"Smart Contract Security -Assessing Solidity smart contracts" Dapps and many Initial Coin Offerings (ICOs) run on smart contracts and tend to process a substantial amount of funds. This makes them a target, and therefore they often undergo attacks. Combined with the blockchain immutability, vulnerabilities undiscovered during development will exist forever in the blockchain. This talk will dive into the most common smart contract security vulnerabilities and provide in-depth knowledge on how these issues occur and their mitigation. Real world examples will be discussed and vulnerabilities like re-entrancy, overflows, gas limit attacks etc. will be demonstrated. Speaker Bio: Evangelos Deirmentzoglou (@edeirme) joined the open source community in the winter of 2015 by contributing to Ncrack. In the summer of 2017 he took part in Google Summer of Code 2017 under the guidance of Fotis Chantzis in order to work on Nmap and Ncrack. He currently works as a Security Engineer at Positive Technologies, conducting code auditing, mobile & web penetration testing and smart contract security assessments. He is researching a cybersecurity PhD and focuses on source code analysis, which he has applied for a number of major U.S technology vendors, Fortune 500 companies, banks and medical institutions. This talk was presented at OWASP London Chapter Meeting on 30th-August 2018 at Microsoft Reactor. Slides download link: ... https://www.youtube.com/watch?v=zOUXrNxS_LE

"The Iceberg: Your Attack Surface Just Got Bigger (How to mitigate risks in your OSS projects)" - Sonya Moisset Software supply chain attacks are not a new security concern, but recent high-profile attacks such as SolarWinds, CodeCov, and Kaseya have brought the topic to the forefront of cybersecurity awareness across the globe. Supply chain attacks have not only increased in volume and frequency, but have also become more sophisticated. This trend, together with the potentially wide impact of a singular successful supply chain attack, requires maintainers to take dedicated steps to ensure the security and integrity of their projects. You will learn how to secure your CI/CD pipeline by setting up guardrails at each stage and harden your OSS projects.​​​ SPEAKER BIO Sonya Moisset (@SonyaMoisset) Sonya is a Senior Security Advocate at Snyk and a lifelong traveler who lived in the Middle-East, North Africa and Asia. Always looking for new challenges – she made a career change from International Business Consultant in Tunisia, Saudi Arabia and Singapore to Full Stack Software Engineer in South Korea to Cybersecurity in the United Kingdom. She is passionate about Open-Source, DevSecOps and Cloud Computing. She has been listed on the 2022 OpenUK Honours list. She is a mentor and a strong advocate for women in tech. She founded the initiatives Epic Women in Cyber and Epic Women in Tech to highlight amazing women in the industry and share their experiences and journey. The initiative won the Ally of the Year 2021 - People’s Choice award. She was also part of the Diversity & Inclusion Power List 2022 from Girlcode. Sonya is an ambassador at OpenUK, and Girlcode, a GitHub Star, a Lead This talk was presented at the OWASP London Chapter Meeting on September 8th, 2022. This event was kindly sponsored and hosted by @Thought Machine ... https://www.youtube.com/watch?v=vAg-obFBZYw

"It's 2024 And, With GenAI, We Can Finally Make AppSec Work - Dinis Cruz" SPEAKER BIO: Dinis Cruz is the Chief Scientist of Glasswall and the ex-CISO of Holland & Barrett, who brings a unique blend of Security and Engineering expertise with 20+ years experience in Cyber Security and Software Development. Dinis is focused on creating GenAI powered teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productisation and commercialisation of advanced technologies. He was an OWASP Global Board member, helped organise multiple OWASP AppSec conferences, started lots of OWASP chapters around the world and is leading multiple OWASP Projects. Dinis was also one of the first 3 individuals who started the OWASP London Chapter back in 2004! -- This talk was presented at the OWASP London 20th Anniversary Meetup on 22nd February 2024 kindly hosted by Google and sponsored by Apiiro, Sage, Phoenix Security and Licel ... https://www.youtube.com/watch?v=d61sGlgdNoo

Developers are a lucrative target for attackers, especially those with public profiles, active on social media, and working on either high profile application and open source projects. The recent attack against an NPM package with malicious code that targeted a popular Bitcoin wallet was subject to a social engineering attack, where the attacker was able to trick the maintainer to hand over ownership, is one of the many examples this is an ever increasing vector This talk looks to explore how exposed some developers are and the impacts this can have either through the supply chain and/or directly to organisations. During this talk will we will demonstrate and discuss: Open Source Intelligence- recon techniques; Profiling targets, repos, developer backgrounds, coding style, digital footprint; Pretext creation – building trust and establishing legitimacy; Example Vishing calls, phishing emails, and case studies; What developers can do to challenge and reduce the impact of Social Engineering Speaker Bio: Stuart Peck (@cybersecstu) From a background of threat intelligence, social engineering and incident response, Stuart Peck heads up Cyber Security Strategy for ZeroDayLab and co-founder and podcast host of The Many Hats Club, a large information security community. Stuart is passionate about educating organisations on the latest threat actor techniques and how to combat them. In addition, he has won awards for his education and training programs delivered to throughout the Europe and USA. As a practicing social engineer he managed large scale engagements in banking, gambling/gaming, retail, software, insurance etc. Stuart's key areas of expertise include: the dark and deep web, social engineering, incident response management, threat hunting, OSINT, OPSEC, and cyber-crime. He has also led investigations in many major security incidents, including global ransomware outbreaks. Stuart is a regular contributor on Social Engineering to many leading blogs including Security Affairs, Bleeping Computers, The State of Security and is published in many leading Journals including the ISSA and quoted in mainstream media. This talk was presented at the OWASP London Chapter Meeting on the 13th February 2019 at Amazon London offices. ... https://www.youtube.com/watch?v=N6TaLGVuW_o