OWASP London Chapter Meetup [IN-PERSON]

DO NOT RSVP on Meetup: PLEASE REGISTER FOR THIS EVENT USING EventBrite here: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-in-person-tickets-634995969037?aff=mu

This meetup will take place at Amazon London offices (in-person) and will also be live-streamed on OWASP London YouTube Channel.
----
TALKS:

OWASP Introduction, Welcome and News - Sam Stepanyan
Welcome and a brief update on OWASP Projects & Conferences

Talk 1: "Security Chaos Engineering: When and How You Should Break Your System" - Anais Urlichs

The real cost of misconfiguration for businesses has been set to several trillion over the past years. These costs are the result of misconfiguration in infrastructure and workloads. One way to proactively identify misconfiguration is through security scanning. The scan results provide us with insights into the security posture of our services over time. However, these scanners treat our resources as static and evaluate misconfiguration only in single instances. To assess the potential impact of misconfiguration in our production environment, we need additional tools. In this talk, we will look at ways Chaos Engineering and Security Experimentation can help us minimise the potential damage of misconfiguration. Chaos Engineering is the process of intentionally introducing fault into a system to test its resilience to failure. Anais will walk you through the principles of Security Chaos Engineering and how it can be used to proactively identify misconfiguration and make our deployment pipeline and services more robust.

Talk 2: "It’s Not a Bug It’s Emergent Behaviour - Generative AI, Its Cybersecurity Risks and Benefits" - Sherif Mansour

A curated talk on generative AI, where Sherif will present his research findings beginning with an overview of the technology, then discuss its current technical risks, and explore its promising security use cases without making grand claims. Additionally, this talk dive into design considerations when developing web applications utilising generative AI. To conclude, Sherif will introduce open-source software announced during the talk, encouraging attendees to use and investigate them at their own discretion.

SPEAKERS:

Anaïs Urlichs (@urlichsanais)

Anaïs Urlichs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as SRE at Civo, a cloud native service provider, where she worked on infrastructure for hundreds of tenant clusters. As OpenUK ambassador, her passion lies in making tools and platforms more accessible to developers and community members.

Sherif Mansour (@kerberosmansour)

Sherif Mansour is the global director of information security at JustEat Takeaway.com and has been working in the field of information security for 19 years. He was the OWASP chairman and sat on of the OWASP foundations' board for four years. He was also one of the founding governing board members for the OpenSSF Foundation which he represented the OWASP Foundation. Sherif contributed to several OWASP projects and was one the main authors of the CIS Benchmark for Tomcat 7/8. As a security researcher he has disclosed vulnerabilities in Microsoft, Oracle, SAP and SiteSpect products.

TICKETS:

This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place on EventBrite to be admitted to the event by the building security - your name will be checked against the guest list. Please have bring some form of ID to help the building security to check you in quicker.

CODE OF CONDUCT

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously.

OWASP aims to provide a harassment-free experience for everyone, regardless of gender, sexual orientation, disability, physical appearance, body size, race, age, or religion. We do not tolerate harassment of event participants in any form.

Additionally, participating in OWASP events means you shall also adhere to the OWASP Code of Conduct which you can find here: https://owasp.org/www-policy/operational/code-of-conduct