This event is kindly sponsored and hosted by Amazon. There is limited seating available for in-person attendees. Registration required. Please note that this event will be live-streamed on YouTube for the online audience. Recordings will be available on OWASP London YouTube channel: https://www.youtube.com/OWASPLondon
Venue Location: 1, Principal Place, Amazon LHR16, Worship St, London EC2A 2FA
Nearest Tubes: Liverpool Street - 6 min walk, Shoreditch High Street Overground 7 min walk
Doors Open at 6pm for registration, food, drinks and networking. The talks start at 6:30pm (we start on time).
OWASP Introduction, Welcome and News - Sam Stepanyan
Welcome and a brief update on OWASP Projects & Conferences
Talk 1: "Security Chaos Engineering: When and How You Should Break Your System" - Anais Urlichs
The real cost of misconfiguration for businesses has been set to several trillion over the past years. These costs are the result of misconfiguration in infrastructure and workloads. One way to proactively identify misconfiguration is through security scanning. The scan results provide us with insights into the security posture of our services over time. However, these scanners treat our resources as static and evaluate misconfiguration only in single instances. To assess the potential impact of misconfiguration in our production environment, we need additional tools. In this talk, we will look at ways Chaos Engineering and Security Experimentation can help us minimise the potential damage of misconfiguration. Chaos Engineering is the process of intentionally introducing fault into a system to test its resilience to failure. Anais will walk you through the principles of Security Chaos Engineering and how it can be used to proactively identify misconfiguration and make our deployment pipeline and services more robust.
Talk 2: "It’s Not a Bug It’s Emergent Behaviour - Generative AI, Its Cybersecurity Risks and Benefits" - Sherif Mansour
A curated talk on generative AI, where Sherif will present his research findings beginning with an overview of the technology, then discuss its current technical risks, and explore its promising security use cases without making grand claims. Additionally, this talk dive into design considerations when developing web applications utilising generative AI. To conclude, Sherif will introduce open-source software announced during the talk, encouraging attendees to use and investigate them at their own discretion.
Anaïs Urlichs (@urlichsanais)
Anaïs Urlichs is a Developer Advocate at Aqua Security, where she contributes to Aqua’s cloud native open source projects. When she is not advocating DevOps best practices, she runs her own YouTube Channel centered around cloud native technologies. Before joining Aqua, Anais worked as SRE at Civo, a cloud native service provider, where she worked on infrastructure for hundreds of tenant clusters. As OpenUK ambassador, her passion lies in making tools and platforms more accessible to developers and community members.
Sherif Mansour (@kerberosmansour)
Sherif Mansour is the global director of information security at JustEat Takeaway.com and has been working in the field of information security for 19 years. He was the OWASP chairman and sat on of the OWASP foundations' board for four years. He was also one of the founding governing board members for the OpenSSF Foundation which he represented the OWASP Foundation. Sherif contributed to several OWASP projects and was one the main authors of the CIS Benchmark for Tomcat 7/8. As a security researcher he has disclosed vulnerabilities in Microsoft, Oracle, SAP and SiteSpect products.
This event is free to attend for both members and non-members of OWASP and is open to anyone interested in web application and cyber security. Please note that you MUST book your place to be admitted to the event by the building security - your name will be checked against the guest list. Please bring a Photo ID as this is the Amazon's building security requirement.