|
109 | 109 | "timezone": "Africa/Cairo", |
110 | 110 | "description": "The **OWASP Cairo Chapter**, in collaboration with **Caisec Event**, invites you to \"Executive Tabletop Exercise for Security Leaders\" Workshop.\n\n **IMPORTANT:** No conference ticket needed. However, **Filling the registration form is mandatory. Your spot is *not confirmed* until the team reviews and approves your application.**\nRSVP alone will **not** guarantee entry.\n **Apply here**:\n[https://docs.google.com/forms/d/1WcKetJtk9T7jV5S39nAPbuFLwUoYuNL0mVTLsZ7lwPE/edit?pli=1](https://docs.google.com/forms/d/1WcKetJtk9T7jV5S39nAPbuFLwUoYuNL0mVTLsZ7lwPE/edit?pli=1)\n\n **Date & Time**: 26 May 2025 at 2:00 PM\n **Location**: Royal Maxim Palace Kempinski\n **Audience**: CISOs, Security Managers, Incident Response Leads, Senior IT Risk Professionals\n **Level**: Advanced (incident-response experience recommended)\n **Speakers**: Mohamed Al Fateh & Ayman Hussein\n\n### What You\u2019ll Experience\n\n **Realistic Threats**\nSimulated supply-chain attacks, API breaches, CI/CD sabotage\n **Executive-Level Stress**\nHandle legal, PR, and customer backlash on top of technical response\n **Cross-Functional Mayhem**\nWork alongside mock Legal, PR, and Risk teams\n **Battle-Tested Takeaways**\nSharpen your response playbooks and executive alignment under fire\n\n### Format\n\n* 90-minute interactive simulation\n* Small group scenario with live injects\n* No slides. Just decisions, pressure, and outcomes\n\n **Again, RSVP alone won\u2019t get you in. You must fill out the form and wait for confirmation from the team.**\n **Apply now**:\n[https://docs.google.com/forms/d/1WcKetJtk9T7jV5S39nAPbuFLwUoYuNL0mVTLsZ7lwPE/edit?pli=1](https://docs.google.com/forms/d/1WcKetJtk9T7jV5S39nAPbuFLwUoYuNL0mVTLsZ7lwPE/edit?pli=1)" |
111 | 111 | }, |
112 | | - { |
113 | | - "group": "Cincinnati", |
114 | | - "repo": "www-chapter-cincinnati", |
115 | | - "name": "Ask a Developer", |
116 | | - "date": "2025-05-21", |
117 | | - "time": "16:00-04:00", |
118 | | - "link": "https://www.meetup.com/owasp-cincinnati-meetup-group/events/307444258", |
119 | | - "timezone": "America/New_York", |
120 | | - "description": "**This meeting will be in-person! Thank you to Kroger for hosting at their Kroger Blue Ash Technology Center. For security, RSVP by 2 days prior to the meeting is required.**\n\n**Sponsored by [WWT](https://www.wwt.com/)**\n\nCome join us for an insightful session where you can learn more about security from the perspective of your developers.\n\nSecurity professionals have different priorities than developers, and this can lead to friction between the two groups. In this session, we will discuss how to see things from a developer's perspective, which can help you communicate more effectively and even empathize with them, leading to a more productive (and maybe even enjoyable) relationship.\n\nBring your questions and be ready to share your own experiences!\n\n**Approximate schedule:**\n4:00 - Doors open. Come for networking and refreshments!\n4:15 - Presentation begins.\n5:15 - Networking and refreshments resume!\n6:00 EOE (End of Event)" |
121 | | - }, |
122 | 112 | { |
123 | 113 | "group": "Columbus", |
124 | 114 | "repo": "www-chapter-columbus", |
|
269 | 259 | "timezone": "America/Los_Angeles", |
270 | 260 | "description": "**NOTE: The following will be in effect and mandatory for this meeting venue.**\n\n* **RSVPs will close at 12:00 PM PT on Monday, May 19th, so kindly submit your RSVP by then. Walk-ins will not be permitted.**\n* **Microsoft Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.**\n* If your first and last name do not appear in our admin view, we will contact you.\n* Alternatively, feel free to reach out directly or email us at [ [email protected]](http:// [email protected]) to provide that information or any questions you may have regarding the event.\n\n**Abstract**\nApplication security teams are drowning in findings from a sprawl of disconnected tools. As development accelerates\u2014with AI-driven tooling, microservices, and cloud-native architectures\u2014the ratio of code to developer is exploding. But the ratio of AppSec engineers to developers isn\u2019t keeping pace, leaving security teams overwhelmed and reactive.\n\nIt\u2019s time to flip the model: instead of starting with findings, we must start with the application. Vulnerabilities are just one signal\u2014without deep application context, they're noise. Real-time application modeling enables teams to understand how applications actually behave in production: what code is reachable, which services talk to each other, what data is exposed, and where trust boundaries are violated.\n\nIn this talk, we\u2019ll demonstrate how runtime-aware application modeling can surface critical risks that traditional approaches miss, eliminate false positives, and bridge the gap between AppSec and engineering. We'll walk through real-world examples of how modeling helps prioritize what truly matters\u2014and why this shift is essential for scaling security in modern software development." |
271 | 261 | }, |
272 | | - { |
273 | | - "group": "Ottawa", |
274 | | - "repo": "www-chapter-ottawa", |
275 | | - "name": "OWASP Ottawa May 21st 2025: \"SSH: Secretly Sharing Hosts\" with Logan MacLaren", |
276 | | - "date": "2025-05-21", |
277 | | - "time": "18:00-04:00", |
