Software Security

Join us for discussions about what’s happening in the world of XP, UX and software engineering in general. **What to expect:** Lively discussion amongst a diverse group of members within a friendly and safe space. New members welcome, the only thing we ask is that you care about software engineering and are happy to offer an opinion or two. **Planned Lightning Talk: "Self-improving docs" by Rachel-Lee Nabors** After being really, really ridiculously good with docs for many years, I wanted to return to engineering. So I automated the editorial that took so much of my time! Now engineers can write really really ridiculously good docs right there in GitHub. Check it out! \~ [R "Nearest" Nabors](https://bsky.app/profile/nearestnabors.com) **When and where:** Expect people to start arriving from 5.30pm UK. The meetup will officially run until \~8.30pm UK (but you won't be kicked out!) Upstairs at The City Pride, 28 Farringdon Ln, London EC1R 3AN (5 min walk from Farringdon station) This venue is not wheel-chair accessible, sadly. **Agenda:** 5.30pm Soft start - everyone mingling 6.00pm 15 mins for lightning talks 6.15pm Topic Proposals 6.25pm Voting on topics 6.30pm First session - break out into groups, discussions happen 7.00pm Come back together, summarise any a-has 7.15pm Second session - break out into groups, discuss more 7.45pm Come back together again, share a-has 8.00pm Wrap up, then either farewell, or carry on talking If you have been to XTC at the City Pride before, you may be familiar with the excellent pizzas there. We no longer have a budget to buy them for the group, but participants should feel very free to order for themselves. *** About XTC The eXtreme Tuesday Club (XTC) is London's oldest agile meetup, and has been meeting since 1999. Initially the meetup was focused on discussing Extreme Programming (XP), but it has expanded to include anything XP, agile, lean, or the larger context in which we do software development activities. We welcome all software development newbies, practitioners, and experts to discuss topics of interest over drinks. Follow @extremetuesday (https://twitter.com/extremetuesday) on Twitter for announcements and updates, or use the hashtag #XTCLondon (https://twitter.com/hashtag/XTCLondon) to find and share insights.

It's that time of the year again, Rust Nation UK. We are excited to have Rustaceans who have flown in to meet the London community, forge new friendships, and engage in insightful discussions. Tickets are still available for the conference. Community Promo code: RustLDN2026 [https://www.rustnationuk.com/tickets](https://www.rustnationuk.com/tickets) **Community Showcase** \-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\- **Iason Paraskevopoulos** **Title: Building an OSS Remote Pair Programming App in Rust** **Abstract:** Hopp is a multi-user remote control and screen sharing app designed for fast, natural collaboration. This talk walks through how the system works end-to-end, from cross-platform screen capture and input handling to low-latency video streaming. It covers why we chose Tauri for cross-platform development early on, the headaches caused by WebKit’s inconsistencies and WebRTC issues, and why we are moving towards a Rust-native UI. **David Wood (Rust Compiler Team Co-Lead)** **Title: Extending Rust’s notions of sizedness** **Abstract:** This talk is based on work I am completing upstream as the co-lead of the compiler team and the lead of Arm’s Rust team. It is based on this RFC - https://github.com/rust-lang/rfcs/pull/3729, which is partially implemented. We hope to stabilise the implemented parts before this talk is presented. More Talks to come......

Hello everyone and welcome to 2026! I hope you all had a wonderful Christmas and New Year.. Assuming your New Year resolutions will be to attend more Data & AI London meet ups? 🫠 Either way we have another year of events that will be filled with insights, content, networking and all things Data & AI! This year we will be kicking things off with a biggie as always... a talk from Anthropic and Snyk. **Adriaan Engelbrecht \| Member of Technical Staff @ Anthropic** ***Latest Product Updates from Anthropic*** Some currently out there and potentially some unannounced yet 👀 **Sonya Moisset \| Staff AI Security Advocate\, SecRel @ Snyk** ***Securing Vibe Coding: Addressing the Security Challenges of AI-Generated Code.*** As AI coding tools become embedded in daily development, they bring a new wave of productivity, and new security risks. In this session I break down the security implications of Vibe Coding and share actionable strategies to secure AI-generated code at scale. Please aim to arrive at 6pm. The talks will start around 6.30pm (give or take a few mins) and there will be pizza and refreshments as always on arrival :) Look forward to seeing you all soon!

