OWASP Leiria Meetup #4 - Leiria Does Not Exist

OWASP Leiria is excited to invite you to an engaging (online) evening filled with technology insights, networking opportunities, and inspiring discussions.

📅 Date: December 18th, 2025
🕕 Time: 6:30PM-8:15PM GMT
📍 Location: Online (StreamYard)
📍 Register now: https://streamyard.com/watch/rPZsjq7tigQy

Agenda:
6:30PM – Event Opening
🎙️ Hosted by Teresa Pereira (Leader @ OWASP Leiria)

6:40PM – Instant API Hacker
👨‍💻 Corey Ball (CEO & Founder @ hAPI Labs, APIsec University Founder)
Abstract: "Instant API Hacker" is a fast-paced, 30-minute presentation that demonstrates how quickly someone can learn to identify and exploit API vulnerabilities. Led by Corey Ball, author of "Hacking APIs" and founder of APIsec University and hAPI Labs. This talk provides a practical introduction to API security testing using real-world tools and techniques. Attendees will witness the exploitation of critical vulnerabilities from the OWASP API Security Top 10, including broken authentication, authorization flaws (BOLA), and excessive data exposure. Through live demos using the crAPI vulnerable lab, participants will see firsthand how APIs can be compromised and gain actionable insights they can apply immediately. The presentation concludes with free resources for continued learning, including access to vulnerable labs and APIsec University courses.

7:15PM – The AppSec Poverty Line: Minimal Viable Security
👨‍💻 Tanya Janca (Trainer, Keynote Speaker, Best Selling Author - Alice and Bob Learn Secure Coding & Application Security)
Abstract: Not every team has a security budget. Not every project has a dedicated AppSec engineer. But every product exposed to the internet needs some level of security to survive.
This talk explores what I call “The AppSec Poverty Line” also known as ‘Minimal Viable Security” — the minimum viable set of practices, tools, and cultural shifts that under-resourced dev teams can adopt to meaningfully improve application security. Whether you're a startup with no security hires, an independent dev, or part of a team that doesn’t have a security budget, this talk will help you prioritize what actually matters.
We’ll cover practical approaches to getting from zero to secure-ish, with a focus on:
• Training developers to write more secure code, and spot unsafe code
• Cultivating a security-positive culture
• Leveraging open-source tools that punch above their weight
• Knowing when “good enough” really is enough — and when it’s not
Attendees will leave with a roadmap for building real-world security into their product lifecycle — without breaking the bank or burning out the team. Because even if you’re below the AppSec poverty line, you don’t have to be defenseless.

8:10PM – Event Closing 🍻

🎟️ Reserve Your Spot: Don’t miss this incredible opportunity!

We can’t wait to see you there! 🚀