OWASP Austin Chapter, free to join, open to all. We meet to discuss & demonstrate web and browser-based vulnerabilities, tools & solutions. More information about the OWASP Austin Chapter can be found at https://austin.owasp.org.
The normal chapter meeting is scheduled for the last Tuesday of every month (except for October, November, and December -- when we have no meeting.)
The standard Happy Hour with sponsorship is typically the second Thursday of the month.
The chapter has been active since before 2010, just not active in Meetup till 2020.
Scale Your Security by Embracing Secure Defaults & Eliminating Bug Classes
"We’re in the middle of a significant shift in how security teams operate and prioritize their limited budget and person-time.
Historically, as an industry, we’ve focused on building tools to identify vulnerabilities. While we’ve built impressive tools, these approaches have failed to address the challenges of modern engineering teams.
Specifically, these tools often are too slow, require a prohibitive amount of security engineer time and domain expertise to tune, overwhelm users with false positives, and most importantly, do not ultimately raise a company’s security bar.
But there’s another way.
Rather than investing in finding more bugs, some modern security teams are instead focusing on providing developers with frameworks and services with secure defaults (“guard rails”) so that developers can build features quickly and securely. When done correctly, combining secure defaults and lightweight checks that enforce invariants (properties that must always hold), organizations can solve *classes* of vulnerabilities by construction, preventing bug whack-a-mole.
In this talk, we’ll present a practical step-by-step methodology for: Choosing what to focus your AppSec resources on How to combine secure defaults + lightweight invariant enforcement to eradicate entire vulnerability classes How to integrate continuous code scanning into your CI/CD processes in a way that’s fast, high signal, and low friction for developers How to use an open source, lightweight security linting tool to find bugs and anti-patterns specific to your company".
Speaker: Emma Jin is a software engineer at r2c, the company that maintains Semgrep, an open-source syntax-aware code search tool. At r2c, she has added features to Semgrep, such as typed metavariables. Emma recently received her B.S. in Computer Science from Carnegie Mellon University, where she picked up her belief in code guarantees. In her free time, she likes to read, write, and relearn her abandoned childhood skills. She is perpetually working on a novel.