April 2025 OWASP Chapter Netherlands Meetup

This is an online meeting and will be streamed on YouTube. The meeting will start at 19:00.

See https://owasp.org/www-chapter-netherlands/upcomingevents for more information about the OWASP Netherlands chapter.

19:00 - 19:10 - Welcome and OWASP updates
19:10 - 19:55 - OWASP Top 10 for LLM Apps and Gen.AI Security by John Sotiropoulos
19:55 - 20:05 - Questions and Break
20:05 - 20:50 - Building a Robust AppSec Program: SAMM’s Roadmap to SSDLC Maturity by Nariman Aga-Tagiyev

OWASP Top 10 for LLM Apps and Gen.AI Security
Abstract:
The OWASP 10 for LLM Apps has been a highly successfully project creating the foundation for many other project initiatives including Agentic AI, Red Teaming, and LLM Exploit Generation. This session will provide a project update with an overview of the latest 2025 Top 10 for LLM apps and the new project initiatives
Bio:
John Sotiropoulos is the head of AI Security at Kainos where he is responsible for AI security and securing national-scale systems in government, regulators, and healthcare. A co-lead of the OWASP Top 10 for Large Language Model (LLM) Applications John leads Agentic Security Initiative and alignment with other standards organizations and national cybersecurity agencies including NIST, MITRE, CSA, the NCSC, and the US AISIC, where he is the OWASP lead. He is the author of the bestselling book on Adversarial AI, Attacks, Mitigations, and Defense Strategies and more recently he authored the UK Government’s Implementation Guide for the UK Code of Practice for the Cybersecurity of AI, both submitted to ETSI for international standardization.

Building a Robust AppSec Program: SAMM’s Roadmap to SSDLC Maturity
Abstract:
In this talk, we will explore how the OWASP Software Assurance Maturity Model (SAMM) provides a structured approach to building and improving an organization’s Secure Software Development Lifecycle (SSDLC). From assessing current AppSec practices to defining a practical roadmap for maturity, this talk will guide you through SAMM’s core pillars and actionable best practices. Whether you’re just starting or looking to refine your AppSec program, this session offers insights into fostering sustainable change and aligning security with business objectives.
Bio:
Nariman Aga-Tagiyev is an Application Security Architect with over two decades of experience in software development. Over the course of his career, Nariman has worn multiple hats, serving as a full stack web application developer, backend developer, DevOps engineer, and cloud developer. However, since 2016, his focus has been exclusively dedicated to the realm of Application Security and advancing Software Security Development Life Cycle (SSDLC) maturity.