OWASP London Chapter Meetup [IN-PERSON]

This event is kindly hosted by Thought Machine and sponsored by Phoenix Security. There is limited seating available for in-person attendees. Registration required.
This event will be also be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel.

Venue Location: Thought Machine, 7 Herbrand St, London WC1N 1EX
Nearest Tube: Russell Square (Piccadilly Line) - 2 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).

TALKS

• OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders
• "You secured your code dependencies, is that enough?" - Anant Shrivastava
• "AI-Second Threat Centric Agentic Approach on Vulnerabilities" - Francesco Cipollone

TALK ABSTRACTS

You secured your code dependencies, is that enough?
Supply Chain security is a new buzzword for past 2-3 years, the dust is slowly settling and we are now in the phase we people need to evaluate what is going right and what is going wrong.Large number of organizations, introduced SCA tooling and SBoM creation tooling and called it the day. Has that helped? What has been going on in the world of supply chain security.In this talk we will explore the Supply chain security not just from a code base dependency prospective but rather wholistic approach to establishing the right controls in the system for a seamless software delivery.Software supply chain security concerns not just the product organizations creating software of external or internal usage but also for organizations that may be just using the final product as an end user.From your development environment to production, from downloading binaries from internet to running them on network machines we will explore the 360 degree view of supply chain security, the relevant case studies around the exploitation and what is it that industry or Govt bodies have done towards protecting people or organizations against such attacks.Audience will leave with a holistic view of how the full supply chain of the software development looks like and thoughts on what are the possible gaps in security they might have in their organizations.

AI Second – Threat Centric Agentic approach on Vulnerabilities
- Because terrible data in -> terrible data out – just prettier

The application of AI agents in cybersecurity has evolved beyond simple automation tools, becoming powerful systems capable of understanding complex contexts and deriving actionable insights. This talk explores the use of AI agents, specifically retrained models in collaboration with tools like Google Gemini, to accurately identify threats, assess their impact, and determine threat actor involvement.
Cybersecurity teams face the challenge of managing disparate security domains—application security vulnerabilities often exist separately from infrastructure security concerns. This division often leads to fragmented efforts, where one team focuses on threat actor profiling using frameworks like MITRE ATT&CK, while another addresses development processes through appsec best practices. CISOs, in particular, struggle to reconcile these differences into cohesive metrics and strategies.
As organizations adopt cloud environments and containerization, a new divide emerges between development teams and security operations. Both groups play critical roles in the overall cybersecurity posture but often fail to collaborate effectively. The friction stems from the lack of a unified view that integrates threat intelligence, vulnerability management, and application security.
This session proposes an integrated, threat-centric approach that unifies these domains through the application of AI agents. By using real-world, context-aware agents to analyze threats, we can customize models to detect vulnerabilities with high accuracy, determine the likelihood of exploitation, and assess the potential impact. These agents are retrained to continuously adapt and improve their understanding of threat landscapes, including sophisticated threats like ransomware.

SPEAKERS

Anant Shrivastava is a highly experienced information security professional with over 15 years of corporate experience. He is a frequent speaker and trainer at international conferences, and is the founder of Cyfinoid Research, a cyber security research firm. He leads open source projects such as Tamer Platform and CodeVigilant, and is actively involved in information security communities such as null, OWASP and various bsides and defcon groups.

Francesco Cipollone is a renowned entrepreneur and CISO, founder of Phoenix Security, an ASPM platform offering actionable, contextual code-to-runtime insights. A multi-award-winning podcast host, author, and global speaker, Francesco is known for his visionary contributions to cybersecurity. He serves on the UK&I Cloud Security Alliance Chapter board and is a faculty member at IANS on application and cloud security. His insights have appeared in Forbes, Helpnet Security, and Hacker Noon, and he has been featured in prominent podcasts like Application Security Weekly and Cloud Security Podcast. Francesco has keynoted at major conferences such as AppSec Cali and Cyber Security & Cloud Expo, and previously led application and cloud security at HSBC and served as Senior Security Consultant at AWS. An avid marathon runner, snowboarder, and whiskey enthusiast, Francesco balances his professional accomplishments with a passion for adventure and fine spirits.

TICKETS

OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the registered attendee list!

CODE OF CONDUCT

We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct