OWASP® Foundation

Happy Friday, folks! 🚀 Missed a session or want to relive the best moments from OWASP Global AppSec DC? The talk recordings are now live on YouTube. 🎥 Catch the sessions you missed 🔁 Share your favourites 💡 Keep the AppSec learning going Press play and start your weekend with some security inspiration. Happy Friday, folks! 🚀 Missed a session or want to relive the best moments from OWASP Global AppSec DC? The talk recordings are now live on YouTube. 🎥 Catch the sessions you missed 🔁 Share your favourites 💡 Keep the AppSec learning going Press play and start your weekend with some security inspiration. https://lnkd.in/eTYGBQjZ #owasp #appsec #infosec #opensource #cybersecurity

What a fantastic night at the OWASP Mixer in Oslo after NDC Security! 🍻 Beer, tapas, great conversations, and of course, a lively group game of Cornucopia to top it all off. Huge thanks to our friends at Aikido Security for sponsoring the evening and being part of the fun! 🙌 #owasp #appsec #infosec #community #ndc #oslo #cornucopia

Had a fantastic conversation today with Rob van der Veer as part of our AI Vulnerability Webinar Series discussing the role of the OWASP AI Exchange in securing agentic AI systems. We’re entering a world where AI systems don’t just answer questions, they plan, decide, access tools, and execute actions. In many ways, we’ve given AI systems the keys to the building… before installing the locks. A few key insights from the discussion: 🔹 The biggest risk isn’t just prompt injection, it’s how agents interact with tools and the real world. 🔹 Cross-user indirect prompt injection is an emerging threat many organizations are still underestimating. 🔹 The biggest security win today? Blast radius control through least privilege, oversight, and transparency. 🔹 Security teams must be willing to “spoil the party” with risk analysis before innovation turns into incident response. What gives hope? Collaboration. Seeing organizations like SANS Institute and OWASP AI Exchange align on shared controls is exactly the kind of signal the industry needs. Because securing agentic AI isn’t a tooling problem. It’s a guidance, architecture, and community problem and the work is just getting started. #AIsecurity #AgenticAI #OWASP #OWASPAIExchange hashtag #AISecurity #CyberSecurity #LLMSecurity #AIgovernance #PromptInjection #AISafety #AppSec #SecurityCommunity

Looking for vulnerable web apps to play with? You need to look at the OWASP Vulnerable Web Applications Directory, especially as it has a new home: https://vwad.owasp.org/  Feedback appreciated! #owasp #appsec

Day one at NDC Security in Oslo was a brilliant start,great conversations, plenty of learning, and of course lots of swag for the sticker collectors out there! We’re ready to do it all over again tomorrow. Who’s joining us for the OWASP mixer? https://luma.com/txn0myuk

This is your 24-hour countdown ⏰ To the OWASP Contributor Mixer with the crew from NDC Conferences & Aikido Security! https://luma.com/txn0myuk 🍺 Drinks flowing 🍔 Snacks ready 💬 Conversations that actually go somewhere Already contributing to OWASP Projects? Awesome. Curious where to start? Perfect. Just here for the community energy? You’re in the right place. No pitches. No pressure. Just security folks being delightfully nerdy together. Drop in, curious, leave inspired! #owasp #NDC #mixer #opensource #appsec #cybersecurity #community

OWASP LA Virtual Event Fulfilling Your LLM Deployment Dreams As organizations race to integrate Large Language Models into core business processes, they face a difficult trade off unlock major productivity gains or expose themselves to data leakage, shadow AI, and architectural risk. This month, Aaron Ansari joins OWASP LA to break down what secure, enterprise grade LLM deployment actually looks like. Aaron served 13 years as Co-Chapter Chair of OWASP Central Ohio and brings over two decades of application security experience from roles at BMW Group, Trend Micro, and more. He has taught programming and secure coding in Python for 18+ years at Franklin University and contributed to early JavaScript security projects alongside Kevin Wall. Talk Abstract: Fulfilling Your LLM Deployment Dreams This session moves beyond basic chat interfaces and into the technical foundations of a secure generative AI architecture. Key topics include: • The Risk Landscape Prompt injection (OWASP LLM01), insecure output handling, training data poisoning, and emerging LLM threats. • Architectural Defenses Using Retrieval-Augmented Generation (RAG) to preserve accuracy while avoiding the risks of fine-tuning on sensitive PII. • Data Governance Implementing fine-grained access control and role based accounting within vector databases. • Operational Security A layered security model, from hyperparameter tuning to rate limiting and semantic caching. You will leave with a practical framework for deploying AI systems that are innovative, compliant, and resilient. If you are working with LLMs, evaluating generative AI internally, or responsible for AI governance and security, this session is directly relevant. Register here: https://luma.com/owaspla See you virtually.