PLEASE NOTE YOU MUST book and pay for your ticket in advance at http://www.londonbuiltenvironment.com/ The London Built Environment committee would like to extend you an invitation to our June 2026 Mayfair Networking Reception to be held at the famous Brooks Mews Wine House - and hope you can join us for after-work drinks, their canapés and productive business networking to make new contacts and deals for 2026. We now have over 20,000 diverse and relevant London members so it’s the perfect opportunity for making new business connections. See photos from our latest events at http://www.londonbuiltenvironment.com/ PLEASE NOTE YOU MUST book and pay for your ticket in advance at http://www.londonbuiltenvironment.com/ ALSO PLEASE NOTE we take most of our event bookings through our website and EventBrite so the numbers booked is much larger than displayed on this Meetup page (normally about 70-100 guests).

Our first 2026 London Evening D365 and Power Platform User Group event will take place on Tuesday 17th Feb 2026 at 6 PM. **Agenda:** * 6.00pm - Registration and Networking * 6.30pm - Welcome and Introduction * 6.40pm - AI Context is King: Using Business Central's MCP Server with your Copilot Agents - Andrew Wingate (Microsoft MVP) * 7.20pm - Break, Networking and Pizza * 7:50pm - Building Better PCF Controls with AI - Jason Du Plessis (Microsoft - FAST Track Architect) * 8:30pm - Interactive Session - Dynamics 365 & Power Platform Careers - A Rollercoaster of Experiences - London UG Team (Erfan, Atif, Tammy, Pritesh and Faheem) * 9:00pm - Close **Want to present in next event?** If you are interested in presenting, then drop us a line at london@d365ppug.com. First-timers and our tech women are especially welcome :) **The event will be at:** Dotdigital Offices 9th Floor, 1 London Bridge, London SE1 9BG A member of the user group will be at the entrance to greet and direct you to the conference room.

Do you struggle to say no? Do you find yourself over-explaining, people-pleasing, or feeling responsible for everyone else’s feelings? Healthy boundaries aren’t about pushing people away — they’re about protecting your time and energy, and creating more peace in everyday life. This session explores how to: – recognise where boundaries are needed – let go of guilt – communicate limits calmly and clearly **This is a free live in-person 40-minute seminar.** **If you would like to make a voluntary donation, please click** [here.](http://%5Bhttps//www.innerspace.org.uk/donations/%5D(https://www.innerspace.org.uk/donations/) "\[https://www.innerspace.org.uk/donations/\](https://www.innerspace.org.uk/donations/)") \* I consent to my submitted data being collected and stored. We will process your personal data in line with the GDPR requirements and always store it securely and use it only for the purpose for which it has been collected. We will not pass on your details to any third parties without your consent.

Hi Architects, Welcome to our the inaugural AWS London Well-Architected User Group Meetup!!! 🥳🥳🥳 The AWS London Well-Architected Meetup is the latest chapter in the most popular AWS Meetup group globally. At each meetup we covered off various pillars of AWS best-practice in detail including insights from industry leaders that specialise in the Well-Architected Framework. And a drones giveaway. We'll be announcing more speakers during the coming months but our speakers this month include: * **Are you Well-Architected? Will Lawrie - Business Development Manager @ AWS** * **Well-Architected as a Business Tool: Translating Pillars into Business Outcomes - James Harding, Technical CSM @ Green Custard** * **Understanding and Remediating Opportunities** **-** **Aoife Egan, Cloud Optimisation Solutions Architect II @ AWS** This month's menu will include: * Pizzas * Beer * Wine: Big and red 🤤 So come join us at 5:30 for a 6pm start, followed by beer, wine, pizza and friendly networking after our talks :-) \*\*\*NB: No entry to the building after 6pm. Photo ID required.\*\*\*

