OWASP Singapore Chapter

⚠️⚠️ Kindly RSVP on both Meetup and by completing this registration form: https://forms.gle/ibzvXh5opv8WucSM8

AGENDA

• 7:00pm: Registration
• 7:15pm: Introduction
• 7:30pm: Talk 1
• 8:10pm: Talk 2
• 8:45pm: Snacks + Networking

SPONSORS: Dexian Asia Pacific | SECDIM |

TALK DETAILS

Talk 1 : Conquering the Flames of Threat Modeling: Crash Course to OWASP Threat Dragon

Speaker : Donavan Cheah

About the talk: This session covers the fundamentals of threat modeling, starting with the four key questions from the Threat Modeling Manifesto, followed by an overview of the STRIDE framework. It introduces OWASP Threat Dragon and demonstrates how to deconstruct application architecture using sample projects. The talk also explores how to combine application-level threat modeling with the OWASP Web Security Testing Guide to build a structured pentesting methodology, and highlights why developing a threat modeling mindset is essential for growing from a junior to a senior pentester, before wrapping up with key takeaways.

Speaker Bio: Donavan brings nearly a decade of cybersecurity experience across red teaming, penetration testing, threat modeling, and risk assessments. He has actively contributed to the open source community through his series of deliberately vulnerable machines on Vulnhub between 2018 and 2021, and has demonstrated strong technical depth by delivering threat modeling talks at conferences across Europe and Asia, including DefCamp in Romania, FIRST Central Asia in Uzbekistan, GCC 2025 in Taiwan, and SINCON in Singapore, often using OWASP Threat Dragon to introduce practical concepts. At Thales, he also led the development of a fully functional, Singapore-built cybersecurity gamification experience called “Defend the Breach” within just three months, enabling participants to step into the role of CISOs and make strategic decisions around cyber budgets, threat response, and security capabilities.

Talk 2 : From Prompts to Pwned: Mapping Modern AI Threat Vectors

Speaker : Abhinav Singh

About the Talk : AI systems are expanding fast, and so are the ways they can be broken. Prompt injection is getting attention, but what actually makes it work? Where do the real risks sit, in the application layer or inside the model itself? And as agentic systems gain autonomy, what new attack surfaces are we introducing without fully understanding them?
This session breaks down common AI threat vectors, from prompt manipulation to deeper architectural weaknesses. We will look at how application and model level risks differ, and how agentic systems reshape traditional threat modeling. The goal is to move beyond hype and get clear on where the real security gaps exist and how to think about them.

About the Speaker : Abhinav Singh is an esteemed cybersecurity leader & researcher with over 15 years of experience across technology leaders and financial institutions, as well as an independent trainer and consultant. Author of "Metasploit Penetration Testing Cookbook" and "Instant Wireshark Starter," his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon, and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge white papers and industry reports on the safety and security of AI.

Since this is a free event, please RSVP only if you’re sure you can attend. We’ll be arranging food based on the number of responses, and no-shows can lead to unnecessary food wastage.