Skip to content

Commit

Permalink
remote update file
Browse files Browse the repository at this point in the history
  • Loading branch information
@OWASPFoundation
OWASPFoundation committed Feb 4, 2025
1 parent 3e7b1a1 commit cf0a63d
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions _data/community_events.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,16 +129,6 @@
"timezone": "Europe/Amsterdam",
"description": "See [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter.\n\n18:00 - 18:15 - **Reception of attendees**\n18:15 - 19:00 - **Pizza**\n19:00 - 19:15 - **Welcome and OWASP updates**\n19:15 - 20:00 - **The AI Who Shagged Me!** by **Ali Abdollahi**\n20.00 - 20:15 - **Break with drinks**\n20:15 - 21:00 - **Behind the Breach: Understanding and Preventing Web Vulnerabilities** by **Mitchel Koster**\n\n**The AI Who Shagged Me!**\n*Abstract:*\nIn today\u2019s ever-changing world of cybersecurity, bringing AI into red teaming exercises is an exciting way to boost how we assess our organizational defenses. This approach fits well with frameworks like TIBER, which focus on creating realistic simulations of cyber threats. It\u2019s all about making our defenses stronger and more effective! AI algorithms effectively analyze large datasets to identify emerging threats and tactics, aiding in realistic attack simulations. AI-driven tools help replicate complex attacks, providing red teams with thorough assessments of security measures. Using AI-generated anomalies enhances detection capabilities and strengthens incident response plans. However, the integration of AI into red teaming is not without challenges. This discussion aims to provide a nuanced overview of the application of AI in red teaming exercises, examining its potential benefits and limitations within established frameworks like TIBER. By critically evaluating this integration, we can better understand how to harness AI\u2019s capabilities to strengthen cybersecurity offense and defense.\n*Bio:*\nAli is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events.\n\n**Behind the Breach: Understanding and Preventing Web Vulnerabilities**\n*Abstract:*\n\u201cBehind the Breach: Understanding and Preventing Web Vulnerabilities delves into the transformation of modern web applications and architecture, showcasing how advancements in frameworks and browser technologies have revolutionized security. Yet, even with these innovations, attackers persist in uncovering and exploiting vulnerabilities. Drawing from real-world case studies across industries\u2014from agile startups to global enterprises\u2014this presentation not only demonstrates how a deeper understanding of security can thwart these threats, but also highlights how effectively conveying the potential impact of vulnerabilities is key to prioritizing security efforts.\u201d\n*Bio:*\nMitchel Koster is the Chief Security Researcher at Breachlock, where he leads the development of new security products and conducts research and engagements for high-profile clients. His work includes Red and Purple Team exercises and addressing custom security requirements across diverse sectors, including Aviation and Healthcare. With a background in computer science, embedded systems, and programming, Mitchel bridges the gap between modern software development practices and robust security measures.\n\nFor parking, there\u2019s a (paid) parking space less than 5 minutes away at the Q-Park Hermitage. ([ https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88](https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88) )\n\nAlso a 5 minute walk is the Zaandam station. ([ https://maps.app.goo.gl/3emKrp4ygx41SoN67](https://maps.app.goo.gl/3emKrp4ygx41SoN67) )"
},
{
"group": "New York City",
"repo": "www-chapter-new-york-city",
"name": "Mastering Reachability Analysis",
"date": "2025-02-03",
"time": "18:00-05:00",
"link": "https://www.meetup.com/owasp-new-york-city-chapter/events/305831655",
"timezone": "America/New_York",
"description": "**Mastering Reachability Analysis: Redefining Product security, bridging Application Security and Cloud Vulnerability Management**\n\nReachability analysis is complex and involves 5 types of reachability analysis. but which one of them is actually useful and applicable to you?\n\nAs appsec and operational security merge into prodsec we seen appsec becoming more complex with containerized environments, and intricate architectures, traditional vulnerability management/ application security has reached its limits. Security teams are often overwhelmed by alerts, many of which pose no real threat. Enter reachability analysis\u2014a transformative approach to vulnerability prioritization that filters out noise and highlights exploitable vulnerabilities.\n\nThis talk demystifies reachability analysis and its five key types, explaining how this methodology helps streamline vulnerability management in modern software ecosystems.\n\nWe\u2019ll address the confusion around reachability techniques and explore how they interact to deliver a more focused, actionable security strategy.\n\nKey Discussion Points:\n\n1\\. What Is Reachability Analysis in ASPM?\n\u2022 Understanding the concept of reachability: determining whether vulnerabilities are actually exploitable in runtime environments.\n\u2022 The role of reachability in Application Security Posture Management (ASPM): filtering irrelevant issues and reducing vulnerability overload.