What we’re about
OWASP London Chapter
OWASP (The Open Worldwide Application Security Project) is a worldwide not-for-profit organisation focused on improving the security of software. With over 250 local Chapters worldwide and 110,000+ volunteers OWASP's open community is dedicated to enabling organisations and individuals to develop and maintain applications that can be trusted. OWASP's meet-ups, tools, standards, guidelines, documents and forums are free and open to anyone interested in improving application security.
Visit OWASP London webpage here: https://www.owasp.org/london
Follow us on Twitter: https://twitter.com/OWASPLondon
Follow us on LinkedIN: https://www.linkedin.com/company/owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch recordings of talks presented at our events on our YouTube channel: https://www.youtube.com/OWASPLondon
^Please subscribe to our YouTube channel to get notified when the latest video recordings of our talks get published.
We are also on Slack: https://owasp.slack.com #chapter-london channel (for Slack invites visit: https://owasp.org/slack/invite))
We also have a mailing list, sign-up here: https://groups.google.com/a/owasp.org/forum/#!forum/london-chapter/join
We usually run 7-10 events per year: meet-ups ("Chapter Meetings"), Capture The Flag (CTF) tournaments, Hackathons, workshops and hacking/cyber-security themed pub quizzes.
Please note that while we do advertise our meetups here on Meetup[.]com due to the Meetup platform limitation we do not use the Meetup's RSVP system and instead use Eventbrite for free tickets and registration to attend our events. If you have an account on EventBrite you can follow us there as well: https://owasplondon.eventbrite.co.uk/
You don't have to be an OWASP member to attend any of our meetups or CTFs - they are free and open to everyone interested in Application Security, booking is required.
There is a paid membership, which is a donation to the OWASP Foundation - it gives you discounts on many cyber-security conferences around the world, voting rights, @owasp.org email address and many other benefits like free access to paid training platforms. Join OWASP Global Foundation as a paid member here: https://www.owasp.org/index.php/Membership
Upcoming events
2
![OWASP London Chapter Meetup [IN-PERSON]](https://secure.meetupstatic.com/photos/event/b/7/3/4/highres_532126900.jpeg)
OWASP London Chapter Meetup [IN-PERSON]
Rich Mix, 35-47 Bethnal Gren Road, E1 6LA, London, GBThis event is kindly sponsored by Nuaware.
Raffle prizes are kindly sponsored by GitGuardian and Docker.
There is limited seating available for in-person attendees. Registration required.
This event will also be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel
Venue Location: Rich Mix, 35-47 Bethnal Green Road, London E1 6LA
Nearest Tube Stations: Shoreditch High Street Overground (2 min walk), Liverpool Street (15 min walk)
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).
TALKS:
OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders
"DNS Based OSINT Techniques for Product and Service Discovery" - Rishi Chudasama
This talk will explain how to map products and services by passively detecting DNS TXT records. By examining these records, we can identify technologies used in an organisation's infrastructure without directly probing the target
"Race Against The Workflows: Stealing GitHub Tokens from Docker Images" - Gaëtan Ferry
Your Dockerfile says COPY . . and you think, "What could go wrong?" Turns out: a lot. We're diving into a sneaky GitHub Actions vulnerability where your authentication tokens get stored inside Docker image layers and published to public registries, where anyone can grab them. A race follows, between your workflow finishing and attackers downloading your Docker layers to loot the secrets hiding inside. Learn how this works, how to exploit it, and how to make sure your pipelines aren't leaking secrets to the world.
"Securing the SDLC: From Container Images to AI Agents" - Tharinda Basnayake
This presentation examines the evolution of supply chain security challenges from container images to AI agents. We'll explore how modern development practices create new attack vectors, from containers running hundreds of unnecessary packages to AI agents accessing enterprise systems without proper security controls
SPEAKERS:
Rishi C (@rxerium)
Rishi is a London-based cyber security researcher specialising in zero days, vulnerability research, threat intelligence, OSINT and risk management, dedicated to strengthening cyber resilience through proactive discovery and defence.
Gaetan Ferry (@mabote)
Gaetan is a security researcher with a decade of experience uncovering software vulnerabilities. After establishing himself in offensive security in 2015, he transitioned to security research in 2022, bringing his hands-on expertise in application security. His track record includes uncovering significant vulnerabilities in enterprise-grade systems like Cisco Nexus and Apache HTTPD. Gaetan loves sharing his knowledge through blog posts, speaking at conferences, or hands-on security training sessions at universities and private organizations.
Tharinda Basnayake
Tharinda Basnayake is a Technical Account Manager at Docker and has worked with open source developer tools his entire career. Currently, he primarily works with Docker's strategic customers in the finance and consulting sectors.
RAFFLE - win a prize (or two!) kindly donated by our sponsors!
TICKETS:
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. Your name will be checked against the guest list
CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct
PHOTOGRAPHY
Please note that OWASP events are open to the public, and OWASP does not restrict attendees (including OWASP staff, volunteers, sponsors, and media) from taking photos or videos at our events.
The talks will be video recorded.
By attending OWASP events, you acknowledge that you are in a public space and that attendees (including OWASP staff, volunteers, sponsors, and media) may capture your image in photos and videos. Nevertheless, OWASP encourages event attendees to exercise common sense and good judgment and respect the wishes of other attendees who do not wish to be photographed at the Events.150 attendees
Past events
59
![Agentic AI Security Summit [with OWASP GenAI Security Project]](https://secure.meetupstatic.com/photos/event/6/b/9/b/highres_531447547.jpeg)
![OWASP London Chapter Meetup [IN-PERSON]](https://secure.meetupstatic.com/photos/event/4/9/e/1/highres_531438913.jpeg)
