

O que melhor nos representa
About the OWASP® Foundation: The Open Web Application Security Project (OWASP®) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible so that individuals and organizations worldwide can make informed decisions about actual software security risks. Everyone is free to participate in OWASP, and all of our materials are available under a free and open software license. You’ll find everything about OWASP linked from our website and current information on our OWASP Blog. OWASP does not endorse or recommend any product or service. This allows our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. We do offer and encourage joining as an individual member for additional benefits offered.
Próximos eventos (1)
Ver todos- #6 The FarmerOrdem dos Engenheiros OERN, Porto
OWASP Porto Chapter meetup: July 2nd, 2025, at 18:00. With support from Ordem dos Engenheiros - Região Norte (OERN).
We are excited to bring you another OWASP Porto event. As always, we look forward to seeing you at our next meetup!
How to get there: The event will be at OERN. See the event location below for the full address.
Schedule
18:00 - Intro and Welcome by the OWASP Porto chapter leadership
18:15 - Applying Threat Modelling in modern development environments by Gonçalo Matias
19:00 - Jedi^WGenAI Mind Tricks - Are these the secure chatbots you’re looking for? by Bruno Morisson by Bruno Morisson
20:00 - Drinks & Dinner by OERN.-------------------------------------------------------------------------------------------------------
Talks
Title: Applying Threat Modelling in modern development environments
Speaker: Gonçalo MatiasAbstract:
In today’s fast-paced software development, understanding and mitigating security risk is paramount. Adopting security activities early in the software development lifecycle is crucial for the efficient management of resources and for controlling development costs. Threat modelling stands out as one of the most impactful ways to “shift left”.
This session will leverage the fact that every person is already consistently applying some form of threat modeling in their day-to-day activities, and expand that existing capability into a more structured skill. We will explore various approaches, including how Ocado Technology applies its own methodology to threat modeling.
Whether developing simple plugins or large-scale systems, securing serverless apps or complex microservice architectures, working within agile sprints or traditional waterfall methodologies, this session will equip participants with strategies for analyzing the risk profile of an app and applying threat modeling processes suitable to that profile.Bio:
Gonçalo Matias is a Senior Application Security Engineer at Ocado Technology, bringing over 20 years of software development experience across diverse platforms, languages, and frameworks. A security enthusiast since his earliest projects, his career evolved from software development to specialised security roles, including research and penetration testing. Gonçalo is deeply interested in the interplay between security and business objectives, with threat modelling as his favorite security activity. He plays electric guitar and is an instructor of "Haidong Gumdo", a Korean sword martial art.Linkedin: https://www.linkedin.com/in/goncalo-matias/
————
Title: Jedi^MGenAI Mind Tricks - Are these the secure chatbots you’re looking for?
Speaker: Bruno MorissonAbstract:
After experimenting with various public challenges on LLM chatbots—like Gandalf, PromptAirlines, and more—I decided to build my own. Not just to understand how LLMs work, but to see how easily I could break them.
In this talk, I’ll dive into the security risks of Generative AI, particularly LLM chatbots, and explore vulnerabilities that are often overlooked. From sensitive information disclosure to prompt injections and jailbreaking, I’ll walk you through real-world examples that demonstrate just how these systems can be manipulated. No tinfoil hat required.Bio:
Bruno Morisson is a seasoned cybersecurity expert with over two decades of experience in offensive security, penetration testing, and red teaming. As the Partner and Offensive Security Services Director at Devoteam Cyber Trust, he leads world-class security testing across web and mobile applications, IoT, OT/SCADA, and threat-led penetration testing frameworks like TIBER-EU and DORA.
Beyond his professional work, Bruno is a driving force in the cybersecurity community. He is the founder and organizer of BSidesLisbon, Portugal’s top security conference, and serves as a member of the CREST Europe Council, helping shape industry standards. His research contributions include multiple CVE disclosures, Metasploit modules, and publications on SAP security, honeypots, and Linux audit systems.
Bruno holds an MSc in Information Security from Royal Holloway, University of London, alongside an impressive list of certifications, including OSCP, CISSP, CISA, and GIAC GPEN.
And in case you were wondering—yes, this entire bio was generated by GenAI.Linkedin: https://www.linkedin.com/in/morisson/
-------------------------------------------------------------------------------------------------------
How to get there
Ordem dos Engenheiros - Região Norte (OERN), R. de Rodrigues Sampaio 123, 4000-425 Porto.