remote update file

OWASP · Jan 24, 2025 · f076f1f · f076f1f
1 parent 5916123
commit f076f1f
Showing 1 changed file with 12 additions and 22 deletions.
diff --git a/_data/community_events.json b/_data/community_events.json
@@ -74,7 +74,7 @@
         "repo": "www-chapter-bhopal",
         "name": "Jan 2k25 Chapter Meet-up with Mini CTF",
         "date": "2025-01-31",
-        "time": "11:00+05:30",
+        "time": "11:30+05:30",
         "link": "https://www.meetup.com/owasp-bhopal-chapter/events/305453272",
         "timezone": "Asia/Kolkata",
         "description": "Join us for the OWASP Bhopal Chapter Meetup to explore the latest trends in Cybersecurity. Our event will focus on topics such as Computer Security, Application Security, Penetration Testing, and Web Application Security. Dive deep into discussions on Software Security and Web Technology, while staying updated on Information Security best practices.\n\nThis meetup will also include interactive sessions on Capture the Flag challenges and Machine Learning applications in cybersecurity. Whether you are a seasoned professional or a newbie in the field, this event is a great opportunity to network with fellow enthusiasts and learn from industry experts. Don't miss out on this chance to enhance your knowledge and skills in the ever-evolving realm of cybersecurity."
@@ -99,16 +99,6 @@
         "timezone": "America/New_York",
         "description": "Join us on Tuesday, February 18th at Market Avenue Wine Bar for a hands-on lab demonstration with Contrast Security. The presentation will go over features and limitations of Contrasts RAST tool. This session is designed for everyone, whether you decide to participate or not.\n\nContrast is an Application Security solution used by companies like AARP, InfoSys, Citizens Bank, Snap Finance, and more."
     },
-    {
-        "group": "Colorado Springs",
-        "repo": "www-chapter-colorado-springs",
-        "name": "OWASP January Meetup",
-        "date": "2025-01-23",
-        "time": "18:00-07:00",
-        "link": "https://www.meetup.com/owasp-colorado-springs-meetup/events/305637101",
-        "timezone": "America/Denver",
-        "description": "Main event at 6pm will be a 1/2 an hour to an hour talk by Ishan Brown. He is a rising star at in the cyber security world and will be talking about his experiencee getting his 1st CVE late last year.\n\nAfter the talk we will have general networking and discussions until 9pm."
-    },
     {
         "group": "Columbus",
         "repo": "www-chapter-columbus",
@@ -119,16 +109,6 @@
         "timezone": "America/New_York",
         "description": "Welcome to 2025! Both the speaker and I are off at CodeMash in January, so we are going to start our EVERY MONTH transition in February!\n\nWe'll start off with a few highlights related to what is new in the world of appsec, and have a good-of-the-order style chat about the year, and then ... Have you ever searched for \"how to authenticate an API call\" and been confused by the dizzying array of techniques, terminology, jargon, and acronyms that come back?\n\nThis session is designed for anyone that's struggling to make sense of modern authentication options. You'll learn the differences between OAuth, API Keys, HMAC, JSON Web Tokens (JWT), SAML, OpenID Connect, and passkeys using Webauthn. Each technique will be explained in a clear, practical, easy-to-understand way.\n\nThis session focuses on core concepts, not code, and is accessible to anyone that works with technology."
