What we’re about
OWASP London Chapter
OWASP (The Open Worldwide Application Security Project) is a worldwide not-for-profit organisation focused on improving the security of software. With over 250 local Chapters worldwide and 110,000+ volunteers OWASP's open community is dedicated to enabling organisations and individuals to develop and maintain applications that can be trusted. OWASP's meet-ups, tools, standards, guidelines, documents and forums are free and open to anyone interested in improving application security.
Visit OWASP London webpage here: https://www.owasp.org/london
Follow us on Twitter: https://twitter.com/OWASPLondon
Follow us on LinkedIN: https://www.linkedin.com/company/owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch recordings of talks presented at our events on our YouTube channel: https://www.youtube.com/OWASPLondon
^Please subscribe to our YouTube channel to get notified when the latest video recordings of our talks get published.
We are also on Slack: https://owasp.slack.com #chapter-london channel (for Slack invites visit: [http://owaspslack.com/](http://owasp.herokuapp.com/).))
We also have a mailing list, sign-up here: https://groups.google.com/a/owasp.org/forum/#!forum/london-chapter/join
We usually run 7-10 events per year: meet-ups ("Chapter Meetings"), Capture The Flag (CTF) tournaments, Hackathons, workshops and hacking/cyber-security themed pub quizzes.
Please note that while we do advertise our meetups here on Meetup[.]com due to the Meetup platform limitation we do not use the Meetup's RSVP system and instead use Eventbrite for free tickets and registration to attend our events. If you have an account on EventBrite you can follow us there as well: https://owasplondon.eventbrite.co.uk/
You don't have to be an OWASP member to attend any of our meetups or CTFs - they are free and open to everyone interested in Application Security, booking is required.
There is a paid membership, which is a donation to the OWASP Foundation - it gives you discounts on many cyber-security conferences around the world, voting rights, @owasp.org email address and many other benefits like free access to paid training platforms. Join OWASP Global Foundation as a paid member here: https://www.owasp.org/index.php/Membership
Upcoming events (1)
See all- OWASP London Chapter MeetupCivo Tech Junction, London
This event is kindly hosted by Civo Tech Junction and sponsored by Black Duck . There is limited seating available for in-person attendees. Registration required.
This event will be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel.Venue Location: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW
Nearest Tube: Old Street (Northern Line), Cowper Street exit - 1 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).TALKS:
OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders
"Server-Side Cross-Site Scripting" - Balazs Bucsay
Cross-Site Scripting is no longer a new or hot topic, but as new technologies are introduced rapidly, and with the expansion of cloud solutions and containerisation, classic vulnerabilities may take on new forms. Server-Side XSS is an unusual method to execute malicious payloads on the server rather than the client.
The talk includes multiple demos that walk the audience through an attack chain utilising multiple vulnerabilities and misconfigurations to escalate privileges, and to transform a seemingly benign vulnerability into a powerful tool for cloud account takeover. In addition to explaining the issue with Server-Side XSS, its limitations and capabilities will also be discussed. Recommendations will be provided to prevent others from making the same mistakes that are already widespread."Securing the Software Supply Chain in the Age of AI, Malware, and Compliance" - Matthew Brady
Modern development teams rely heavily on third-party code, AI-generated content, and rapid release cycles—making the software supply chain a growing target for attackers. At the same time, security teams are expected to manage increasing compliance demands and prevent threats like dependency confusion and malicious packages, all without slowing down developers. This talk focuses on how AppSec teams can build practical, scalable approaches to securing the software supply chain, drawing from real-world challenges and lessons learned across the industry.
RAFFLE - win a prize kindly donated by our sponsors!
SPEAKERS
Balazs Bucsay
Balazs Bucsay is the founder & CEO of Mantra Information Security that offers a variety of consultancy services in the field of IT Security. With decades of offensive security experience he is focusing his time mainly on research in various fields including red teaming, reverse engineering, embedded devices, firmware emulation and cloud. He gave multiple talks around the globe (Singapore, London, Melbourne, Honolulu) on different advanced topics and released several tools and papers about the latest techniques. He has multiple certifications (OSCE, OSCP, OSWP) related to penetration testing, exploit writing and other low-level topics and degrees in Mathematics and Computer Science. Balazs thinks that sharing knowledge is one of the most important things, so he always shares it with his peers. Because of his passion for technology he starts the second shift right after work to do some research to find new vulnerabilities.
Matthew Brady
Matthew has a unique combination of technical knowledge with commercial awareness in many areas including Software Application Security, DevOps and software development lifecycle solutions and services across multiple vertical markets. Matthew currently leads a team of Solution Engineers in EMEA and is subject matter expert in Black Duck supply chain solutions. Prior to that he has worked for CISCO/AppDynamics and Hewlett Packard Enterprise.
TICKETS:
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.
CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct
