OWASP 25th Anniversary - OWASP London Chapter Meetup [IN-PERSON]

Name: OWASP 25th Anniversary - OWASP London Chapter Meetup [IN-PERSON]
Start: 2026-03-31T18:00:00+01:00
End: 2026-03-31T21:00:00+01:00
Location: Tessl AI Limited

Schedule

Tue Mar 31 2026 at 06:00 pm to 09:00 pm

UTC+01:00

Location

Tessl AI Limited | London, EN

Join us to learn about securing AI and applications and celebrate OWASP's 25th Anniversary
About this Event

This event is kindly hosted by Tessl AI.
This event is kindly sponsored by Mend.io
There is limited seating available for in-person attendees. Registration required.
This event will also be live-streamed on YouTube.
Recordings will be available on the
Venue Location: Tessl AI, 210 Pentonville Rd, London N1 9JY
Nearest Tube Station: King's Cross (6 minute walk)
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).
TALKS:
OWASP is 25: Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders
"The Attacker’s Lens: The Hidden Path to Large-Scale LLM Exploits" - Amir Shahmiri
As AI-powered agents rapidly expand across applications, they introduce a fundamentally new and largely unprotected attack surface. This talk explores how prompt injection evolves from a targeted technique into a scalable, internet-wide threat, where attackers embed malicious instructions across webpages, open-source content, ads, and shared knowledge sources to influence agent behavior at scale. By exploiting the growing capabilities of LLM agents, such as web browsing, tool usage, and autonomous decision-making, adversaries can trigger unintended actions including data exfiltration, privilege escalation, and system manipulation, often without direct interaction. We will examine why existing mitigations fall short, how these attacks mirror traditional OWASP categories in a new AI context, and what this means for the future of secure software design. Attendees will leave with a practical understanding of emerging AI risks and actionable strategies to design, test, and secure LLM-powered systems against this new class of threats.
"Defending Your Public PKI Estate: A ten-step program to achieve best-in-class security" - Ivan Ristic
On the Internet, all security is controlled by digital certificates, but there is a critical flaw at the heart of our PKI: any Certification Authority (CA) can issue a certificate for any of your properties without your consent. Recent years have seen the development of several mitigation technologies, including Certification Authority Authorization (CAA) and Certificate Transparency (CT). Together, these technologies enable you to regain control of your digital identities. We've spent years securing digital estates of a wide range of organisations. In this talk, we'll share our experiences to help you understand the threats and provide actionable advice to enhance your defenses.

SPEAKERS:
Amir Shahmiri
Amir Shahmiri is an application security expert, with years of experience within the industry. He has worked predominantly within the application security space, specializing in helping organizations build safer and more efficient application security programs. He is currently a Senior Sales Engineer with Mend.io, helping organizations build a mature, proactive AppSec programs that effectively manages application risk.
Ivan Ristic
Ivan Ristić writes computer security books and builds security products. His book Bulletproof TLS and PKI, the result of more than a decade of research and study, is widely recognised as the de facto SSL/TLS and PKI reference manual. His work on SSL Labs made millions of websites more secure. Before that, he created ModSecurity, a leading open-source web application firewall. More recently, Ivan founded Hardenize—now part of Red Sift—as a platform for continuous discovery and monitoring of network and PKI infrastructures. He works as Chief Scientist at Red Sift.
🎟️ RAFFLE - win a prize kindly donated by our sponsors!
🎂 CAKE! The will be cake! And balloons! 🎈🎈 It is a kind of a birthday celebration!
TICKETS:
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. Your name will be checked against the guest list
CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct