusion around reachability techniques and explore how they interact to deliver a more focused, actionable security strategy.\n\nKey Discussion Points:\n\n1\\. What Is Reachability Analysis in ASPM?\n\u2022 Understanding the concept of reachability: determining whether vulnerabilities are actually exploitable in runtime environments.\n\u2022 The role of reachability in Application Security Posture Management (ASPM): filtering irrelevant issues and reducing vulnerability overload.\n\n2\\. The Five Types of Reachability Analysis:\n\u2022 Code Reachability Analysis: Identifying if vulnerable code paths are executed during runtime.\n\u2022 Library Reachability Analysis: Assessing whether third-party libraries\u2019 vulnerabilities are actively used in application execution.\n\u2022 Container Reachability Analysis: Determining whether vulnerable packages in containerized environments are executed during runtime.\n\u2022 Static Reachability Analysis: Analyzing vulnerabilities in the codebase and loaded libraries without runtime execution.\n\u2022 Runtime Reachability Analysis: Focusing on vulnerabilities actively being executed in the live environment\n\n3\\. Challenges in Implementing Reachability Analysis:\n\u2022 Complexity in integrating reachability across diverse environments.\n\u2022 Lack of visibility into dynamic and containerized deployments.\n\u2022 Overcoming the limitations of traditional CWE classifications and addressing their practical gaps.\n\n4\\. Leveraging Context and AI for Effective Vulnerability Management:\n\u2022 Using contextual deduplication to reduce noise by merging duplicate vulnerabilities across code, containers, and environments.\n\u2022 Incorporating cyber threat intelligence to prioritize exploitable vulnerabilities in real-world scenarios.\n\u2022 How AI-driven analysis identifies patterns and generates actionable insights for remediation. Takeaways for Attendees:\n\u2022 Gain a clear understanding of reachability analysis and its role in reducing vulnerability overload.\n\u2022 Learn how to implement and prioritize vulnerabilities using contextual deduplication and threat intelligence.\n\u2022 Explore how static and runtime reachability analysis complement each other for a comprehensive approach.\n\u2022 Discover practical applications of reachability analysis in modern ASPM solutions to improve security team efficiency.\n\nThis talk offers a roadmap for security teams looking to harness the power of reachability analysis to focus on what truly matters. By bridging the gap between overwhelming alerts and actionable insights, you can redefine your vulnerability management strategy and build a stronger, more resilient security posture."
+    },
     {
         "group": "New York City",
         "repo": "www-chapter-new-york-city",
@@ -269,6 +279,16 @@
         "timezone": "America/Vancouver",
         "description": "TBD"
     },
+    {
+        "group": "Yerevan",
+        "repo": "www-chapter-yerevan",
+        "name": "OWASP Yerevan January meetup - Ruben Muradyan",
+        "date": "2025-01-29",
+        "time": "19:00+04:00",
+        "link": "https://www.meetup.com/owasp-yerevan/events/305848739",
+        "timezone": "Asia/Yerevan",
+        "description": "OWASP Yerevan January meetup agenda:\n\n1. Community, ethics, attribution - Invitation for public discussion - Ruben Muradyan\n\nLocation: American University of Armenia\nRoom number 314W in Paramaz Avedisian building (PAB, second/new building)."
+    },
     {
         "group": "Samm",
         "repo": "www-project-samm",
@@ -278,5 +298,15 @@
         "link": "https://www.meetup.com/owasp-samm/events/305496638",
         "timezone": "America/New_York",
         "description": "The SAMM Core team is happy to host a community call during a more friendly time for users in EU and Asia. This is not a replacement of the regular community call.\nWe will share any project news and updates.\nWe also encourage bringing your SAMM questions and we are happy to discuss them."
+    },
+    {
+        "group": "Wrongsecrets",
+        "repo": "www-project-wrongsecrets",
+        "name": "OWASP Frankfurt Chapter #70 - OWASP meets Legal & Regulations",
+        "date": "2025-02-26",
+        "time": "18:00+01:00",
+        "link": "https://www.meetup.com/owasp-frankfurt/events/305522192",
+        "timezone": "Europe/Berlin",
+        "description": "Hello everyone, we're excited to invite you to our OWASP Chapter meeting #70! Our Chapter serves central Germany, particularly within the Rhine-Main (Hesse) region, as a platform to discuss and share information on application security topics. Anyone interested and enthusiastic about application security or security in general is welcome. All meetings are free and open. You do not have to be an OWASP member to attend our event.\n\n*What are we going to talk about?*\n\n* **Rechtssicher durch den Cybervorfall:** We are excited to welcome **Olga Stepanova** and **Dirk Koch** \\- both partners at ByteLaw \\- who will guide you through the rough waters on how you can protect your company from the legal consequences of a cyber incident\\. Experts explain current threats such as ransomware and business email compromise and provide practical tips on how to deal with perpetrators\\, authorities and insurance companies in a legally secure manner\\.\n* **Regulatory Affairs for Hackers:** It's not just since the GDPR that we've known what a resounding impact legal changes can have, but what else can we possibly expect when regulation gets really strict?\n**Leon Holub**, product owner of the Regulatory Radar platform at Johner Institute GmbH tries to give an insight into the world of legal requirements for medical devices, from a perspective of a software developer who has immersed himself in the details of the world's regulatory systems not too long ago.\n\n**Socializing Opportunities:** There will be plenty of time to socialize before and after the event.\n\n*Afterwards?* We will begin and conclude the evening with the opportunity to socialize at the venue with free food and both cold & hot drinks. For those interested, we will continue socializing at the Bockenheimer Weinkontor afterward.\n\n*When?* Our Meetup takes place on **26.02.2024** from **18.00 to 22.00** o'clock CEST.\n\n*Where?* The event will be held at CHECK24 , located at Speicherstra\u00dfe 55, 60327 Frankfurt am Main.\n\n*Interested in giving a talk yourself?* Submit your talk here: [https://www.papercall.io/owasp-chapter-frankfurt](https://www.papercall.io/owasp-chapter-frankfurt)\n\n*And now?* Save the date, spread the word, and bring your friends and colleagues along to our event.\n\n*Follow Us!* Also, follow us on LinkedIn and refer to our OWASP Frankfurt site for information, including slides and recordings of previous presentations. We're looking forward to seeing you at our event!"
     }
 ]