OWASP London Chapter Meetup [IN-PERSON]

**THIS EVENT IS NOW SOLD-OUT AND WE CANNOT RELEASE ANY MORE TICKETS DUE TO THE LIMITED SPACE IN THE VENUE. You can watch the event online here: https://www.youtube.com/live/KQglFw5AgcM and ask questions live at: https://sli.do/OWASP**

This event is kindly hosted by JustEat and sponsored by Smithy.Security

There is limited seating available for in-person attendees. Registration required.

**This event will be live-streamed on YouTube. The live-stream URL is: https://www.youtube.com/live/KQglFw5AgcM**

Recordings will be available on the OWASP London YouTube channel.

Venue Location: JustEat, Fleet Place House, 2 Fleet Pl, London, EC4M 7RF (note: the entrance is directly opposite Starbucks front doors)
Nearest Tube Station: St. Pauls (Central Line) - 6 mins walk
Doors Open at 6pm for registration, food, drinks and networking. The talks start at 6:30pm (we start on time).

TALKS

OWASP Introduction, Welcome and News - Sam Stepanyan, Sherif Mansour and Andra Lezza

Welcome and a brief update on OWASP Projects & upcoming OWASP Conferences from the OWASP London Chapter Leaders

"Go Hack Yourself: API Hacking for Beginners" - Dr Katie Paxton-Fear
Over the past few years, we've really seen API hacking take off as a field of its own, diverging from typical web app security, but yet parallel to it. Often we point to the amorphous blob that is web security and go: "here you go, now you can be a hacker too", with top 10 lists, write-ups, conference talks and whitepapers smiling as we do. This creates a major challenge for developers who want to test their APIs for security or just people who want to get into API hacking, how on earth do you wade through all the general web security to get to the meat of API hacking, what do you even need to know?
This talk is going to break down API hacking from a developer point of view, teaching you everything you need to know about API hacking, from the bugs you can find and to the impact you can cause, to how you can easily test your own work or review your peers.

"Maturing Your Application Security Program" - Tanya Janca
After working with over 300 companies on their application security programs the most common question I receive is “what’s next?”. They want to know how to mature their programs, and when they look at the maturity models available, they find them intimidating and so far beyond their current maturity level that they feel impossible. In this talk I will take you through 3 common AppSec program maturity levels I have encountered over the years, with practical and actionable next steps you could take immediately to improve your security posture.

"The news is that 2025 is the year of Agentic AI, but what IS Agentic AI?" - Spyros Gasteratos (Lightning Talk)
In this lighting talk we’ll start the new year with a small primer on what are agents and how they’re used. We’ll briefly discuss use cases and how we’ve seen people use them. We’ll close with security considerations we’ve seen and an obligatory list of getting started resources

SPEAKERS

Dr Katie Paxton-Fear (@insiderPhD)
Dr Katie Paxton-Fear is an API hacker and content creator at Traceable. She has a PhD in cyber security and artificial intelligence, but if you know her it’s not for her academic work.
She’s a hacker and YouTuber who's found bugs in over 30 companies. She wants to show that anyone can be a hacker, and share her passion and knowledge with others. She has hacked everything from the military to social media, reporting her findings promptly and making sure the attackers don't get their first! In her free time she makes videos, teaching her audience of 80k+ how to get into ethical hacking. You can
find her all over the internet as InsiderPhD.

Tanya Janca (@shehackspurple)
Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of "We Hack Purple", an online learning community that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger & podcaster and has delivered hundreds of talks on 6 continents. Tanya values diversity, inclusion, and kindness, which shines through in her countless initiatives. Advisor: Nord VPN, Aiya Corp Faculty: IANs ResearchFounder: We Hack Purple, OWASP DevSlop, #CyberMentoringMonday, WoSEC

Spyros Gasteratos
Spyros is a seasoned security leader with nearly two decades of experience, from analyst to CISO. As the founder of Smithy.security, he develops open-core products to democratize and simplify product security for all. He maintains Smithy, a security workflow automation engine, and OpenCRE.org, the world's largest security knowledge graph. Passionate about open source, Spyros focuses on harmonizing security tools to empower teams of all sizes.

TICKETS
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the guest list.

CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct