Part of OWASP Foundation - 164 groups

Bay Area OWASP

4.7•1480 ratings

San Francisco, CA, US

About us

This is the meetup headquarters for the Bay Area chapter of the Open Web Application Security Project (OWASP). This group is dedicated to bringing together the massive amount of Bay Area web application security talent and interest in the form of presentations, talks, conferences, and any other kind of get-together we want to come up with.

We're looking to facilitate all types of meetings between members, from formal conferences to little meetups at a Bay Area coffee shop. The key advantage of meetup.com is that we can benefit from the shared calendar, which is available via iCal, Google Calendar, etc.

We encourage you to get involved in every way possible. Recommend events, put together a local meetup at a coffee shop, restaurant, or bar, or put together a talk to present at one of these venues.

We look forward to hearing from you and seeing you at a local event!

Upcoming events

See all

May Meetup
Wed, May 27 · 5:00 PM PDT
Poshmark Inc, 203 Redwood Shores Pkwy floor 8,, Redwood City, CA, US
Join us for the May Bay Area OWASP meetup, proudly sponsored by Doppel.
Expect an evening filled with insightful security talks, engaging conversations, and great community networking — all complemented by delicious food and drinks, generously provided by Doppel. Thank you very much Postmark Inc for providing us the space.

5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introductions
5.45-6.30 PM :- Deepfake Detection
6.30-7.15 PM :- More Packages, More Problems: AI, npm, and the New Economics of Supply Chain Attacks
7.15-8.00 PM :- TBD

Talk#1 Deepfack Detection
TBD

Talk#2 More Packages, More Problems: AI, npm, and the New Economics of Supply Chain Attacks

Description:
Malicious npm package activity surged over the past year, and AI is changing the economics behind it. Attackers are using large language models to generate convincing packages, craft realistic documentation, and scale typo squatting campaigns faster than manual review can keep up. Meanwhile, traditional supply chain compromises targeting developer endpoints, credentials, and cryptocurrency wallets are growing more sophisticated on their own.
The session closes with a practical defender's playbook covering development environment hardening, package vetting workflows, and building organizational muscle around supply chain hygiene. Whether you work in application security, platform engineering, or security operations, you will walk away with a realistic picture of the threat and concrete steps to act on it.

Author Bio:
Mohit Bansal is a Senior Manager of Security Operations Engineering at Webflow with over 12 years of experience in cybersecurity. His work spans software supply chain security, cloud infrastructure security, AI agent security, and building developer security programs at scale. Previously, he spent nearly six years at Okta, a major identity platform leading Application Security and Vulnerability Management. Mohit has led incident response efforts against real-world npm supply chain compromises and brings firsthand forensic experience to the threat patterns covered in this talk. He is an active researcher and speaker on the intersection of AI, attacker economics, and developer workflow risks.
24 attendees