What we’re about
OWASP Orange County Chapter. The Open Worldwide Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Support your Orange County Chapter: only $50 for the entire year!
Become an OWASP Member TODAY
Sponsors
See all
Endor LabsMeeting Supporter: Use open source without drowning in security noise
Qwiet AIMeeting supporter: On a mission to change the world of security
Become an OWASP-OC Meeting SupporterBecome a meeting supporter by donating $1200 to the chapter.
Google Cloud SecurityMeeting Venue Sponsor: Make Google part of your security team
PeopleSpaceMeetup Supporter: A tech startup community fostering startups.
SynopsysMeeting &Streaming Supporter: helping customers build trust in software.
Security InnovationMeeting Supporter: Training that goes beyond the code.
Contrast SecurityMeeting Supporter: Comprehensive Security Observability for Software
ShiftLeftMeeting Supporter: Release secure code at scale.- Endor LabsMeeting Supporter: Use open source without drowning in security noise
- Qwiet AIMeeting supporter: On a mission to change the world of security
- Become an OWASP-OC Meeting SupporterBecome a meeting supporter by donating $1200 to the chapter.
- Google Cloud SecurityMeeting Venue Sponsor: Make Google part of your security team
Upcoming events (1)
See all- Scaling AppSec Through Runtime Threat ModelingMicrosoft Innovation Hub, Irvine, CA
NOTE1: NEW LOCATION. TAKE NOTE!!!!!
NOTE2: The following will be in effect and mandatory for this meeting venue. Same procedure from our other location.
- RSVPs will close at 11:59 PM PT on Monday, May 19th, so kindly submit your RSVP by then. Walk-ins will not be permitted.
- Microsoft Security mandates that RSVPs include your full name (in Meetup settings) and that you bring your ID, which will be checked at the entrance to match your RSVP.
- If your first and last name do not appear in our admin view, we will contact you.
- Alternatively, feel free to reach out directly or email us at orange-county-leaders@owasp.org to provide that information or any questions you may have regarding the event.
Abstract
Application security teams are drowning in findings from a sprawl of disconnected tools. As development accelerates—with AI-driven tooling, microservices, and cloud-native architectures—the ratio of code to developer is exploding. But the ratio of AppSec engineers to developers isn’t keeping pace, leaving security teams overwhelmed and reactive.It’s time to flip the model: instead of starting with findings, we must start with the application. Vulnerabilities are just one signal—without deep application context, they're noise. Real-time application modeling enables teams to understand how applications actually behave in production: what code is reachable, which services talk to each other, what data is exposed, and where trust boundaries are violated.
In this talk, we’ll demonstrate how runtime-aware application modeling can surface critical risks that traditional approaches miss, eliminate false positives, and bridge the gap between AppSec and engineering. We'll walk through real-world examples of how modeling helps prioritize what truly matters—and why this shift is essential for scaling security in modern software development.
