

What we’re about
OWASP London Chapter
OWASP (The Open Worldwide Application Security Project) is a worldwide not-for-profit organisation focused on improving the security of software. With over 250 local Chapters worldwide and 110,000+ volunteers OWASP's open community is dedicated to enabling organisations and individuals to develop and maintain applications that can be trusted. OWASP's meet-ups, tools, standards, guidelines, documents and forums are free and open to anyone interested in improving application security.
Visit OWASP London webpage here: https://www.owasp.org/london
Follow us on Twitter: https://twitter.com/OWASPLondon
Follow us on LinkedIN: https://www.linkedin.com/company/owasplondon
"Like" us on Facebook: https://www.facebook.com/OWASPLondon
Watch recordings of talks presented at our events on our YouTube channel: https://www.youtube.com/OWASPLondon
^Please subscribe to our YouTube channel to get notified when the latest video recordings of our talks get published.
We are also on Slack: https://owasp.slack.com #chapter-london channel (for Slack invites visit: [http://owaspslack.com/](http://owasp.herokuapp.com/).))
We also have a mailing list, sign-up here: https://groups.google.com/a/owasp.org/forum/#!forum/london-chapter/join
We usually run 7-10 events per year: meet-ups ("Chapter Meetings"), Capture The Flag (CTF) tournaments, Hackathons, workshops and hacking/cyber-security themed pub quizzes.
Please note that while we do advertise our meetups here on Meetup[.]com due to the Meetup platform limitation we do not use the Meetup's RSVP system and instead use Eventbrite for free tickets and registration to attend our events. If you have an account on EventBrite you can follow us there as well: https://owasplondon.eventbrite.co.uk/
You don't have to be an OWASP member to attend any of our meetups or CTFs - they are free and open to everyone interested in Application Security, booking is required.
There is a paid membership, which is a donation to the OWASP Foundation - it gives you discounts on many cyber-security conferences around the world, voting rights, @owasp.org email address and many other benefits like free access to paid training platforms. Join OWASP Global Foundation as a paid member here: https://www.owasp.org/index.php/Membership
Upcoming events (1)
See all- OWASP London Chapter Meetup [In-Person]The Leadenhall Building, London
This event is kindly hosted at Aon by LevelBlue Cyber Solutions and sponsored by SecureFlag. There is limited seating available for in-person attendees. Registration required.
This event will be live-streamed on YouTube.
Recordings will be available on the OWASP London YouTube channel.Venue Location: Aon/LevelBlue, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AN
Nearest Tubes: Bank (6 minute walk), Liverpool Street (7 minute walk), Aldgate (7 minute walk)
Doors Open at 6pm for registration, pizza, drinks and networking. The talks start at 6:30pm (we start on time!).TALKS:
OWASP Introduction, Welcome and News - Sam Stepanyan, Andra Lezza, Sherif Mansour - OWASP London Chapter Leaders
"Protecting your Generative AI App from the Five Deadly Risks - STOIC Security" - Jeff Watkins
Generative AI offers incredible opportunities, but comes with significant cybersecurity challenges. As adoption accelerates, so do the risks - data theft, model manipulation, poisoned training data, operational disruptions, and supply chain vulnerabilities.
"Scaling Threat Modeling with a Developer-Centric Approach" - Andrew Hainault & Andrea Scaduto
This talk introduces Rapid Developer-Driven Threat Modeling (RaD-TM), a lightweight, tool-agnostic approach designed for developers to embed threat modeling into the SDLC without relying on security experts. RaD-TM focuses on targeted assessments of specific functionalities rather than application-wide models, enabling iterative and efficient risk mitigation.
RAFFLE - win a prize kindly donated by our sponsors!
SPEAKERS:
Jeff Watkins
Jeff Watkins is Chief Technology Officer at CreateFuture, where he leads AI strategy, engineering, and cloud to deliver secure, human-centred digital products for global brands. A veteran technologist with over 25 years’ experience across financial services, healthcare, and retail, he is a recognised leader in cybersecurity and AI, championing “secure-by-design” practices for generative AI. A sought-after keynote speaker, Jeff has headlined international conferences including Webinale, AppDevCon, and the International JavaScript Conference. He co-hosts the award-winning “Compromising Positions” podcast and contributes regularly to publications such as Wired, Forbes, and Raconteur. His mission is clear: to build technology that elevates people.
Andrew Hainault
Andrew has over 25 years’ experience working in Information Security, Information Technology and Software Engineering, for public and private sector organisations in many sectors - including financial services / fintech, energy utilities, media, entertainment and insurance. With extensive application security and software engineering experience, Andrew has delivered secure SDLC programmes and penetration testing projects. He has designed and overseen information security programmes, enterprise-level cyber risk and incident response readiness assessments, as well as delivering board-level training.
After beginning his career at Capgemini, Andrew worked at Cassini Division before running his own consultancy. He joined Gotham Digital Science in 2014 and then Aon in 2016 after its acquisition of Stroz Friedberg. He has led the Security Advisory Practice in UK & EMEA within Aon since 2019(and is now at LevelBlue).Andrea Scaduto
With a strong foundation in cybersecurity, Andrea holds an MSc in Computer Engineering, multiple IT Security certifications, and more than a decade of industry experience. His expertise spans breaking, building, and securing web, mobile, and cloud applications, with extensive knowledge of secure coding techniques aimed at reducing the cost of fixing vulnerabilities at scale.
TICKETS:
OWASP meetups are free and open to anyone interested in application security. Please note that you MUST book your place to be admitted to the event by the building security. Your name will be checked against the guest list and a photo ID might be required.
CODE OF CONDUCT:
We hope you enjoy the event, we care deeply about inclusivity and diversity so that OWASP is a comfortable and welcoming community for everyone. Please reach out to one of our chapter leaders if you have any feedback/concerns or would like to speak to us, we take these matters very seriously. OWASP Code Of Conduct: https://owasp.org/www-policy/operational/code-of-conduct