OWASP London Chapter Meetup [IN-PERSON] RSVP on Eventbrite

Please RSVP to attend this event here: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431

PLEASE NOTE - YOU MUST REGISTER on EVENTBRITE: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431

This event is kindly sponsored by Curity.
Raffle prizes are kindly sponsored by Curity and Fortbridge.
There is limited seating available for in-person attendees. Registration required.
This event will also be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel

TALKS:

OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders

"North Korea: The Great Recruitment Firewall" - Mariya Hristova

North Korean spies are lurking everywhere, but especially in the hiring pipeline. Disguised as the perfect candidate to try and snag a position in a company where they can espionage away!
Recruitment is the first point of contact for all candidates so in this talk I will go over how I recognise fraudulent candidates without descending into unfounded bias. I’ll go over some recent examples and give some practical guidance of what you can do if you are not sure that the person opposite you is who they say they are.

"Vesta Admin Takeover - Exploiting reduced seed entropy in bash $RANDOM" - Adrian Tiron

Vesta is a lightweight, web-based control panel that simplifies Linux server management, appealing to users seeking an intuitive alternative to traditional platforms like cPanel and Plesk. This presentation will examine a critical flaw in Vesta: an admin takeover exploit resulting from reduced seed entropy in the Bash $RANDOM variable. By transforming what was once a theoretical attack into a practical one, we successfully reduced the brute force domain of the seed by over 98%. This allows attackers to generate predictable random values, compromising the security of passwords and tokens. We will discuss the implications of this vulnerability and highlight best practices for enhancing server security in real-world applications.

"Securing AI Agents: Identity Strategies for Safe API Access" - Gary Archer

As organizations adopt AI-driven tools and workflows, new security challenges arise around how AI agents securely access APIs. In this session, Gary explores how best practices for connecting AI agents to APIs are evolving, and outlines the essential identity and security building blocks organizations should put in place for the emerging AI era. The talk focuses on architectural principles and patterns rather than specific vendors or products.

SPEAKERS:

Mariya Hristova

A People and Talent Leader who has been building tech teams across large orgs and startups for 10 years. An enthusiastic amateur in all things tech, but with a personal crusade to help improve UX and UI in open source tools. If we want to usher in the year of the penguin, we have to pay attention to that stuff! In my spare time I like to break HR Tech or volunteer my time and knowledge to help companies and candidates/employees meet each other in right way.

Adrian Tiron
Adrian Tiron is a Co-Founder & Principal Pentester/Red Teamer at FORTBRIDGE with 20 years of experience in cybersecurity. He has a proven track record of success working with top companies in the UK, US, and Europe. As a dedicated researcher and blog author, Adrian has uncovered multiple critical vulnerabilities in open-source and commercial software, contributing significantly to improving online security.

Gary Archer

Gary Archer is a Product Marketing Engineer at Curity with over 20 years’ experience as a lead developer and architect delivering investment banking solutions. His work includes leading OAuth-based migrations, designing distributed security architectures, and supporting complex business systems. At Curity, Gary focuses on teaching end-to-end security flows across web, mobile, and API environments, helping teams understand both the benefits and learning curve of modern identity architectures.

RAFFLE - win a prize (or two!) kindly donated by our sponsors!

RAFFLE PRIZES:
1. NINTENDO SWITCH2 GAMING CONSOLE
2. FLIPPER ZERO

TICKETS:

OWASP meetups are free and open to anyone interested in application security. Please note that you MUST REGISTER book your place to be admitted to the event by the building security. Your name will be checked against the guest list.
REGISTER HERE: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431

CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

PHOTOGRAPHY
Please note that OWASP events are open to the public, and OWASP does not restrict attendees (including OWASP staff, volunteers, sponsors, and media) from taking photos or videos at our events.
The talks will be video recorded.
By attending OWASP events, you acknowledge that you are in a public space and that attendees (including OWASP staff, volunteers, sponsors, and media) may capture your image in photos and videos. Nevertheless, OWASP encourages event attendees to exercise common sense and good judgment and respect the wishes of other attendees who do not wish to be photographed at the Events.

SPONSORS

This event is kindly sponsored by [Curity.io](https://curity.io) and kindly hosted by Civo Tech Junction.

Additional Raffle prize sponsored by Fortbridge

REGISTER TO HERE: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431