Event

OWASP MSP October Meetup

Date
October 1, 2024
Time
5:30 PM to 7:30 PM CDT
Event Type
In person
Location
North America
Save My Spot
Event Overview

We’re excited to feature Darren Meyer, Staff Research Engineer at Endor Labs, at the upcoming OWASP MSP October Meetup, who will present an insightful session titled “What’s in Your AI Code? Learn Why Every SCA Tool is Wrong, and How to Deal with It.

Session Overview:

With the rise of AI-fueled by Python-based libraries, it has become of paramount importance to scan Python-based projects and their dependencies for OSS vulnerabilities. Python relies on package managers like pip or conda to manage declared dependencies. Dependencies are declared in manifest files which the package manager uses to install the correct version of the required dependency. However, Python’s dependency management system coupled with its dynamic type nature makes it an especially challenging language to deal with.

Of particular focus is the phenomenon of phantom dependencies which are unreported dependencies in a project's manifest profile. These hidden dependencies, which are often provided dependencies (which is especially true for libraries such as tensorflow and pytorch which are essential for AI), challenge software composition analysis (SCA) of Python code, impacting the reliability of vulnerability results.

Join us to learn how to navigate these challenges and enhance your understanding of securing AI applications against unseen threats.

Join us at OWASP MSP October Meetup!

Contents
Contents
Agenda
What to Expect
Speakers
Save My Spot

Want to stay in the loop?

Sign up for our newsletter.

Welcome to the resistance
Oops! Something went wrong while submitting the form.
Claude Fable 5: Mythos-grade hype, record cheating, and a few hall-of-fame entries
Average results with 59.8% on functional solves and just 19.0% on security solves
Read more
Recall, not reasoning: how AI coding agents cheat security benchmarks
Recall, not reasoning: how AI coding agents cheat security benchmarks
Read more
Endor Labs + Cursor: Building the security foundation for agentic coding
Endor Labs + Cursor: Building the security foundation for agentic coding
Read more
Introducing Full Stack Reachability: Container Scanning That Actually Reduces Noise
Cut container vulnerability noise by up to 90% with full-stack reachability analysis spanning application and container image OS layers.
Read more
Classic Vulnerabilities Meet AI Infrastructure: Why MCP Needs AppSec
MCP servers inherit classical vulnerabilities like command injection, path traversal, and SSRF. Here's why LLMs and MCP deserve the same security practices as traditional applications.
Read more
How Fake Font Packages Abused npm as a CDN
101 packages disguised as font files distributed 34 TiB of data via npm's infrastructure—with a total of 4.3 PiB transferred via downloads.
Read more