     },
-    {
-        "group": "France",
-        "repo": "www-chapter-france",
-        "name": "Meetup OWASP - Paris - Janvier 2025",
-        "date": "2025-01-23",
-        "time": "19:00+01:00",
-        "link": "https://www.meetup.com/owasp-france/events/305516216",
-        "timezone": "Europe/Paris",
-        "description": "Ce meetup se deroulera chez **Renault Digital** que nous remercions chaleureusement de leur soutien.\n\nPour des raisons de s\u00e9curit\u00e9, une ***pi\u00e8ce d'identit\u00e9*** vous sera demand\u00e9e pour acc\u00e9der \u00e0 l'\u00e9v\u00e8nement.\n\nOWASP Paris est le meetup d\u00e9di\u00e9 \u00e0 la s\u00e9curit\u00e9 applicative. Pour rappel, le meetup se veut non commercial. Il r\u00e9unit toutes personnes d\u00e9sireuses de concevoir et maintenir des logiciels plus s\u00fbrs. Si vous \u00eates int\u00e9ress\u00e9 par le sujet, que vous soyez d\u00e9butant ou expert, n'h\u00e9sitez pas \u00e0 nous rejoindre pour partager vos exp\u00e9riences ou vos probl\u00e9matiques.\nCe meetup propose des sessions organis\u00e9es en mode \"forum ouvert\". Les sujets sont propos\u00e9s par les participants lors de la s\u00e9ance. Partages de connaissances, retour d'exp\u00e9riences, exercices de type CTF, bonnes pratiques, gouvernance et organisation, ... sont au programme!\n\n**Lightning Talks:**\nLa soir\u00e9e commence par de courtes pr\u00e9sentations. Chacun peut s'il le veut proposer une pr\u00e9sentation, ce n'est pas obligatoire. Si vous avez envie de partager une technique, une opinion, une d\u00e9mo ou un retour d'exp\u00e9rience, alors vous pouvez pr\u00e9parer un lightning talk, entre une simple phrase et 10 minutes maxi et venez le pr\u00e9senter au d\u00e9but de la soir\u00e9e. Si vous n'avez jamais fait de pr\u00e9sentation avant, c'est l'occasion de commencer dans une ambiance sympa.\n\n**Workshop:**\nLa soir\u00e9e se poursuit avec des activit\u00e9s men\u00e9es en groupes. Chacun peut s'il le veut proposer un sujet, ce n'est pas obligatoire. Vous avez 30 secondes au d\u00e9but de la session pour en donner envie aux autres participants, puis tout le monde vote pour son sujet favori. Les sujets pr\u00e9f\u00e9r\u00e9s donnent lieu \u00e0 des activit\u00e9s en groupes pendant un peu plus d'une heure. Des \u00e9crans seront disponibles\n\nLe format se veut bienveillant. Pas besoin d'\u00eatre expert pour parler d'un sujet. Vous trouverez certainement d'autres personnes pour vous aider! L'accent est mis sur l'\u00e9change et le partage.\n\nL'agenda et le compte-rendu des pr\u00e9c\u00e9dents meetups est accessible ici: https://owasp.org/www-chapter-france/"
-    },
     {
         "group": "Jacksonville",
         "repo": "www-chapter-jacksonville",
@@ -177,7 +157,7 @@
         "time": "17:30-08:00",
         "link": "https://www.meetup.com/owasp-los-angeles/events/305489048",
         "timezone": "America/Los_Angeles",
-        "description": "**/\\*\\* Updated Meeting Date \\*\\*/**\n**TOPIC**: TBA\nJoin us for great networking, dinner and drinks, and see a presentation by\n\n**ABSTRACT**:\nTBA\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*"
+        "description": "**/\\*\\* Updated Meeting Date \\*\\*/**\n**TOPIC**: Adding API Security to your DevSecOps Toolbelt\nJoin us for great networking, dinner and drinks, and see a presentation by **Scott Bly**, Director, Security Technologies, Systems Integration Solutions\n\n**ABSTRACT**:\nHow do you integrate API Security into your DevSecOps processes? You have DevOps tooling and CI/CD pipelines for your product release cycle. Your Dev & Ops teams work well together. You started a DevSecOps transformation to Shift Left and test code security in pipelines.\nBut how do you integrate the Security teams into DevOps to achieve true DevSecOps? Then, how do you integrate APIs, as they are behavior-based? Traditional AppSec can\u2019t identify vulnerabilities in API consumption.\nLearn how to integrate API testing into Shift Left DevSecOps pipelines to eliminate vulnerabilities. Learn how to bring Dev, Sec, Ops teams together to improve Mean Time To Remediation, and keep your teams happy!\n\n**SPONSORSHIP Opportunities Available**\n*Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org*\n\n**CODE OF CONDUCT**\nWe hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:\n[https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy](https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy)"
     },
     {
         "group": "Netherlands",
@@ -189,6 +169,16 @@
         "timezone": "Europe/Amsterdam",
