OWASP London Chapter Meetup [IN-PERSON]

This event is kindly hosted by Thought Machine and sponsored by Checkmarx. There is limited seating available for in-person attendees. Registration required.

This event will be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel.

Venue Location: Thought Machine, 7 Herbrand St, London WC1N 1EX
Nearest Tube: Russell Square (Piccadilly Line) - 2 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:20pm (we start on time!).

TALKS

OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders

“The Risks of Blind Trust in Code from Strangers” - Tal Folkman

Through our efforts in tracking and combatting attackers in open source software supply chains, my team has gained valuable insights and lessons. In this presentation, we aim to provide attendees with a new perspective and tools for evaluating the trustworthiness of open source code before using it in their own projects. This talk is for anyone who uses open source in their daily work. The goal is to raise awareness about the risks of software supply chain attackers hiding in open source code, and to demonstrate how easy it is for attackers to launch attacks. Attendees will learn about tools for detecting when they are being tricked and how to stay alert to potential threats.

"SBOMS and why they can help make your software more secure" - Anthony Harrison

With a growing interest (or maybe it is just awareness) in Software Bill of Material (SBOM) raised by various initiatives from governments (US, EU and now the UK with the recently announced consultation on software security and resilience), SBOMs are starting (in certain markets) to form part of the development landscape. As software systems become increasingly complex relying on an extensive (and often unknown) software supply chain, it is essential to have a full understanding of all of the components which are used in a solution. This applies at all stages of the life cycle and an SBOM is considered to be a key artefact in providing the necessary information to support a vulnerability management process. This talk will explain what a SBOM is, how and when they should be produced (and some of the challenges that need to be overcome) and demonstrate how they should form part of a DevSecOPs lifecycle. I will try and supplement the talk with some demonstrations using a number of open source applications.

"Decoding Software Composition Analysis (SCA): Unveiling Pain Points in SCA" - Kaiwen Jiang

An overview of Software Composition Analysis (SCA) and its significance in bolstering software security. It includes discussions on SCA tools and key steps for implementation, and addresses challenges associated with SCA adoption.

SPEAKERS

Tal Folkman
Tal Folkman is a security research team lead and accomplished expert in cybersecurity with over 8 years of experience in the field. Tal possesses exceptional skills in detecting and analyzing malicious code present in open-source software supply chains. In 2021, Tal joined Dustico, a software supply chain security startup that was later acquired by Checkmarx. Prior to this, she served for 5 years as both member and leader of IDF's Cybersecurity Red Team. Currently, Tal and her team are dedicated to identifying and combating software supply chain attackers, thereby ensuring the safety and security of the ecosystem.

Anthony Harrison
Anthony is an independent systems/software/cyber consultant. Anthony is a member of the OpenSSF SBOM Everywhere working group and SBOM Forum. Anthony has presented on SBOMs at FOSDEM (2002 and 2023), EuroPython 2022 and at PyCascades (Vancouver). In his spare time Anthony teaches Python at Manchester CoderDojo and has acts as a mentor for Google Summer of Code (GSOC) projects supported by the Python Software Foundation

Kaiwen Jiang
Kaiwen Jiang is an Application Security Engineer at Wise, with expertise in threat modeling, secure code scanning, and bug bounty initiatives. She extends her insights beyond work with a captivating AppSec learning blog at https://appseckiki.medium.com
Kaiwen also shares her personal world with the lovely cat Joe Maroon 11, and is passionately devoted to Taylor Swift.

TICKETS
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.

CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct