OWASP London Chapter Halloween Meetup [IN-PERSON]

This event is kindly hosted by Civo Tech Junction and sponsored by Apiiro. There is limited seating available for in-person attendees. Registration required.

This event will be live-streamed on YouTube. Watch the live-stream here: https://www.youtube.com/watch?v=LU7PjdDaaB0

Recordings will be available on the OWASP London YouTube channel.

Venue Location: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW
Nearest Tube: Old Street (Northern Line), Cowper Street exit - 1 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).

TALKS:

OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders

"AI and AppSec: Are We Finally on the Verge of the Big Breakthrough?" - Petra Vukmirović

In cybersecurity, AI has made significant advances, especially in threat detection, risk quantification, and remediation automation. However, in Application Security (AppSec), it hasn’t fully reached its potential—yet.
This talk will explore why the next big breakthrough in AI is poised to revolutionize threat modeling and security reviews, areas traditionally plagued by manual processes, high complexity, and slow adoption in fast-moving development environments.
We are at the tipping point where AI can understand code deeply enough to automate threat modeling, shifting it left and removing bottlenecks in the security review process. By using AI to derive data flows, identify threats and controls, and continuously update threat models, we can potentially integrate security into the development lifecycle more effectively.
Join this session to discuss and discover how AI could potentially take threat modeling as code (and from code!) to the next level.

"Proactive Risk Detection at the Design Stage" - Ella Bor

Security risks can be costly when discovered late in development, and the “shift left” movement seeks to address this. This talk explores strategies for identifying potential risks during the design phase, even before coding begins. By analyzing ticketing systems with AI, development teams can identify potential risks such as insecure data handling or problematic third party integrations early on—without slowing development velocity. The discussion will highlight methods to uncover design-phase risks while using AI to propose security review questions and automatically generate threat stories on a large scale. This approach not only simplifies the design review process but also helps prevent the creation of insecure code.

Guest Talk: "Strengthening AppSec Efforts" - Jon McCoy

RAFFLE - win a prize kindly donated by our sponsors!

SPEAKERS:

Petra Vukmirović (@PetraVuk1311)

Technology enthusiast, leader, public speaker, believer in radical candor, ex-emergency medicine doctor, competitive athlete (volleyball) and ex-sports scholar. Petra started her cyber security career as a security engineer, climbed up the ladder to Director of Cyber Security. Love creating order out of chaos, learning and overcoming any challenges that come along my way. Always leveraging innovation and looking to implement improvements in processes and systems.

Ella Bor

Ella Bor is an experienced data scientist, honed her skills across diverse industry domains, including legal-tech, e-commerce, and application security. At Apiiro, she harnesses her extensive expertise to drive innovation in application security. Ella specializes in leveraging artificial intelligence to tackle real-world challenges, developing and implementing end-to-end algorithmic solutions that automate complex tasks. Throughout her career, Ella has been dedicated to bridging the gap between theoretical research and practical application, ensuring that AI-driven solutions are both technically sound and aligned with business goals.

TICKETS:

OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.

CODE OF CONDUCT:

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

DRESS CODE:

🎃 Halloween costumes are encouraged, but not required. Feel free to get into the spooky spirit if you'd like, or come as you are!