A night of Jim Manico

We're so incredibly lucky that Jim Manico, a global forerunner and huge capacity in appsec efforts within the OWASP organization and globally for decades and more recently in AI security, is moving to Copenhagen and is dedicated to giving back to our community.

Jim has offered to do not just one talk but but both a talk and a short lecture on his favorite topics: AI Security and AppSec. And you're hereby cordially invited to join. As usually there'll be pizzas and drinks and as usually everything will be for the amazingly attractive price of nothing!

Schedule:
17.00: Introduction to OWASP Copenhagen
17.05: Navigating the AI Labyrinth: Ethics, Security, and Best Practices
18.00: Pizzas and drinks
18.30: AppSec lecture

Here's a description of both events:

Navigating the AI Labyrinth: Ethics, Security, and Best Practices
This talk offers a comprehensive exploration of Artificial Intelligence (AI) from its historical evolution to the latest developments in AI security and ethics. Key topics include:

• A Brief History of AI: A snapshot of the pivotal milestones in AI development.
• AI and Ethics: Understanding AI's business impact, ethical guidelines, best practices, and risk mitigation strategies.
• Robustness & Reliability of AI Code Generation: Addressing common misuse patterns and reliability metrics in AI systems.
• Artificial Intelligence Security Introduction: Analyzing historical AI failures to draw lessons and improve future applications.
• OWASP Top Ten for Large Language Models (LLMs): A deep dive into security considerations specific to LLMs, ranging from prompt injection to model theft.
• Threat Modeling AI Systems: Outlining methodologies to assess and mitigate AI-related threats.
• Hugging Face Open Source AI Tools: Exploring the utility and application of these tools in AI research.
• Differential Privacy and AI: Discussing the principles of differential privacy in the context of AI.
• NIST AI Risk Framework: An overview of NIST's guidelines for AI risk management.
• EU AI Act: Analysis and impact on AI development and use.

The talk aims to provide attendees with a nuanced understanding of AI's ethical implications, security challenges, and practical approaches for secure and responsible AI deployment.

AppSec Training
In the rapidly evolving realm of web development and application security, the OWASP Top 10 remains a cornerstone document, acting as a beacon for developers and security professionals alike. Reflecting a broad-based consensus, it spotlights the most critical security risks threatening web applications, thereby shaping the frontier of secure coding techniques.
With an ever-increasing emphasis on web-based interactions, the significance of a deep understanding of these risks is paramount. As developers etch lines of code giving life to web applications, a firm grasp of secure coding practices becomes not merely beneficial, but essential.
This immersive and engaging presentation seeks to equip attendees with a comprehensive understanding of the OWASP Top Ten 2022 release, intending to empower developers with the knowledge necessary to author secure, resilient software. As we navigate through this labyrinth, we shall focus on in-depth discussions around:

• A01:2021-Broken Access Control
• A02:2021-Cryptographic Failure
• A03:2021-Injection
• A04:2021-Insecure Design
• A05:2021-Security Misconfiguration
• A06:2021-Vulnerable and Outdated Components
• A07:2021-Identification and Authentication Failures
• A08:2021-Software and Data Integrity Failures
• A09:2021-Security Logging and Monitoring Failure
• A10:2021-Server-Side Request Forgery

Join us as we embark on this enlightening journey, delving into the unique intricacies of each risk, exploring defense strategies, and fostering a culture of security-minded web application development. This presentation aims to instill a robust defensive mindset, helping attendees to weave a narrative of secure coding that transcends the bounds of standard practices.