278 | | - "link": "https://www.meetup.com/owasp-ottawa/events/307703711", |
279 | | - "timezone": "America/Toronto", |
280 | | - "description": "**Welcome to our in-Person Meetup at the University of Ottawa**\n\nIn-Person Location:\n150 Louis-Pasteur Private, Ottawa,\nUniversity of Ottawa\nRoom 117\n\nWe will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you\u2019ll get a notification as soon as we go live!\n\n**YouTube Live Stream Link**: https://www.youtube.com/watch?v=uMtBS_9vPQQ\n\n**6:00 PM EST** Arrival, setup, mingle, PIZZA!!!\n\n**6:30 PM EST** Technical Talks\n\n1. Introduction to OWASP Ottawa, Public Announcements.\n2. **\"SSH: Secretly Sharing Hosts\" with Logan MacLaren**\n\n**Abstract:**\n**SSH (Secure Shell)** is one of the most useful tools for access to Linux systems and, as the name implies, is quite secure. Without exploiting any product vulnerabilities, theoretical or real, this talk explores ways that an attacker can abuse intentional SSH functionality to hijack existing sessions, bypass MFA and passphrase protections, avoid firewall-imposed limitations, masquerade as other users, and extend access to internal resources beyond the network perimeter.\n\nAttendees should walk away with a better understanding of how SSH multiplexing, agent forwarding, and tunneling work and are abused, as well as being armed with detection and mitigation strategies to help prevent impact to their systems.\n\n**Speaker Bio:**\n**Logan MacLaren** is a Senior Red Team Engineer at GitHub where he spends his time finding out how to best break (and fix) security controls. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects or learning and refining skills with CTF challenges!" |
281 | | - }, |
282 | 262 | { |
283 | 263 | "group": "Peterborough", |
284 | 264 | "repo": "www-chapter-peterborough", |
|
389 | 369 | "timezone": "America/New_York", |
390 | 370 | "description": "**Abstract**\n\nSecurity teams, including AppSec, have very much been focused on \u201cinside out\u201d imperatives, e.g. we are doing x because our security or compliance team says so.\n\nTraditionally, finding and fixing vulnerabilities, evangelizing secure coding practices, pleading with engineering teams to implement the \u201cright\u201d cloud configurations, etc., have been disconnected from the customer and the business. In some cases, AppSec is even positioned as a tax on the business as a necessary cost center; businesses only know it's important because lawsuits, burgeoning regulation, and breach headlines have\ntold them it is. This presents a challenge to get buy-in from stakeholders, which makes our jobs very difficult, sometimes impossible.\n\nHowever, what we do has real, human consequences. We have the opportunity to reframe security practices by focusing on this \u201coutside in\u201d perspective: the perspective of TRUST.\n\n**High-level outline**\nResearch on customer/consumer trust \u2013 what is \u201ctrust\u201d?\n\n* Boiled down to four factors: capability, reliability, transparency, and humanity\n* High levels of trust increase revenue\n* There is a correlation between security, privacy, resilience, risk, compliance, and customer trust\n\nSecurity is not separate work, security is a foundational feature\n\n* Customers/consumers expect vendors to protect their data\n* Security is not a cost center \u2013 it\u2019s a revenue enabler (customer trust = customer loyalty = increased revenue)\n\nSecurity practices need to be marketed\n\n* Human psychology: we want to believe we are special and have a purpose\n* Communicating the full impact of doing or not doing security practices well\n* \u201cCustomer trust\u201d as a burgeoning discipline within CISO organizations" |
391 | 371 | }, |
392 | | - { |
393 | | - "group": "Virtual", |
394 | | - "repo": "www-chapter-virtual", |
395 | | - "name": "Codename Singapore -- Adopting the Three Ways of Effective AppSec", |
396 | | - "date": "2025-05-21", |
397 | | - "time": "12:00-04:00", |
398 | | - "link": "https://www.meetup.com/owasp-virtual-chapter/events/307219856", |
399 | | - "timezone": "America/New_York", |
400 | | - "description": "Four teammates walked into a bar\u2014a developer, an AppSec engineer, a SecOps lead, and a compliance officer. It sounds like the start of a terrible joke, but no one was laughing. They were too busy drowning in alerts, blaming each other, and wondering if their security program had secretly been designed by their worst enemies. Sound painfully familiar?\n\nIn this talk, I'll share the surprisingly entertaining story of how these burned-out heroes discovered The Three Ways of Effective AppSec. Using the metaphor of a modern city (complete with bank robberies, construction projects, and government bureaucracy), they unlocked the power of context, collaboration, and culture\u2014transforming a chaotic security circus into a highly cost-effective (and even enjoyable) program that keeps their software safe from vulnerabilities and attacks.\n\nIf you\u2019ve ever felt trapped in AppSec Groundhog Day, facing endless firefighting, alert fatigue, and compliance busywork, come laugh (and maybe cry) your way toward a practical blueprint for building an AppSec program that actually works." |
401 | | - }, |
402 | 372 | { |
403 | 373 | "group": "Yaounde", |
404 | 374 | "repo": "www-chapter-yaounde", |
|
0 commit comments