\n\n2\\. The Five Types of Reachability Analysis:\n\u2022 Code Reachability Analysis: Identifying if vulnerable code paths are executed during runtime.\n\u2022 Library Reachability Analysis: Assessing whether third-party libraries\u2019 vulnerabilities are actively used in application execution.\n\u2022 Container Reachability Analysis: Determining whether vulnerable packages in containerized environments are executed during runtime.\n\u2022 Static Reachability Analysis: Analyzing vulnerabilities in the codebase and loaded libraries without runtime execution.\n\u2022 Runtime Reachability Analysis: Focusing on vulnerabilities actively being executed in the live environment\n\n3\\. Challenges in Implementing Reachability Analysis:\n\u2022 Complexity in integrating reachability across diverse environments.\n\u2022 Lack of visibility into dynamic and containerized deployments.\n\u2022 Overcoming the limitations of traditional CWE classifications and addressing their practical gaps.\n\n4\\. Leveraging Context and AI for Effective Vulnerability Management:\n\u2022 Using contextual deduplication to reduce noise by merging duplicate vulnerabilities across code, containers, and environments.\n\u2022 Incorporating cyber threat intelligence to prioritize exploitable vulnerabilities in real-world scenarios.\n\u2022 How AI-driven analysis identifies patterns and generates actionable insights for remediation. Takeaways for Attendees:\n\u2022 Gain a clear understanding of reachability analysis and its role in reducing vulnerability overload.\n\u2022 Learn how to implement and prioritize vulnerabilities using contextual deduplication and threat intelligence.\n\u2022 Explore how static and runtime reachability analysis complement each other for a comprehensive approach.\n\u2022 Discover practical applications of reachability analysis in modern ASPM solutions to improve security team efficiency.\n\nThis talk offers a roadmap for security teams looking to harness the power of reachability analysis to focus on what truly matters. By bridging the gap between overwhelming alerts and actionable insights, you can redefine your vulnerability management strategy and build a stronger, more resilient security posture."
},
{
"group": "Newcastle Uk",
"repo": "www-chapter-newcastle-uk",
Expand All @@ -159,6 +149,16 @@
"timezone": "America/New_York",
"description": "This is an In-Person OWASP Orlando Chapter Meeting\n\nFood to be provided (Typically pizza or sandwiches)\n\nIntroductions\n\nMore details to be provided soon!\n\nSpeaker 1: **TBD**\nTopic: TBD\n\nSpeaker 2: **TBD**\nTopic: TBD"
},
{
"group": "Ottawa",
"repo": "www-chapter-ottawa",
"name": "OWASPOttawa Feb 19th 2025: Securing the Industrial Frontier/Are We Leak-Free?",
"date": "2025-02-19",
"time": "18:00-05:00",
"link": "https://www.meetup.com/owasp-ottawa/events/305942268",
"timezone": "America/Toronto",
"description": "**Welcome to our in-Person Meetup at the University of Ottawa**\n\nIn-Person Location:\n150 Louis-Pasteur Private, Ottawa,\nUniversity of Ottawa\nRoom 117\n\nWe will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you\u2019ll get a notification as soon as we go live!\n\n**YouTube Live Stream Link**: TBA\n\n**6:00 PM EST** Arrival, setup, mingle, PIZZA!!!\n\n**6:30 PM EST** Technical Talks\n\n1. Introduction to OWASP Ottawa, Public Announcements.\n2. **\"Securing the Industrial Frontier: AI-Powered Defenses for OT/ICS Cybersecurity\" with Kay Oblassi**\n3. **\"Are We Leak-Free Yet? Securing Production App Secrets\" with Robert Babaev**\n\n**Abstract:**\n*Securing the Industrial Frontier: AI-Powered Defenses for OT/ICS Cybersecurity with Kay Oblassi*\nAs OT/ICS systems become increasingly vulnerable to cyber threats, AI-powered defenses offer a promising solution. This presentation explores the intersection of AI and OT/ICS, discussing the benefits and challenges of implementing AI-powered defenses in industrial control systems.\n\n*Are We Leak-Free Yet? Securing Production App Secrets with Robert Babaev*\nA month or so ago, I was fiddling with ways of getting secret values (API keys, database URLs, etc.) into an application without leaking them. This talk will go over that journey, and how complicated it actually can be to get zero-leak secret injection in web apps, namely those using Docker Compose and Docker Swarm. Considerations for client-side secrets, server-side secrets, and more! Demos include showcasing source code, and possibly spooling up Docker containers and/or building web applications on a local environment. Likely pre-recorded.\n\n**Speakers:**\n**Kay Oblassi**\nKayode is a seasoned professional with over a decade of experience in financial services, consulting, and Cyber GRC. He is the Founder of Aidrome Inc., an IT firm that aims to leverage AI for digital transformation across various sectors, including ICS/OT Cybersecurity.\n\n**Robert Babaev**\nRobert Babaev is a recent graduate of Carleton University with an Honours Bachelor of Computer Science, specializing in Computer and Internet Security. He has done multiple internships at major Canadian cyber companies like Barracuda Networks and Software Secured, research into authentication and access control frameworks, and competed internationally in Athens and Prague in competitions through CyberSci. Robert also regularly engages in side projects including CourseFull, an app built to help students track their academic goals without the guesswork."
},
{
"group": "Peterborough",
"repo": "www-chapter-peterborough",
Expand Down

0 comments on commit cf0a63d

Please sign in to comment.