## Details Welcome to the DevSecOps London Gathering February Event on Wednesday 19 Feb in collaboration with London DevOps! We bring you two amazing talks, as well as the usual conversations, pizza and beer! 📍 **Hosted at Autogen AI, Pentonville Road, London** 📅 **Wednesday, 19 February** 🕕 **6:00–8:00 PM** ## Talk 1 **Abstract:** Concrete CMS, a popular open-source content management system, contains a critical flaw in its file upload functionality that can be exploited in two distinct ways. This talk demonstrates how a single upload can lead to a Server-Side Request Forgery (SSRF), allowing access to internal cloud resources, and a double race condition that enables Remote Code Execution (RCE) via a malicious backdoor. We’ll walk through the exploitation process, show how existing protections can be bypassed, and highlight practical steps to secure file upload mechanisms in real-world applications. ## Talk 2 **Abstract** Treat authentication as a production-critical system with its own failure modes and operational risks. In this talk, I break down real-world auth incidents involving JWKS rotation errors, refresh token storms, clock drift, and session store outages. I show how to define SLIs and SLOs that measure user impact and how to build monitoring and alerting that expose real reliability problems. I demonstrate practical guardrails such as token caching, exponential backoff with jitter, circuit breakers, and feature-flagged degraded modes. Finally, I walk through an incident runbook that helps teams diagnose, mitigate, and recover from authentication failures safely and quickly.

**Quick heads up: RSVPing here helps us gauge interest, but you’ll need to complete your registration on AI Camp to save your spot and get event updates. It only takes a minute. Sign up [here](https://www.aicamp.ai/event/eventdetails/W2026021910) and you’re all** **set**. **[https://www.aicamp.ai/event/eventdetails/W2026021910](https://www.aicamp.ai/event/eventdetails/W2026021910)** AI is already part of how developers work: Coding assistants. Autonomous agents. Background tasks. PR reviews. But in most companies, AI usage is either completely ungoverned or quietly blocked. This meetup is for developers who want to understand what AI governance actually means in practice, without turning their workflow into a compliance nightmare. We’ll focus on how teams are introducing guardrails that protect source code, credentials, and infrastructure while still letting developers move fast. No policy decks. No buzzwords. Just real examples of how AI agents are being used safely inside modern dev environments. **You’ll walk away with:** \- A clear understanding of what AI governance actually means for developers\, not just security teams \- Insight into why AI agents need different permissions than humans and where most teams get this wrong \- Practical examples of how guardrails can speed teams up instead of slowing them down \- A simple mental model you can apply whether you’re experimenting with AI locally or rolling it out across a team **Who this is for:** \- Beginner → intermediate software developers \- Platform engineers and DevOps folks supporting dev teams \- Anyone using \(or wanting to use\) AI tools beyond simple autocomplete **Agenda:** \* 6:00pm\~6:30pm: Checkin, Food and Networking \* 6:30pm\~6:45pm: Welcome/community update \* 6:45pm\~8:30pm: Tech talks and Q&A \* 8:30pm\~9:30pm: Open discussion & Mixer

We're hosting our first meetup of 2026 in collaboration with our friends from **DevSecOps London Gathering**. We'll be generously hosted at the AutogenAI offices near King's Cross, and we'll feature two talks that should be of interest to both audiences. **6:00pm - Arrival** **6:45pm - Introductions** **7:00pm - The Talks** **Concrete Evidence: Two Races, One RCE** - [Adrian Tiron](https://www.linkedin.com/in/tironadrian/) Concrete CMS, a popular open-source content management system, contains a critical flaw in its file upload functionality that can be exploited in two distinct ways. This talk demonstrates how a single upload can lead to a Server-Side Request Forgery (SSRF), allowing access to internal cloud resources, and a double race condition that enables Remote Code Execution (RCE) via a malicious backdoor. We’ll walk through the exploitation process, show how existing protections can be bypassed, and highlight practical steps to secure file upload mechanisms in real-world applications. Adrian is the Co-Founder and Principal Pentester/Red Teamer at Fortbridge, bringing over 20 years of hands-on experience in cybersecurity. Adrian is known for delivering highly technical, practical content drawn from real-world assessments, and is passionate about pushing the boundaries of modern application security. **Keeping login from taking down your product with an SRE approach to auth –** [Viola Lykova](https://www.linkedin.com/in/violaly/) Treat authentication as a production-critical system with its own failure modes and operational risks. In this talk, I break down real-world auth incidents involving JWKS rotation errors, refresh token storms, clock drift, and session store outages. I show how to define SLIs and SLOs that measure user impact and how to build monitoring and alerting that expose real reliability problems. I demonstrate practical guardrails such as token caching, exponential backoff with jitter, circuit breakers, and feature-flagged degraded modes. Finally, I walk through an incident runbook that helps teams diagnose, mitigate, and recover from authentication failures safely and quickly. Viola is a Senior Software Engineer in fintech with an SRE mindset, focused on authentication as a production system. I care about reliability, incident patterns, and the kind of testing that still holds up when traffic spikes, dependencies misbehave, or keys rotate at the worst possible time. Viola speaks on practical auth topics across security and reliability. **Participate in a future Meetup** If you'd like to speak at a future meetup, or if you are able to host or sponsor the event, please fill in this [form](https://docs.google.com/forms/d/1FYGHEWTeBb5vVztGGg2YoUJmKR03o9mZaFIghf6vjzo/viewform?edit_requested=true) and we'll get back to you.

