June OWASP Bay Area Meetup

Name: June OWASP Bay Area Meetup
Start: 2025-06-18T17:00:00-07:00
End: 2025-06-18T20:00:00-07:00
Location: Poshmark Inc

Hosted By

prashant

Details

We’re excited to announce that our June OWASP Meetup will be Sponsored by Oligo Security and hosted at Poshmark Inc

Join us for an evening of great conversations, community networking, and insightful security discussions — all in an awesome venue provided by Oligo Security. And yes, there will be delicious food and drinks generously provided by our sponsors!

5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introductions
5.45-6.15 PM :- Beyond Shift-Left: The Rise of Application Detection and Response (ADR) and the Lessons Learned from RASP
6.15-7.00 PM :- Android app security - with a dash of LLM
7.0-7.45 PM :- TBD

Talk #1 Beyond Shift-Left: The Rise of Application Detection and Response (ADR) and the Lessons Learned from RASP

Description: Last year, we explored the challenges of shifting security left—highlighting how pushing security responsibilities onto developers often leads to alert fatigue, noise, and time spent chasing "theoretical risk." This year, we pick up the conversation by examining another major trend in application security: the rise and fall of Runtime Application Self-Protection (RASP) and how it has paved the way for a new category—Application Detection and Response (ADR).
RASP was introduced with high hopes: the promise of protecting applications from within, in real time. In theory, it was a game-changer. But in practice, many organizations struggled with the reality—RASP tools are difficult to scale, introduce friction, and most critically, had the power to crash the very applications they were meant to protect.
In this talk, we’ll explore:
The promise of RASP and why it often fails to deliver on its potentialReal-world challenges teams faced when deploying and maintaining RASP solutions—including stability concerns, performance tradeoffs, and operational complexityHow these challenges led to the emergence of Application Detection and Response (ADR) as a more practical, scalable approach to real-time application securityThe core principles of ADR, how it differs from RASP, and why it represents a critical evolution in the application security landscapeLessons learned from early adopters of ADR: what’s working, what’s not, and what’s next
Attendees will leave with a clearer understanding of:
The limits of "shift-left" and why real-time protection mattersThe hard-earned lessons from RASP deploymentsHow ADR builds on the vision of RASP while addressing its key shortcomingsPractical insights for integrating ADR into your security strategy without disrupting developer workflows or application stability
This talk is ideal for application security practitioners, developers, and technical leaders who want to move beyond theory to practical, actionable strategies for securing modern applications in production.

Speaker: Katie Pistello, is a Sr. Solutions Engineer at Oligo Security, where she helps organizations navigate the evolving landscape of application security with a focus on real-time detection and runtime context.
Before joining Oligo, Katie worked at Snyk where she partnered with engineering and security teams to operationalize developer-first security tooling and scale modern application security programs. Her background positions her to help enterprises take their security programs beyond checkbox compliance and into scalable, actionable practices that reduce real risk.

Talk#2 Android app security - with a dash of LLM.

Abstract - Over 3 billion android devices in use worldwide. The threat landscape increases as more and more devices use the Android platform and it becomes crucial to learn Android app security.
In this talk, we will start with some Android basics and key security concepts. After that, we will discuss a hybrid approach where we combine Classic Static analysis with LLMs contextual understanding of the code semantics to go beyond just discovering exported components in Android apps.
We will also demonstrate an open source LLM tool that assists in the deobfuscation of Android bytecode and may help in finding vulnerabilities.

Speaker :- Vaibhav Agrawal Security Engineer at Google
A cybersecurity professional with over a decade of experience in safeguarding digital assets, with core expertise in Application Security, Mobile Security, and LLM Security. His skill set spans a broad range of security and privacy domains, developed through both academic and industry experience, including Infrastructure Security, Cloud Security, and Windows Active Directory Security.
Vaibav is IEEE Senior Member, a security conference speaker, and an active contributor to open-source projects. Some of their work can be found on their GitHub repository: https://github.com/In3tinct.
Research and blog contributions include: