What we’re about
The Open Worldwide Application Security Project (OWASP) is a not-for-profit, organization focused on improving the security of all software. Our mission is to improve software security through Open Source initiatives, community education, and networking. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.
The OWASP LA (Los Angeles) chapter was formed in 2008. We hold meetings on the 4th Wednesday of every month, featuring great speakers on important appsec topics. Join us for food, drinks, to network and understand what application security is really about.
Become an OWASP Member TODAY
Support your LA Chapter: only $50 for the entire year! ($20 if you're a student)
Sponsors
See all
deepfactorAppSec 2.0: Security Without the Noise
Elite Technical ConciergeLead with clarity, lead with courage, lead authentically.
SynopsisThe All-in-One AppSec Platform Optimized for DevSecOps
OWASP - LAsponsorship.la@owasp.org
ErmeticHolistic protection for AWS, Azure and Google Cloud.
Endor LabsSecure open source software without the dev productivity tax
NowSecureAutomate Your Mobile App Security Testing
IriusRiskSecure software by design
AktoProactive API Security from Code to Deploy
Blackberry QNXReal-Time OS and Software for Embedded Systems
VirtisRevolutionizing Web Application & API Protection (WAAP)
Prisma CloudProtect Apps from Code to Cloud
SafebaseThe first zero-friction security review platform- deepfactorAppSec 2.0: Security Without the Noise
- Elite Technical ConciergeLead with clarity, lead with courage, lead authentically.
- SynopsisThe All-in-One AppSec Platform Optimized for DevSecOps
- OWASP - LAsponsorship.la@owasp.org
Upcoming events (4)
See all- OWASP LA Monthly In-Person Meeting - APR 24, 2024Fastly Culver City, Culver City, CA
TOPIC: Building A Product Security Team – The Good, The Bad And The Ugly - Lessons From The Field
Join us for great networking, dinner and drinks, and see a presentation by Peter Morin, Principal, National Cyber Security Leader, Grant Thornton LLPABSTRACT: Ensuring that the products and services we build, and deliver are as threat resistant as possible is extremely important today. Meeting this challenge is not just about building secure applications since we all know that rapid development of software as well as the evolution of threats and vulnerabilities can see our applications as secure today but vulnerable tomorrow. That is why having an established product security team and response capability is extremely important.
During this discussion, I will discuss, using real-world examples, including that of my own, how organizations can meet the demands of product security including:- Building a culture of security within your organization beyond firewalls and anti-virus
- How to “sell” security to executive management and explaining what product security does and doesn’t do (e.g., staffing, budgets, etc.)
- Building and deploying software using the "DevOps" approach, while maintaining a high level of security
- Difficulties of wearing multiple hats, with security being one of them
- Embedding “security” in the software development life cycle (SDLC)
- Establishing a proper security “response” program
- Product vulnerability transparency and developing a disclosure policy
- How to measure the success of your program
- Establishing a bug bounty program
THANKS to OUR SPONSOR: DevOcean
DevOcean Unified Remediation Platform™️, a Gartner Cool Vendor, helps organizations cut the time, backlog, and manual effort needed to fix issues and manage threat exposure. Going beyond traditional methods, DevOcean enables security, dev and devops teams to collaborate efficiently without the usual pain and friction of day-to-day operations. Our powerful workflow automation engine leverages the unique context of cloud-to-code root cause analysis and ownership association to deliver a highly accurate remediation solution that drives resolution at scale.CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policySPONSORSHIP Opportunities Available
Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org - Los Angeles Joint Cyber MixerBallast Point Brewing Long Beach, Long Beach, CA
Join us for our 2nd mixer with participating cybersecurity communities in Southern California, enjoy the beautiful weather, amazing sunset, great conversations, network with your peers, make new friends!
You **don'**t have to be a member of any group to participate. Mark your calendars; see you there!!SPONSORSHIP Opportunities Available
Vendors interested in sponsoring OWASP LA events please send an email to sponsorship.la@owasp.orgCODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy - OWASP LA Monthly In-Person Meeting - MAY 22, 2024Needs location
TOPIC: Securing Generative AI Applications using the OWASP Top 10 for Large Language Models
Join us for dinner+drinks, networking, and see a presentation by Steve Wilson, OWASP project leader and Chief Product Officer at ExabeamABSTRACT: What are the new risks that generative AI brings to your environment? In this cutting-edge session, we uncover the potential hazards that Large Language Models (LLMs) introduce to modern application ecosystems. Drawing on the expertise distilled in the OWASP Top 10 for LLMs, we offer a comprehensive roadmap for mitigating these risks. Attendees will gain insights into securing generative AI applications, recognizing the nuances of LLM vulnerabilities, and deploying defenses. This talk is a call to action for developers and security professionals to foster a culture of secure, responsible AI development. Equip yourself with the knowledge to anticipate threats, apply best practices, and build AI systems that are not only intelligent but also resilient in the face of cybersecurity challenges.
THANKS to OUR SPONSOR: Kodem
Kodem means “first” or “early” in Hebrew. A priority. We believe in helping appsec teams make security a priority by spotlighting risks that truly matter. We believe in helping developers improve code quality by shifting left and catching issues early. And we believe in making people a priority: our customers, our team, and our partners.CODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policySPONSORSHIP Opportunities Available
Vendors interested in sponsoring please send an email to sponsorship.la@owasp.org - OWASP LA Monthly In-Person Meeting - JUN 26, 2024Needs location
TOPIC: What's in your AI code? Learn why every SCA tool is wrong, and how to deal with it.
Join us for great networking, dinner and drinks, and see a presentation by Darren Meyer, Lead Solution Architect at Endor Labs.ABSTRACT: With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.
Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.
Thanks to our Sponsor: Endor Labs
Endor Labs’ Dependency Lifecycle Management Platform is designed to address the weakest link in software supply chain security: the ungoverned sprawl of open source software in the enterprise. Endor Labs’ mission is to help developers spend less time dealing with security issues and more time accelerating development through safe code reuse. With this solution, development and security teams are able to maximize software reuse by safely evaluating, maintaining, and updating dependencies at scale.SPONSORSHIP Opportunities Available
Vendors interested in sponsoring please send an email to sponsorship.la@owasp.orgCODE OF CONDUCT
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. You can find out more about our policies here:
https://owasp.org/www-policy/operational/conferences-events.html#conference-and-event-anti-harassment-policy