🗓 **Agenda:** * 6:00pm: Doors open * 6:00pm - 6:30pm: Food, Drinks & Networking * 6:30pm - 7:15pm: Rafael Natali, Lead DevSecOps, Marionete * 7:15pm - 8:00pm - Additional Q&A & Networking 💡 **Speaker:** Rafael Natali, Lead DevSecOps, Marionete **Abstract:** Kubernetes gives us abstraction and power—but with great YAML comes great responsibility. In this talk, we’ll walk through live demos of real-world misconfigurations that allow attackers to escape containers and tamper with the host. You’ll see exactly what happens when Pods run in privileged mode, use hostPath volumes carelessly, or retain excess Linux capabilities. We’ll also show how to detect these attacks in real time using Falco, and enforce safety nets with Pod Security Admission. If you’ve ever wondered "what’s the worst that could happen?"—this session answers that with receipts. **Bio:** [Rafael Natali](https://www.linkedin.com/in/rafaelnatali/) has 20 years of experience in the IT industry, specifically as a System Administrator and DevSecOps professional. Throughout his career, he has developed extensive knowledge in designing, operating, and troubleshooting solutions that prioritize scalability and reliability. Rafael is also an expert in Automation as well as Continuous Integration and Delivery. He has been working with Kubernetes since 2018 and is recognised as a [Kubestronaut](https://www.cncf.io/training/kubestronaut/) since 2024. Currently, Rafael leads a team that is implementing a hybrid streaming data and analytics platform for a major insurance company in the UK. \*\*\* DISCLAIMER NOTE: We are unable to cater for any attendees under the age of 18.

**Important:** Register on the [event website](https://www.aicamp.ai/event/eventdetails/W2026021910)[ ](https://www.aicamp.ai/event/eventdetails/W2025110510)is required for admission. We are excited to partner with Coder for a special edition of our AI Meetup in February, focusing on AI governance and compliance for developers. AI is already part of how developers work: Coding assistants. Autonomous agents. Background tasks. PR reviews. But in most companies, AI usage is either completely ungoverned or quietly blocked. This meetup is for developers who want to understand what AI governance actually means in practice, without turning their workflow into a compliance nightmare. We’ll focus on how teams are introducing guardrails that protect source code, credentials, and infrastructure while still letting developers move fast. No policy decks. No buzzwords. Just real examples of how AI agents are being used safely inside modern dev environments. **You’ll walk away with:** * \- A clear understanding of what AI governance actually means for developers\, not just security teams * \- Insight into why AI agents need different permissions than humans and where most teams get this wrong * \- Practical examples of how guardrails can speed teams up instead of slowing them down * \- A simple mental model you can apply whether you’re experimenting with AI locally or rolling it out across a team **Who this is for:** \- Beginner → intermediate software developers \- Platform engineers and DevOps folks supporting dev teams \- Anyone using \(or wanting to use\) AI tools beyond simple autocomplete **Agenda:** \* 6:00pm\~6:30pm: Checkin, Food and Networking \* 6:30pm\~6:45pm: Welcome/community update \* 6:45pm\~8:30pm: Tech talks and Q&A \* 8:30pm\~9:30pm: Open discussion & Mixer **Tech Talk: AI Governance for Developers** **Speaker:** Eric Paulsen, Field CTO, Coder **Abstract:** In this session, we will deep dive into AI governance for developers. We will explores the often-unseen risks developers face when using AI tools—from unintended data exposure to tool lock-in—and how teams can implement lightweight, developer-friendly governance. Learn how to build secure, standardized AI workflows that provide guardrails without slowing innovation, so you can ship with confidence. **Speakers/Topics:** Check the [event website](https://www.aicamp.ai/event/eventdetails/W2026021910) for speakers and topics. If you have a keen interest in speaking to our community, we invite you to submit topics for consideration: [Submit Topics](https://forms.gle/JkMt91CZRtoJBSFUA) **Sponsors:** We are actively seeking sponsors to support AI developers community. Whether it is by offering venue spaces, providing food, or cash sponsorship. Sponsors will not only speak at the meetups, receive prominent recognition, but also gain exposure to our extensive membership base of 20,000+ AI developers in London and 500K+ worldwide.

**Important time note:** Please plan on arriving between 5:30 and 6:00 as the elevators lock after 6 and you'll need to message us and we'll need to come get you. The building address is 4450 Bridge Park The entrance is 6620 Mooney St, Suite 400 **Abstract** TBD **YouTube Link** TBA

Want to be a speaker? submit your talk to our Call for Presenters!!! https://sessionize.com/cbus-hug-2026/

Bring your work or your hobby, hang out, and code with us. Follow @buckeyecocoa for more information.

**Presenter:** Auri Rahimzadeh, Principal Software Architect, Momentum3 **Time:** Pizza at 6:00, Presentation Starts at 6:30pm Eastern **Location:** Theoris, 9000 Keystone Crossing, Suite 230, Indianapolis .NET 10 is here alongside a practically rewritten Visual Studio 2026. Learn about the new C# 14 features, VS2026 niceties, and more! Looking forward to seeing you there!

**NEW LOCATION: Improving Office in Franklinton** Physical location: Improving Office 330 Rush Alley Suite #150 Columbus, OH 43215 Schedule: * 6:00 p.m.: Socialize, eat, and drink. Improving will be providing pizza and beverages. * 6:30 to 8:00 pm. Main meeting and presentation(s). See the handy Parking Map - we recommend street parking. [Street Parking Map](https://docs.google.com/presentation/d/1u2A4fLNlxwLJn0KA_hKc8bnFlFHLvsHBDh-_8wzX_tk/edit?usp=sharing) We meet on the last Monday of each Month. Presentations are given by members and friends of this group. If you would like to do a presentation (small or large) on a python topic, please contact centralohpython@gmail.com

**New Dojo Location!** **Draft Day Columbus** 1130 Dublin Road Columbus, OH 43215 We're going to try a new dojo location for a few weeks and see how it works Dojos are informal Python group study sessions where everyone interested in Python gathers to learn about Python, help others with Python, or just hang out. Everyone is welcome from Python beginners to experts. Bringing a laptop is encouraged (we'll have extension cords and power strips). If there's something you want to learn leave a comment on this invite so we can plan ahead. We're looking for topic suggestions and people interested in presenting at our monthly meetings. To this end we've set up a survey form at [https://docs.google.com/forms/d/15eBKF1nQQ2XS5gzD4rvhVRHMBEj7lJtHuA9wXupS3Uc](https://docs.google.com/forms/d/15eBKF1nQQ2XS5gzD4rvhVRHMBEj7lJtHuA9wXupS3Uc)

Christians in Tech is a community at the intersection of faith and technology. Our meetups are designed to spark meaningful conversations, promote knowledge sharing, and encourage growth—both in your career and your spiritual walk with God. Whether you're an experienced professional or just starting your tech journey, CIT welcomes you. Our Website [https://linktr.ee/citcbus](https://linktr.ee/citcbus) Sponsors and Partners * Improving (Venue Sponsor) * Bethel World Prayer Center (Fiscal Sponsor) * Fruits & Roots (Coffee Partner)