Join us for an evening of celebration and preparation as OWASP Lisbon marks its one-year anniversary! As we reflect on the past year’s achievements, we’re excited to kick off a series of meetups that will lead us into the highly anticipated OWASP Global AppSec Lisbon Event. This first meetup of the series will set the stage for an incredible journey towards building more secure applications and connecting with fellow appsec enthusiasts.
The meetup takes place on November 15th, 2023, at 18:00, at the OLX office, and is sponsored by OLX and AP2SI.
The schedule is the following:
18:00 – The Cake by the OWASP Lisboa chapter leadership team
18:15 – Seeing What’s Wrong Just Right by Jasvir Nagra
19:10 – Why everyone in your cyber security team needs to be an AI expert by Dinis Cruz
20:00 – Drinks & Dinner by OLX
——————————————————————————————————–
Talks:
Title: Seeing What’s Wrong Just Right
Speaker: Jasvir Nagra
Abstract:
Writing web applications is hard. Debugging them is harder. Security bugs are even harder because not only does an application have to work, it has to stop working when the input is malicious. One approach web developers have taken to managing the complexity of writing large web programs is to make it harder to write incorrect programs. Static type checkers, linters, tests and testing frameworks have all made it easier to write correct code. Nevertheless, incorrect and vulnerable programs still exist. In fact, the very success of these tools in avoiding common errors has meant developers spend increasing amounts of time debugging only subtle bugs. In distributed systems, the challenge is even harder because debugging tools give you glimpses into the program state—some on the server, some on the client—without giving you a coherent view of the entire system. Not only are web programs inherently distributed between the server and the client, any one web page in the browser is itself made up of different iframes, events and event handlers, and sometimes service workers all communicating asynchronously. In this talk, I will share a few painful distributed web app debugging anecdotes and an alternate approach to get a holistic view of a program to track down elusive bugs. This approach uses virtualization to create complete traces of just those aspects of the program we suspect are buggy without having to model all program state. Virtualization allows us to momentarily ignore incidental bugs discovered while hunting the core one without it getting in the way, and visualization of the collected traces to build up causal diagrams to inform our intuition when our mental models deviate from reality. I will demonstrate how to recognize and tackle debugging problems with this approach and cover pitfalls you may run into with virtualization.
Bio:
Jasvir Nagra is widely recognized as a thought leader in software protection. He is co-author of Surreptitious Software, the definitive textbook on software protection, and an early researcher in obfuscation, software watermarking, and fingerprinting. With more than 12 years of experience, his professional path includes companies such as Instart, Dropbox and Google – where he led the Caja project. As an advisor to Jscrambler, he is helping cybersecurity startups address key technological challenges.
————————–
Title: Why everyone in your cyber security team needs to be an AI expert
Speaker: Dinis Cruz
Abstract:
Similar to how electricity revolutionised our lives and is now ubiquitous, Gen AI is poised to become an integral part of everything Cyber Security teams do everyday. Therefore, there is an increasing need to deepen our understanding and expertise in this transformative technology. It’s time to embrace the opportunities AI presents and equip ourselves with the knowledge to thrive in this rapidly evolving landscape.
Bio:
Dinis Cruz is the Chief Scientist of Glasswall and the CISO of Holland & Barrett, who brings a unique blend of Security and Engineering expertise with 20+ years experience in Cyber Security and Software Development. Dinis is focused on creating Gen AI powered teams and environments where engineering and security are enablers and accelerators for the business, with a big focus on the productisation and commercialisation of advanced technologies.