OWASP

Want to be a speaker? submit your talk to our Call for Presenters!!! https://sessionize.com/cbus-hug-2026/

Bring your Raspberry Pi, Arduino, microcontroller, or any other electronic project and join fellow electronics makers for a night of creativity and collaboration! This session is open forum to share your current projects—whether complete or in progress, it’s all interesting! Whether you’re deep into embedded systems, exploring new ideas, or just getting started, you’ll find a welcoming space to collaborate, share, and get inspired. **New to electronics or curious about tinkering?** You’re absolutely welcome. If you’re a beginner and want to experiment, I’ll have a couple of starter kits available so you can try things out—whether that’s blinking your first LED, putting something on a display, or experimenting with simple sensors. No pressure and no experience required—just an interest in learning and building. While we continue to pursue a more permanent venue for this Meetup, we’ll be using public library facilities based on availability. This session will be at the Worthington Park Library in the Olentangy Meeting Room.

**Improving Office in Franklinton** Physical location: Improving Office 330 Rush Alley Suite #150 Columbus, OH 43215 Schedule: 6:00 p.m.: Socialize, eat, and drink. Improving will be providing pizza and beverages. 6:30 to 8:00 pm. Main meeting and presentation(s). Topic: This month Chris Pazsint will be talking about Agentic Coding. How does one use CLI Based Agents, and Agentic IDEs such as Cursor, Kiro, Antigravity? How to include agentic coding plugins for IDEs you already love such as Visual Studio Code. We meet on the last Monday of each Month. Presentations are given by members and friends of this group. If you would like to do a presentation (small or large) on a python topic, please contact Central OH Python at centralohpython@gmail.com

**About this Event** Curious how your secure coding skills stack up in real-world scenarios? Join OWASP St. Louis for a **hands-on Secure Code Training Tournament** sponsored by Security Journey. This is not a lecture... you’ll be actively solving real vulnerabilities in a live, interactive environment. **What to Expect** * Hands-on secure coding challenges (break/fix format) * Real-world vulnerability scenarios developers face today * Friendly competition with a live leaderboard * Prizes awarded to the **top 3 participants** **Important Details** * **Laptop required** (you’ll be coding) * Hybrid format: join **in-person or remotely** * Pre-registration required to access the platform * You do not need to be an experienced developer or security expert to participate. The challenges start easy and progress from there. Come have fun! In addition to RSVPing to this Meetup event, please register here to secure your spot and get platform access: [https://forms.office.com/r/VpTMjg8Smw](https://forms.office.com/r/VpTMjg8Smw) Whether you're a developer, AppSec professional, or just getting started, this session is built to sharpen real skills! (\* OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security) **Event Details** 📍 **Location:** RubinBrown, 7676 Forsyth Blvd., Suite 2100, Saint Louis, MO 63105 🗓 **Date/Time:** April 28, 2026 / 6:00pm CST **Food and Drink will be provided!** Please RSVP so that we can plan accordingly. ℹ️ **Parking Directions:** * Google map to “North Lyle Avenue & Forsyth Boulevard, Clayton, MO 63105” Link: https://maps.app.goo.gl/WYqyZ3Jv9cUBBF289 * Enter the **Parking Garage #4** (from Forsyth Blvd) next to Dry Bar * **Pull a ticket at the gate** and proceed into the garage, turning right. * Up the ramp is visitor parking. **You may have to go up past the 6th floor.** * **Take elevator to \*L** (Lobby of Centene Plaza C) * Check in at the OWASP sign-in table in the lobby; you'll be escorted up * **Bring your parking ticket with you** to get validated at the meetup. **Who Should Attend** * Application & security professionals * Software engineers and developers * IT leaders and managers * Anyone with an interest in application security * You DO NOT need to be an OWASP member to attend! **About OWASP** The Open Worldwide Application Security Project (OWASP) is a nonprofit foundation dedicated to improving the security of software. Local chapters provide opportunities to learn, network, and collaborate with others in the field. Come to learn more and participate in OWASP Saint Louis - your voice will continue to help shape what OWASP Saint Louis becomes next.

It feels like we just saw each other 🤷. Join members of the local design and UX community for our monthly breakfast. For May we’re stopping in for Rooh’s popup breakfast/cafe concept. You know someone is getting the lobster yuzu croissant, and that’s not even the prettiest thing on the menu!.

What does a trojan look like when it has over 900k+ combined installs and a Forbes write-up? Exactly like a legitimate Chrome extension. This session presents a technical dissection of two Chrome extensions, each with over one million active installations — that functioned as trojans in production environments, evading detection while operating through entirely legitimate browser APIs. These were not obscure tools. They were widely trusted, actively recommended, and covered by mainstream press before their malicious behavior was fully understood. We will walk through the actual source code of both extensions, showing precisely how the malicious functionality was constructed, concealed, and executed at scale. This analysis anchors a broader examination of how modern compromises actually succeed. Drawing on aggregated real-world incident data, we identify the technique categories currently delivering the highest adversary return, and why they keep working. Spoiler: it's rarely a zero-day. It's trust. The Chrome extension deep-dive will cover: * Line-by-line source analysis of how malicious functionality was embedded within working, useful software * Which browser permission scopes were abused, and why a million users — and their IT teams — didn't see it coming * The behavioral and structural indicators that distinguish a trojan extension from a legitimate one, and how to operationalize detection around them This session closes with a practical defensive prioritization framework built around observed attacker behavior: which mitigations are measurably reducing risk in production environments, which are consuming budget without impact, and a scoring methodology your team and leadership can apply immediately. **Source material:** Primary analysis of extension source code, corroborated by reporting from Forbes and other established outlets. **What this is not:** A vendor pitch, a speculative threat narrative, or a surface-level breach retrospective. **Who should attend:** Security architects, AppSec and cloud security practitioners, blue team leads, threat hunters, browser security practitioners, and security leaders responsible for prioritizing risk and investment decisions.

**Latest Dojo Location!** **Knotty Pine Brewing** 1765 W 3rd Ave, Columbus, OH 43212 We're going to try a new dojo location for a few weeks and see how it works Dojos are informal Python group study sessions where everyone interested in Python gathers to learn about Python, help others with Python, or just hang out. Everyone is welcome from Python beginners to experts. Bringing a laptop is encouraged (we'll have extension cords and power strips). If there's something you want to learn leave a comment on this invite so we can plan ahead. We're looking for speakers for our Monthly Meetups! Fill out the form if you are interested in presenting to the Python Community. https://forms.gle/ehSfUAC2WgR34Crq9