         "description": "See [https://owasp.org/www-chapter-netherlands/upcomingevents](https://owasp.org/www-chapter-netherlands/upcomingevents) for more information about the OWASP Netherlands chapter.\n\n18:00 - 18:15 - **Reception of attendees**\n18:15 - 19:00 - **Pizza**\n19:00 - 19:15 - **Welcome and OWASP updates**\n19:15 - 20:00 - **The AI Who Shagged Me!** by **Ali Abdollahi**\n20.00 - 20:15 - **Break with drinks**\n20:15 - 21:00 - **Behind the Breach: Understanding and Preventing Web Vulnerabilities** by **Mitchel Koster**\n\n**The AI Who Shagged Me!**\n*Abstract:*\nIn today\u2019s ever-changing world of cybersecurity, bringing AI into red teaming exercises is an exciting way to boost how we assess our organizational defenses. This approach fits well with frameworks like TIBER, which focus on creating realistic simulations of cyber threats. It\u2019s all about making our defenses stronger and more effective! AI algorithms effectively analyze large datasets to identify emerging threats and tactics, aiding in realistic attack simulations. AI-driven tools help replicate complex attacks, providing red teams with thorough assessments of security measures. Using AI-generated anomalies enhances detection capabilities and strengthens incident response plans. However, the integration of AI into red teaming is not without challenges. This discussion aims to provide a nuanced overview of the application of AI in red teaming exercises, examining its potential benefits and limitations within established frameworks like TIBER. By critically evaluating this integration, we can better understand how to harness AI\u2019s capabilities to strengthen cybersecurity offense and defense.\n*Bio:*\nAli is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events.\n\n**Behind the Breach: Understanding and Preventing Web Vulnerabilities**\n*Abstract:*\n\u201cBehind the Breach: Understanding and Preventing Web Vulnerabilities delves into the transformation of modern web applications and architecture, showcasing how advancements in frameworks and browser technologies have revolutionized security. Yet, even with these innovations, attackers persist in uncovering and exploiting vulnerabilities. Drawing from real-world case studies across industries\u2014from agile startups to global enterprises\u2014this presentation not only demonstrates how a deeper understanding of security can thwart these threats, but also highlights how effectively conveying the potential impact of vulnerabilities is key to prioritizing security efforts.\u201d\n*Bio:*\nMitchel Koster is the Chief Security Researcher at Breachlock, where he leads the development of new security products and conducts research and engagements for high-profile clients. His work includes Red and Purple Team exercises and addressing custom security requirements across diverse sectors, including Aviation and Healthcare. With a background in computer science, embedded systems, and programming, Mitchel bridges the gap between modern software development practices and robust security measures.\n\nFor parking, there\u2019s a (paid) parking space less than 5 minutes away at the Q-Park Hermitage. ([ https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88](https://maps.app.goo.gl/XpJzhnj4BP6Kw9T88) )\n\nAlso a 5 minute walk is the Zaandam station. ([ https://maps.app.goo.gl/3emKrp4ygx41SoN67](https://maps.app.goo.gl/3emKrp4ygx41SoN67) )"
     },
+    {
+        "group": "New York City",
+        "repo": "www-chapter-new-york-city",
+        "name": "Happy 2025 New Year Event join our Working Cyber Incident Workshop Happy Hour\"",
+        "date": "2025-01-29",
+        "time": "17:30-05:00",
+        "link": "https://www.meetup.com/owasp-new-york-city-chapter/events/305785153",
+        "timezone": "America/New_York",
+        "description": "Come have some fun with our OWASP Members and Cyber Fireside NJ: Join in hands-on learning with a few Rockstars sharing and teaching.\n\n#### **Workshop Purpose**\n\nThe purpose of this workshop is to enhance the organization\u2019s resilience against threats stemming from fake or malicious applications. By simulating an attack scenario involving a counterfeit app, participants will gain practical experience in identifying, preventing, and responding to such incidents.\n\nThis hands-on exercise is designed to strengthen cross-functional collaboration, reinforce secure app and API design principles, and ensure compliance with relevant regulatory frameworks.\n\n**Exercise Objectives**\n\n1\\. Detection and Prevention of Fake Applications\n\n* Implement methods to identify and validate app integrity and authenticity using advanced runtime checks and mobile attestation solutions.\n* Develop strategies to monitor and promptly remove counterfeit apps from app stores.\n\n2\\. Securing API Communication\n\n* Strengthen API security with app-specific integrity checks, token validation, and certificate pinning to prevent unauthorized interactions.\n* Explore rate limiting and role-based access control (RBAC) as critical safeguards.\n\n3\\. Harden Server\\-Side Security\n\n* Enforce robust input validation and access controls to mitigate server-side vulnerabilities.\n* Simulate threat scenarios to test server-side resilience against credential stuffing and brute-force attacks.\n\n4\\. Incident Monitoring and Response\n\n* Enhance log analysis and telemetry used to detect and investigate rogue app activity.\n* Design and implement a clear incident response playbook that includes user notification, regulatory compliance, and mitigation strategies."
+    },
     {
         "group": "Newcastle Uk",
         "repo": "www-chapter-newcastle-uk",