December Meetup
Details
Please join us for the upcoming December Bay Area OWASP meetup, proudly sponsored by Intuit.
Enjoy an evening of insightful security talks, lively community networking, and engaging conversations... all accompanied by delicious food and drinks courtesy of Intuit.
5:00 PM : Doors open, Networking, food and drinks
5.30 PM :- Chapter introductions
5.45-6.30 PM :- Redefining Data Security Architecture in the Age of AI
6.30-7.15 PM :- From input-handling flaws to crashables: Security lessons from LLM-based coding tools
7.15-8.00 PM :- Rethinking Breaking Changes in Security Upgrades with LLMs
Talk#1: Redefining Data Security Architecture in the Age of AI
Description: As artificial intelligence reshapes how organizations process and leverage data, the responsibility to secure that data grows exponentially. This session explores how Intuit is redefining data protection architecture in the age of AI through automation, advanced cryptography, and self-service developer experiences. Attendees will learn how Intuit’s Data Security Capability integrates Sensitive Data Management (SDM), Advanced Cryptography, and Non-Human Identity (NHI) Management to deliver a holistic, scalable, and intelligent approach to securing sensitive information across the enterprise.
“Data security isn’t just about protection — it’s about enabling innovation securely in the AI era.”
Speakers: Ashwin Venkatasubbaraya - Group Manager at Intuit, Data Security
Dmitry Izumskiy - Principal Software Engineer at Intuit, Platform and Development Acceleration
Praveen Keshavamurthy - Principal Software Engineer at Intuit, Data Security
Talk #2 From input-handling flaws to crashables: Security lessons from LLM-based coding tools
Description: Claude Code illustrates how LLM-based coding tools expand the attack surface. Design choices around approvals, parsing, and error handling can turn into security flaws. We present specific findings Kodem uncovered in Claude Code. Both issues highlight how LLM-based coding tools introduce new misconfiguration and input-handling risks. This talk dissects the issues, their broader implications for AI developer tools, and practical mitigations
Speaker #2 Roy Talyosef, Software engineer at Kodem
Talk #3: Rethinking Breaking Changes in Security Upgrades with LLMs
Description: Burned by breaking changes in production, developers often avoid making necessary security upgrades and ignore automated pull requests from security tools. Imagine instead: a unique hybrid of LLMs and static analysis that can predict the likelihood of breaking changes and create a system developers trust. This approach helps teams get more security impact with the same amount of effort.
Speaker: Katie Kent, Staff Product Manager, Semgrep (Supply Chain)