OWASP London Chapter Meetup [In-Person]
Details
This event is kindly hosted at the Shard Offices by Sage and sponsored by Sage and Smithy. There is limited seating available for in-person attendees. Registration required.
***
PLEASE NOTE:
Please register on Eventbrite ONLY.
No Meetup RSVPs will be allowed entry.
As tickets are so limited for this event, please ensure you can commit to attending before requesting a ticket.
***
This event will be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel.
Venue Location: The Shard Office/Sage, 32 London Bridge St, London SE1 9SG
Nearest Tubes: London Bridge (2 minute walk)
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).
TALKS:
OWASP Introduction, Welcome and News - Andra Lezza, Sam Stepanyan, Sherif Mansour - OWASP London Chapter Leaders
"Trust and Traceability: Developer Observability in the AI-Powered SDLC - Safeguarding the enterprise with superior AI risk governance" - Matias Madou, Ph.D.
By 2026, more than three-quarters of developers are using AI coding tools in their workflows, often without AppSec oversight, exposing a growing security skills gap as they struggle to identify and mitigate AI-generated vulnerabilities. While fears of developers being replaced are overstated, the enterprise attack surface has expanded, demanding that CISOs evolve their programs with stronger governance, developer observability, and precision AI risk management. In this session, Dr. Matias Madou will share AI experiments and CISO research to outline pathways for world-class security leaders to empower developers through tailored training, upskilling, and security-first practices. Key themes include comparing AI versus human coding and its impact on security maturity, addressing AI data quality and safe pair programming, establishing developer skills baselines and benchmarks, growing critical security competencies quickly, and overcoming pitfalls of AI-driven vulnerability detection such as hallucinations, insecure code generation, and misconfiguration.
"LLM Attacks and Defences - Prompt Hacking" - Dominic Whewell
Generative AI has seen an explosion in popularity, from Large Language Models (LLMs) to Diffusion Models. A core security vulnerability in these systems is that their architecture cannot distinguish between trusted developer instructions and untrusted user input, processing all commands in a single stream. This fundamental flaw makes them susceptible to "prompt hacking," where a user's input can override the model's intended behavior and safeguards.
This talk is for beginners in the AI red teaming space or developers seeking to understand common AI attacks and how to defend against them.
Lightning Talk: "How to do multi-tool deduplication without LLMs - Stories from the Trenches" - Spyros Gasteratos
SPEAKERS:
Matias Madou, Ph.D.
Matias Madou, Ph.D. is a security expert, researcher, and CTO and co-founder of Secure Code Warrior. Matias obtained his Ph.D. in Application Security from Ghent University, focusing on static analysis solutions. He later joined Fortify in the US, where he realised that it was insufficient to solely detect code problems without aiding developers in writing secure code. This inspired him to develop products that assist developers, alleviate the burden of security, and exceed customers' expectations.
When he is not at his desk as part of Team Awesome, he enjoys being on stage presenting at conferences including RSA Conference, BlackHat and DefCon.
Dominic Whewell
Experienced Penetration Tester with a demonstrated history of working in the computer and network security industry. Strong information technology professional skilled in LLM, Cloud, Kubernetes/Docker Security Testing, Red-teaming and Internal And Web Application penetration tests.
Spyros Gasteratos
With over 15 years of experience in security roles, I am a passionate and innovative security engineer and entrepreneur who leverages technology and people to create secure and efficient solutions. I am the founder of smithy.security, a SaaS platform that enables users to maintain no-code security workflows and boost their productivity. I am also the co-lead of OpenCRE, an open-source initiative that unites security standards and guidelines into one interactive content platform.
As a security automation expert, I have developed and maintained several open source projects, such as Smithy, a security automation framework that integrates with various security tools and DevSecOps pipelines. I have also delivered secure training, performed pentests, set up security champions, and architected security features for Thought Machine, a cloud-native core banking platform. I frequently speak and write on security topics, such as security automation, standards harmonization, and threat modeling, and work closely with OWASP.
TICKETS:
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. Your name will be checked against the guest list and a photo ID might be required.
CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct