Event details
Schedule
6:00 p.m. EST - Arrival, setup, mingle, PIZZA!
6:30 p.m. EST - Technical Talks
- Introduction to OWASP Ottawa, Public Announcements.
- A Brief Overview of the OWASP Top 10 with Gabriel Kronfeld.
- DevSecOps Worst Practices with Tanya Janca.
Abstract:
A Brief Overview of the OWASP Top 10 with Gabriel Kronfeld.
The OWASP Top 10 reveals the most critical security vulnerabilities facing modern web applications. This talk will walk attendees through each item on the 2021 list, from broken access control to server-side request forgery. Each vulnerability is explored in detail—understanding how it works, why it’s dangerous, and what’s needed to prevent it. With real examples to bring these threats to life, this session is an accessible introduction for beginners and a useful refresher for seasoned practitioners. Join us to get a solid foundation in web security essentials.
DevSecOps Worst Practices with Tanya Janca.
Quite often when we read best practices we are told ‘what’ to do, but not the ‘why’. When we are told to ensure there are no false positives in the pipeline, the reason seems obvious, but not every part of DevOps is that intuitive, and not all ‘best practices’ make sense on first blush. Let’s explore tried, tested, and failed methods, and then flip them on their head, so we know not only what to do to avoid them, but also why it is important to do so, with these DevSecOps WORST practices.
About the OWASP® Foundation
The Open Worldwide Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.
Gabriel Kronfeld
Computer Engineer
Gabriel is a graduate from the University of Ottawa with a degree in Computer Engineering. With experience spanning backend programming, DevOps, system administration, and database management, Gabriel has collaborated with various Ottawa-based companies on technical projects. Although new to cybersecurity, he brings a strong technical foundation and is keen to expand his knowledge in this field. Outside of work, Gabriel enjoys cycling, photography, and building drones as hands-on hobbies.
Tanya Janca, aka SheHacksPurple
Cybersecurity expert
Tanya is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and ‘Cards Against AppSec'. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counterterrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently leads education and community for Semgrep.
Event will be indoors. Based on the Ottawa Public Health Guidelines we strongly recommend that attendees wear a mask while not presenting. This will reduce the risk of transmission and protect members who may have compromised immune systems.