OWASP London Chapter Meetup [IN-PERSON]

This event is kindly hosted by Thought Machine and sponsored by Semgrep.
Raffle prizes are kindly sponsored by Semgrep and Escape.
There is limited seating available for in-person attendees. Registration required.
This event will also be live-streamed on YouTube.
Recordings will be available on the

Venue Location: Thought Machine, 7 Herbrand St, London WC1N 1EX
Nearest Tube: Russell Square (Piccadilly Line) - 2 min walk
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).

TALKS:

OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders

Securing Claude Code: Guardrails for AI-Assisted Development - Jim Manico

AI coding assistants are now part of software development, but most teams still deploy them without meaningful security controls. This talk shows how to use Claude Code safely in real engineering environments through proper repository setup, machine-readable requirements, structured prompts, reusable skills, and workflow discipline based on Issue -> Plan -> Code. It also covers practical guardrails such as hooks, managed settings, sandboxing, and review controls, along with the current attack surface around AI-assisted development, including prompt injection, plugin and MCP abuse, insecure generated code, and permission bypasses. The goal is to show how coding agents can be guided toward secure code up front and then constrained, monitored, and verified before they become another unmanaged attack surface.

The Cambrian Explosion of Agentic AI SMEs - Dinis Cruz
The talk argues that agentic GenAI is enabling a Cambrian explosion of small, focused companies across every area of business. The volume of custom and customised applications is about to explode, driving demand for more developers and engineers, which in turn drives an explosion in AppSec workload. That is the opportunity for highly focused security startups, and the OWASP community is perfectly positioned to lead it. The case study is SG/Send (sgraph.ai), Dinis's fourth GenAI startup in cyber security, building open source secure primitives for file sharing, PKI, and data rooms using small agentic teams with Wardley Map methodology.

The Great SAST Dissonance: How To Please Every Audience At Scale - Claudio Merloni

SAST tools hit a sour note with modern apps with a dissonant coverage that leaves stretches of code unheard: a dangerous sense of security. An AI conductor can fine-tune the orchestration for each application, letting human experts focus and produce the right mix of coverage and findings.

SPEAKERS:

Jim Manico

Jim Manico is the founder of Manicode Security, a secure coding educator, and a renowned leader in the OWASP and application security community. After recognizing in the late 1990s that security was too often treated as an afterthought in web development, he dedicated his career to teaching and advancing secure coding practices. Today, Jim provides expert training in secure coding, security engineering, and AI security. He is a Java Champion and the author of Iron-Clad Java: Building Secure Web Applications. As a professional educator, he helps global organizations strengthen their software development lifecycles while actively exploring the leading edge of AI automation. Within OWASP, Jim is widely known as a Global Board member in 2013-2016 and for his leadership across multiple major projects, including the OWASP Cheat Sheet Series, OWASP ASVS, OWASP Java Encoder, and, most recently, the OWASP AI Security Verification Standard (AISVS).
Dinis Cruz
Dinis Cruz is a distinguished figure in the application security arena, boasting over two decades of experience. He is the founder of The Cyber Boardroom, a pioneering startup leveraging Generative AI to transform board-level cybersecurity decision-making.
Throughout his career, Dinis has held pivotal roles including Chief Information Security Officer (CISO) and Chief Technology Officer (CTO) for various UK organisations. He was nominated for the "CISO Of The Year 2019" award.
Dinis also served as an OWASP Global Board member in mid-2000s, helped organise multiple OWASP AppSec conferences and multiple OWASP Projects Summits. Notably, Dinis was one of the founders of the OWASP London Chapter back in 2004, organising and speaking at its inaugural meeting and creating and fostering our OWASP London community

Claudio Merloni

Claudio is a veteran security expert. After completing his Master in Computer Engineering at the Politecnico di Milano University, he started a now more than 15 years long journey in the security space. Security consultant first, then moving through different roles, from sales engineering to security research and product engineering. He fell in love with static source code analysis early on and spent most of his career working with, and on, the leading solutions. He’s now leading the security research team at Semgrep, and trying to make the world a safer place, one rule at a time.
TICKETS:
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. Your name will be checked against the guest list
CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct

Notably, Dinis was one of the founders of the OWASP London Chapter back in 2004, organising and speaking at its inaugural meeting and creating and fostering our OWASP London community.

Throughout his career, Dinis has held pivotal roles including Chief Information Security Officer (CISO) and Chief Technology Officer (CTO) for various UK organisations. He was nominated for the "CISO Of The Year 2019" award.
Dinis also served as an OWASP Global Board member in mid-2000s, helped organise multiple OWASP AppSec conferences and multiple OWASP Projects Summits.

Notably, Dinis was one of the founders of the OWASP London Chapter back in 2004, organising and speaking at its inaugural meeting and creating and fostering our OWASP London community.

Know what’s Happening Next — before everyone else does.

Get App

Host or Publisher OWASP London Chapter