Part of OWASP Foundation - 70 groups

OWASP London Chapter

4.7•373 ratings

About us

OWASP London Chapter
OWASP (The Open Worldwide Application Security Project) is a worldwide not-for-profit organisation focused on improving the security of software. With over 250 local Chapters worldwide and 110,000+ volunteers OWASP's open community is dedicated to enabling organisations and individuals to develop and maintain applications that can be trusted. OWASP's meet-ups, tools, standards, guidelines, documents and forums are free and open to anyone interested in improving application security.

Visit OWASP London webpage here: https://www.owasp.org/london
Follow us on Twitter: https://twitter.com/OWASPLondon
Follow us on LinkedIN: https://www.linkedin.com/company/owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch recordings of talks presented at our events on our YouTube channel: https://www.youtube.com/OWASPLondon
^Please subscribe to our YouTube channel to get notified when the latest video recordings of our talks get published.

We are also on Slack: https://owasp.slack.com #chapter-london channel (for Slack invites visit: https://owasp.org/slack/invite))

We also have a mailing list, sign-up here: https://groups.google.com/a/owasp.org/forum/#!forum/london-chapter/join
We usually run 7-10 events per year: meet-ups ("Chapter Meetings"), Capture The Flag (CTF) tournaments, Hackathons, workshops and hacking/cyber-security themed pub quizzes.

Please note that while we do advertise our meetups here on Meetup[.]com due to the Meetup platform limitation we do not use the Meetup's RSVP system and instead use Eventbrite for free tickets and registration to attend our events. If you have an account on EventBrite you can follow us there as well: https://owasplondon.eventbrite.co.uk/

You don't have to be an OWASP member to attend any of our meetups or CTFs - they are free and open to everyone interested in Application Security, booking is required.
There is a paid membership, which is a donation to the OWASP Foundation - it gives you discounts on many cyber-security conferences around the world, voting rights, @owasp.org email address and many other benefits like free access to paid training platforms. Join OWASP Global Foundation as a paid member here: https://www.owasp.org/index.php/Membership

Upcoming events

See all

Network event
OWASP Training Days London 2026
Wed, Feb 25 · 5:00 PM GMT
King's College Waterloo Campus, 57 Waterloo Road, London, GB
48 attendees from 10 groups
Ready to level up your AppSec skills?

Join us at London OWASP Training Days 2026 — a dedicated hands‑on training experience designed by and for the global application security community!
From 1‑day intensive skill builders to multi‑day deep dives, our curated training lineup helps security pros, developers, and architects build practical expertise you can apply immediately.

Hands‑On Security Courses:
• API Security Fundamentals - secure modern APIs with real world exercises
• Security Champions Program - build security culture from within
• Privacy Engineering in the Age of AI - integrate privacy by design
• AppSec Program - integrate OWASP SAMM rather than relying on tooling
• AI Threat Modeling - next‑generation risk thinking
• Web App Security Essentials - foundational defensive & offensive skills
• Mobile & IoT App Hacking - real lab hands-on practice led by experts
• Pentesting / OffSec - full-stack, lifetime lab access

Whether you’re starting your AppSec journey or mastering advanced techniques, our expert trainers offer practical, interactive sessions that go beyond theory - so you can protect software with confidence.

📍 King’s College London | Feb 25 - 27, 2026
Secure your seat: https://owasp.glueup.com/event/london-owasp-training-days-2026-162538/
40 attendees from this group
OWASP London Chapter Meetup [IN-PERSON] RSVP on Eventbrite
Thu, Feb 26 · 6:00 PM GMT
Civo Tech Junction, Civo Tech Junction, First Floor, 32-37 Cowper St, EC2A 4AW, London, GB
Please RSVP to attend this event here: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431

PLEASE NOTE - YOU MUST REGISTER on EVENTBRITE: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431

This event is kindly sponsored by Curity.
Raffle prizes are kindly sponsored by Curity and Fortbridge.
There is limited seating available for in-person attendees. Registration required.
This event will also be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel

TALKS:

OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders

"North Korea: The Great Recruitment Firewall" - Mariya Hristova

North Korean spies are lurking everywhere, but especially in the hiring pipeline. Disguised as the perfect candidate to try and snag a position in a company where they can espionage away!
Recruitment is the first point of contact for all candidates so in this talk I will go over how I recognise fraudulent candidates without descending into unfounded bias. I’ll go over some recent examples and give some practical guidance of what you can do if you are not sure that the person opposite you is who they say they are.

"Vesta Admin Takeover - Exploiting reduced seed entropy in bash $RANDOM" - Adrian Tiron

Vesta is a lightweight, web-based control panel that simplifies Linux server management, appealing to users seeking an intuitive alternative to traditional platforms like cPanel and Plesk. This presentation will examine a critical flaw in Vesta: an admin takeover exploit resulting from reduced seed entropy in the Bash $RANDOM variable. By transforming what was once a theoretical attack into a practical one, we successfully reduced the brute force domain of the seed by over 98%. This allows attackers to generate predictable random values, compromising the security of passwords and tokens. We will discuss the implications of this vulnerability and highlight best practices for enhancing server security in real-world applications.

"Securing AI Agents: Identity Strategies for Safe API Access" - Gary Archer

As organizations adopt AI-driven tools and workflows, new security challenges arise around how AI agents securely access APIs. In this session, Gary explores how best practices for connecting AI agents to APIs are evolving, and outlines the essential identity and security building blocks organizations should put in place for the emerging AI era. The talk focuses on architectural principles and patterns rather than specific vendors or products.

SPEAKERS:

Mariya Hristova

A People and Talent Leader who has been building tech teams across large orgs and startups for 10 years. An enthusiastic amateur in all things tech, but with a personal crusade to help improve UX and UI in open source tools. If we want to usher in the year of the penguin, we have to pay attention to that stuff! In my spare time I like to break HR Tech or volunteer my time and knowledge to help companies and candidates/employees meet each other in right way.

Adrian Tiron
Adrian Tiron is a Co-Founder & Principal Pentester/Red Teamer at FORTBRIDGE with 20 years of experience in cybersecurity. He has a proven track record of success working with top companies in the UK, US, and Europe. As a dedicated researcher and blog author, Adrian has uncovered multiple critical vulnerabilities in open-source and commercial software, contributing significantly to improving online security.

Gary Archer

Gary Archer is a Product Marketing Engineer at Curity with over 20 years’ experience as a lead developer and architect delivering investment banking solutions. His work includes leading OAuth-based migrations, designing distributed security architectures, and supporting complex business systems. At Curity, Gary focuses on teaching end-to-end security flows across web, mobile, and API environments, helping teams understand both the benefits and learning curve of modern identity architectures.

RAFFLE - win a prize (or two!) kindly donated by our sponsors!

RAFFLE PRIZES:
1. NINTENDO SWITCH2 GAMING CONSOLE
2. FLIPPER ZERO

TICKETS:

OWASP meetups are free and open to anyone interested in application security. Please note that you MUST REGISTER book your place to be admitted to the event by the building security. Your name will be checked against the guest list.
REGISTER HERE: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431

CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

PHOTOGRAPHY
Please note that OWASP events are open to the public, and OWASP does not restrict attendees (including OWASP staff, volunteers, sponsors, and media) from taking photos or videos at our events.
The talks will be video recorded.
By attending OWASP events, you acknowledge that you are in a public space and that attendees (including OWASP staff, volunteers, sponsors, and media) may capture your image in photos and videos. Nevertheless, OWASP encourages event attendees to exercise common sense and good judgment and respect the wishes of other attendees who do not wish to be photographed at the Events.

SPONSORS

This event is kindly sponsored by Curity.io and kindly hosted by Civo Tech Junction.

Additional Raffle prize sponsored by Fortbridge

REGISTER TO HERE: https://www.eventbrite.co.uk/e/owasp-london-chapter-meetup-tickets-1982398885431
5 attendees