OWASP London Chapter Meetup [IN-PERSON]

This event is kindly hosted by Civo Tech Junction and sponsored by Security Compass. There is limited seating available for in-person attendees. Registration required.

This event will be live-streamed on YouTube. Watch the live-stream here: https://youtube.com/live/MhQhKa38Ea4

Recordings will be available on the OWASP London YouTube channel.

Venue Location: Civo Tech Junction, First Floor, 32-37 Cowper Street, London, EC2A 4AW
Nearest Tube: Old Street (Northern Line), Cowper Street exit - 1 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).

TALKS:

OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders

"Security by Design, Not Injection" – Trevor Young

Security by Design encompasses a variety of processes and technologies aimed at embedding security and compliance early in the development lifecycle. We know adopting Security by Design culture and processes can lower risk by preventing vulnerabilities in software, however effectively educating and shifting teams to implement these changes is notoriously difficult. It is a paradigm shift for most organizations, and many of them fail on their first attempt before finding
something that works for them. This discussion will highlight how to explain what Security by Design is and will present strategies for communicating the importance and value it delivers.

"OWASP Depscan v6 - The SCA Tool For Agile Builders, Creators, And Doers" - Prabhu Subramanian

Most SCA tools can be best described as simple SBOM scanners with a backing vulnerability database. This naive design can lead to numerous false positive alerts due to a lack of comprehensive context. To accurately assess an application's security posture, it's crucial to consider its entire lifecycle, from pre-build to post-build, and capture the full-stack information in the form of SBOM, SaaSBOM, CBOM, OBOM etc.
OWASP depscan v6 is a groundbreaking SCA tool that addresses these limitations by leveraging full-stack information. This innovative approach enables more precise vulnerability triage and prioritization, empowering developers to take informed action.
Join us to meet the project leader behind depscan v6, explore live demos, and delve into the technical intricacies of an xBOM-based SCA tool.

"I know what you did last summer" - Shruti Kulkarni
Learn how cookies and client side storage may impact privacy of end users

RAFFLE - win a prize kindly donated by our sponsors!

SPEAKERS:

Trevor Young

Trevor Young is an entrepreneurial product and technology leader who stays on top of the latest in design, architecture, and creative technologies. Having founded and led companies providing digital offerings, he uncovered his passion for collaborative problem solving, and innovation.He excels at finding inefficiencies in digital markets and disrupting them.
Trevor combines strategic leadership with technical ability, formed from experience in a broad background of practical applications. Trevor currently serves as Chief Product Officer at Security Compass, where heleads product strategy for the company's Secure by Design platform, and Application Security Training library.

Prabhu Subramanian (@_prbh)

Prabhu Subramanian is a distinguished security expert and active contributor to the open-source security community. Prabhu is the author and OWASP Leader behind projects such as OWASP CycloneDX Generator (cdxgen) and OWASP depscan. He specializes in Supply Chain Security and offers consultancy to global clients via his company, AppThreat Ltd.

Shruti Kulkarni (@shruti-s-kulkarni)

Shruti is a cyber security / enterprise security architect with experience in ISO27001, PCI-DSS, policies, standards, security tools, threat modelling, risk assessments. Shruti works on security strategies and collaborates with cross-functional groups to implement information security controls in software development life-cycle, service operations, service delivery such that security controls support business requirements.

TICKETS:

OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security.

CODE OF CONDUCT:

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct